ENNAENNA

Evilginx2

FeaturedBSD-3-Clause

๐ŸŽฃ Phishing Analysis ยท Go

Evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows bypassing multi-factor authentication. It acts as a reverse proxy between the victim and the real website, proxying all traffic while capturing credentials and session tokens in real time. This makes it a critical tool for demonstrating the limitations of traditional 2FA and testing organizational resilience to advanced phishing attacks.

15.0kstars
2.6kforks
272issues
Updated 7mo ago
+I use this
View on GitHubDocumentation

Use Cases

  • Demonstrating 2FA bypass through session hijacking
  • Advanced phishing simulation for red teams
  • Testing organizational resilience to credential theft
  • Session cookie capture and replay

Tags

mitm2fa-bypasssession-hijackreverse-proxy

Details

Category
๐ŸŽฃ Phishing Analysis
Language
Go
License
BSD-3-Clause
Platforms
๐Ÿงlinux

Links

GitHub Repository

github.com/kgretzky/evilginx2

Documentation

help.evilginx.com

Releases

github.com/kgretzky/evilginx2/releases

Issues

github.com/kgretzky/evilginx2/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Community Reviews

Alternatives & Comparisons

GoPhish

Go

Open-source phishing framework. Create campaigns, track results, and train users with realistic simulations.

Compare Evilginx2 vs GoPhish

Modlishka

Go

Automated HTTP reverse proxy for 2FA phishing. Real-time credential and token harvesting.

Compare Evilginx2 vs Modlishka

Social-Engineer Toolkit

Python

Open-source social engineering framework. Spear-phishing, web attacks, USB/HID attacks, and credential harvesting.

Compare Evilginx2 vs Social-Engineer Toolkit

More in Phishing Analysis

GoPhish

Go

Open-source phishing framework. Create campaigns, track results, and train users with realistic simulations.

phishing-simulationcampaignawareness-training

King Phisher

Python

Phishing campaign toolkit with web cloning, credential harvesting, and campaign analytics dashboard.

campaignweb-clonecredential-harvest

URLScan.io CLI

Python

Scan and analyze URLs for phishing indicators, malware, and suspicious behavior. Screenshot and DOM capture.

url-analysisscreenshotmalware-detection

Modlishka

Go

Automated HTTP reverse proxy for 2FA phishing. Real-time credential and token harvesting.

reverse-proxy2fa-bypassautomated

Zphisher

Shell

Automated phishing tool with 30+ templates for major platforms, tunneling support, and credential capture.

phishing-templatescredential-capturetunneling

SocialFish

Python

Social media phishing tool with real-time credential interception, geolocation tracking, and a web-based dashboard.

social-mediacredential-harvestinggeolocation