EN
ENNA
EV

Evilginx2

Featured

🎣 Phishing Analysis · Go

Evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows bypassing multi-factor authentication. It acts as a reverse proxy between the victim and the real website, proxying all traffic while capturing credentials and session tokens in real time. This makes it a critical tool for demonstrating the limitations of traditional 2FA and testing organizational resilience to advanced phishing attacks.

View on GitHubDocumentation

Use Cases

  • Demonstrating 2FA bypass through session hijacking
  • Advanced phishing simulation for red teams
  • Testing organizational resilience to credential theft
  • Session cookie capture and replay

Tags

mitm2fa-bypasssession-hijackreverse-proxy

Details

Category
🎣 Phishing Analysis
Language
Go

Platforms

🐧linux

Links

GitHub Repository

github.com/kgretzky/evilginx2

Documentation

help.evilginx.com

Releases

github.com/kgretzky/evilginx2/releases

Issues

github.com/kgretzky/evilginx2/issues

Alternatives & Comparisons

GoPhish

Go

Open-source phishing framework. Create campaigns, track results, and train users with realistic simulations.

Modlishka

Go

Automated HTTP reverse proxy for 2FA phishing. Real-time credential and token harvesting.

More in Phishing Analysis

GoPhish

Go

Open-source phishing framework. Create campaigns, track results, and train users with realistic simulations.

phishing-simulationcampaignawareness-training

King Phisher

Python

Phishing campaign toolkit with web cloning, credential harvesting, and campaign analytics dashboard.

campaignweb-clonecredential-harvest

URLScan.io CLI

Python

Scan and analyze URLs for phishing indicators, malware, and suspicious behavior. Screenshot and DOM capture.

url-analysisscreenshotmalware-detection

Modlishka

Go

Automated HTTP reverse proxy for 2FA phishing. Real-time credential and token harvesting.

reverse-proxy2fa-bypassautomated