Version 2.3.5
An automated phishing framework designed for security research and educational purposes.
Written by darkwall https://github.com/pythonplayer396/
READ THIS CAREFULLY BEFORE USING THIS TOOL.
This software is provided strictly for educational and authorized security testing purposes only. Any malicious use of this tool is entirely your responsibility. Unauthorized access to computer systems and accounts is illegal in virtually all jurisdictions.
By using Shisher, you acknowledge that:
- You will only use this tool on systems you own or have explicit written permission to test
- Unauthorized phishing attacks are criminal offenses that carry serious legal consequences
- The author and contributors assume no liability for misuse of this software
- You understand how phishing works as an attack vector and how to defend against it
- This is a research and learning tool, not a weapon
If you intend to use this tool for illegal purposes, stop here. You are not welcome.
Shisher is a phishing framework built in Bash that automates the creation and deployment of phishing pages. It includes over 30 pre-built templates mimicking popular services and supports multiple tunneling methods to expose local servers.
The tool is designed to help security researchers, penetration testers, and students understand how phishing attacks work and how to defend against them.
- 30+ realistic login page templates
- Automatic dependency installation
- Multiple tunneling options (localhost, Cloudflared, LocalXpose)
- Advanced device fingerprinting and tracking
- Credential harvesting with detailed victim information
- Real-time activity logging
- URL masking support
- Docker support for isolated testing
- Clean, minimal interface
- Cross-platform compatibility
Shisher needs the following to run:
- git
- curl
- php
- unzip
Don't worry about installing these manually. When you first run Shisher, it will detect what's missing and install dependencies automatically using your system's package manager.
Clone this repository:
git clone --depth=1 https://github.com/pythonplayer396/shisher.gitNavigate to the directory:
cd shisherRun the main script:
bash shisher.shThe first run will install all necessary dependencies. After that, you're ready to go.
If you're using Termux on Android, you can install via tur-repo:
pkg install tur-repo
pkg install shisher
shisherImportant: Termux explicitly discourages using the platform for hacking activities. Do not discuss or promote Shisher in official Termux channels. See the Termux wiki on hacking for their policy.
Download the appropriate .deb file from the releases page: https://github.com/pythonplayer396/shisher/releases/latest
For Termux, use the file ending in *_termux.deb
Install using apt:
apt install ./shisher_*.debOr using dpkg:
dpkg -i ./shisher_*.deb
apt install -fPull the image from DockerHub:
docker pull pythonplayer396/shisherOr from GitHub Container Registry:
docker pull ghcr.io/pythonplayer396/shisher:latestRun as a temporary container:
docker run --rm -ti pythonplayer396/shisherNote: Make sure to mount the auth directory to preserve captured data.
You can also use the wrapper script:
curl -LO https://raw.githubusercontent.com/pythonplayer396/shisher/master/run-docker.sh
bash run-docker.sh- Run shisher.sh
- Choose a phishing template from the list
- Select a tunneling method (Cloudflared, LocalXpose, or localhost)
- Share the generated link with your target (in authorized testing scenarios only)
- Wait for credentials to be captured
- Review captured data in the auth/ directory
All captured information is saved in the auth folder, including:
- Credentials (usernames.dat)
- IP addresses and geolocation data (ip.txt)
- Device fingerprints (fingerprint.txt)
- MAC addresses when available (mac_hunt.txt)
Tested and working on:
- Ubuntu
- Debian
- Arch Linux
- Manjaro
- Fedora
- Termux (Android)
Should work on most Unix-like systems with bash support.
Shisher captures detailed device information including:
- Screen resolution and color depth
- CPU core count and architecture
- Available memory
- Installed plugins and extensions
- Canvas fingerprinting
- WebGL renderer information
- Audio context fingerprinting
- Battery status
- Network information
- Geolocation (if permitted)
- Local IP addresses
Real-time activity logging displays all events in a separate terminal window, including:
- Server initialization
- Victim connections
- Captured credentials
- IP and geolocation data
- Device fingerprint collection
- Timestamp for all events
shisher/
├── shisher.sh # Main executable
├── .sites/ # Phishing page templates
├── .server/ # Temporary server files
├── auth/ # Captured data storage
├── scripts/ # Helper scripts
└── build_env/ # Build configuration files
All harvested information is stored in the auth/ directory:
- usernames.dat: Captured credentials
- ip.txt: IP addresses with geolocation data
- fingerprint.txt: Detailed device fingerprints
- mac_hunt.txt: Discovered MAC addresses
Basic option for local testing. Server runs on your machine only.
Creates a tunnel through Cloudflare's network. No account required. Generates a random subdomain that expires when the session ends.
Alternative tunneling service. Requires a free account for extended use. Provides custom subdomain options.
This is an open source project. If you want to contribute:
- Fork the repository
- Create a feature branch
- Make your changes
- Test thoroughly
- Submit a pull request
Bug reports and feature requests are welcome in the issues section.
If you encounter issues:
- Make sure all dependencies are installed
- Check that you have appropriate permissions
- Verify your internet connection for tunneling features
- Review the activity log for error details
- Open an issue on GitHub with details about your problem
This project is released under an open source license. See LICENSE file for details.
Phishing is a serious threat to online security. This tool exists to:
- Educate people about how phishing attacks work
- Help security professionals test defenses
- Train users to recognize phishing attempts
- Research attack vectors and mitigation strategies
If you use Shisher, use it responsibly. Get proper authorization before any testing. Help make the internet safer, not more dangerous.
Author: darkwall
GitHub: https://github.com/pythonplayer396 Discord: https://discord.com/users/1238914120179515402
Remember: With knowledge comes responsibility. Use this tool wisely.