Today’s episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered – from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting

In this episode I talk about some things I learned about making your own kick-butt cred-capturing phishing campaign and how to do so on the (relatively) quick and (relatively) cheap! These tips include:

  • Consider this list of top 9 phishing simulators.
  • Check out GoPhish!
  • Then spin up a free tier Kali AWS box
  • Follow the instructions to install GoPhish and get it running on your AWS box
  • Use the Expired Domains site to buy up a domain that is similar to your victim – maybe just one character off – but has been around a while and has a good reputation
  • Add a G Suite or O365 email account (or whatever email service you prefer) to the new domain
  • Create a convincing cred-capturing portal on GoPhish – I used some absolutely disguisting and embarassing HTML like this:
<html><head><title>Your rad awesome eyeball cool phishing portal!</title><style>body {	background-image: url("https://YOURMALICIOUSDOMAIN/static/background.jpg");        background-repeat:no-repeat;       background-size:cover;}</style></head><body><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><center><table style="width:40%">  <tbody><tr>    <th><img src="https://YOURMALICIOUSDOMAIN/static/company-logo.png"/></th>		<th><form action="" method="post" name="form">		<p style="color:white;"><label>User Name:</label>   <input name="username" type="text"/>		</p><p style="color:white;"><label>Password:</label>    <input name="password" type="password"/>		<br/>		<br/>		<input type="submit" name="submit" value="Log On"/>		</p></form>	</th></tr></tbody></table><br/><br/><center><p style="color:white;"><b>Unauthorized use is prohibited!</b></p></center></body></html>

Written by: Brian Johnson

Share on socials: