Evilginx: An Appropriately Named AiTM Tool
This is me finally finishing a blog post that I started the first time I was experimenting with Evilginx back in January of 2024. As you can tell, this post is just a bit overdue... What is Evilginx? Evilginx is a tool developed by Kuba Gretzky that can be very useful to someone wanting to create their own customized phishing test for users at their workplace, or for someone conducting a red team engagement or penetration test who wants to get some easy wins by sending phishing emails to users. As always with cybersecurity and hacking, these tools and methods are only meant to be used against people and devices you've got explicit permission to attack. With the above description, you're probably curious about how Evilginx works. At a basic level (which is realistically as deep as I could get into the actual inner workings of this), Evilginx works by taking a domain you control and using it as a proxy to funnel legitimate login attempts through your server—where Evilginx is in...