A Next-Generation Phishing Simulation & Awareness Platform
- AI-Powered Phishing Content Generation using Google Gemini
- Real-Time Tracking Dashboard with engagement metrics
- Auto-SSL Ngrok Integration for instant public URLs
- Smart Email Spoof Protection simulations
- Credential Harvesting Analysis (Educational Purposes Only)
- Beginner-Friendly GUI with 4-step workflow
- Instagram-Style Spoof Template included
- Live HTTP Server with phishing page rendering
This tool must ONLY be used for:
✅ Authorized security awareness training
✅ Ethical penetration testing with written consent
✅ Academic research on social engineering
❌ Never use for illegal/malicious purposes
By using this software, you agree to bear full responsibility for its proper ethical application.
# Install Python 3.10+ then:
pip install google-generativeai pyngrok requests tkinter
# To run the app simply:
python app.py-
Google AI Studio
- Go to Google AI Studio
- Create API key → Copy key → Paste in Settings
-
Ngrok Auth Token
- Sign up at Ngrok
- Dashboard → Your Authtoken → Copy → Paste in Settings
-
Gmail App Password
- Enable 2FA on Google Account
- Go to App Passwords
- Select "Other" → Name it → Generate → Copy password
-
Initial Setup
- Launch application → Navigate to Settings tab
- Input all API keys → Click Save Settings
-
Template Selection
- Pre-made templates:
instagram.html- Social Media templatefinance.html- Banking templatecorporate.html- Internal IT templateshipping.html- Shipping Template
- In Settings → Template Mappings:
- Select purpose → Click Browse → Choose template file
- Pre-made templates:
-
Company Branding
- In Company Names section:
- Financial: "ABC Bank"
- Social Media: "Instagram Security Team"
- Corporate: "XYZ IT Department"
- Shipping: "ABC Delivery"
- In Company Names section:
email,first_name,last_name ( No header Required)
john.doe@company.com,John,Doe
sarah.smith@example.com,Sarah,Smith
mark.z@corp.net,Mark,Zhang- Load CSV with targets
- Select campaign purpose
- Generate AI-powered template
- Click Launch Campaign
- Monitor progress bar
- Refresh Results periodically using toolbar button
- Go to Results tab
- Double-click any row with "Yes" in Credentials column
- See captured credentials in pop-up window
- First email in CSV may fail (temporary workaround: add dummy first row)
- Ngrok free tier shows warning page (paid account removes this)
- GUI may freeze during large campaigns (normal behavior)
- Fix glitches by restarting Python environment-
You Need
✅ Any Gmail Account (not necessarily the target's)
✅ Gmail App Password (as shown in previous setup) -
You Don't Need
❌ Local mail servers (Postfix/Sendmail/etc)
❌ Separate email hosting
❌ MX record configuration
- Built-in SSL encryption via
smtplib - Avoids spam filters (when used responsibly)
- Handles email routing automatically
- Free tier allows ~100 emails/day
- Daily Limits
Google blocks bulk sends - stay under 100 emails/day - Sender Reputation
Use a dedicated Gmail account (not your primary email) - App Password Requirement
Standard Gmail passwords won't work - must use app password
-
Create Custom Templates
- Make HTML files with these required variables:
{{tracking_link}},{{first_name}},{{company}} - Add realistic logos using Base64 encoding
- Store in same directory → Map in Settings
- Make HTML files with these required variables:
-
Modify Spoof Pages
- Edit
instagram.html:- Change color scheme
- Add custom CSS animations
- Modify form submission logic
- Edit
-
Enhance Tracking
- Modify
TrackingHandlerclass to:- Capture user-agent strings
- Log IP addresses
- Add geo-location lookup
- Modify
Contribute on GitHub | Report issues responsibly | #EthicalHacking
"With great power comes great responsibility" - Uncle Ben (Spider-Man)