[Fixed Errors] Phishing Attack Using ShellPhish on Termux

 Phishing attack

The most popular part of Social Engineering.

If you perform the phishing attack in a creative and clever way there is a 90% chance to catch your target.

In phishing, hackers do not hack the computers, they hack the human brain. They play with the brain of the target. That is why phishing is one of the dangerous hacking attacks.

What is a Phishing attack?

In this attack, a webpage is built which looks exactly the same with a legit website. When someone enters any credential on the fake website, the credentials are captured and sent to the server of the fake website and then those credentials are used to login to the account of the victim on the original website. 

There is tool with very few errors than other tools available on the Internet. They are Shellphish.

These tools are very useful when it comes to phishing. 

Let’ss see how we can configure and use these tools to perform phishing attack from Termux.

Configuring Shellphish on Termux

The best thing about this tool is, it comes with integrated port forwarding services Ngrok and Serveo. If you don’t know what these services are- they are used to port forward without a router to host a webpage over the Internet.

Follow the instructions to configure and use this tool on Termux.

#1. Open up the Termux application on your smartphone and download the  ShellPhish from Github. Navigate to the directory where the tool is downloaded and list it.

git clone https://github.com/thelinuxchoice/shellphish.git

#2. Make sure you have PHP and Wget installed on your device. If you don’t have, just install it by using these commands. 

apt install php
apt install get

#3. Now navigate to the ShellPhish directory, change to the executable mode and launch the ShelPhish bash script.

cd shellphish
chmod +x*
bash shellphish.sh

Great! we’ve launched the ShellPhish tool perfectly. Now we can choose any template from the list.

Launching Attack

We chose the ‘Instagram‘ phishing template and now it’s asking to choose the port forwarding service. We prefer you to choose the ‘Ngrok‘ service as Serveo is banned in some countries.

It will take some time to generate a link to the phishing page.

Great! the link has been created. Now we can share it with the target. Have a look at the screenshot to get an idea about how credentials are captured.

Solving ShellPhish Not Generating  Any Link Issue

Most people experience this issue while using ShellPhish that it doesn’t generate any link. Don’t worry,

 #1. Navigate to the ‘ShellPhish‘ folder and list it. There you will see the ngrok, which was downloaded automatically by ShellPish before launching the server.

#2. Visit Ngrok.com and sign up for an account, log in to the account and copy the authentication key from the dashboard and paste it on termux and hit enter as shown in the command given below.

./ngrok authtoken axajkyGYUYFhabbXXXXX

#3. Now turn on your mobile hotspot and launch the command-  ./ngrok http 80 on termux. It should show ‘online‘ in the connection status. If you don’t turn on your mobile hotspot during this process, it will show the ‘reconnecting‘ error in the connection status.

#4. Close Ngrok by hitting CTRL+C.

#5. Launch ShellPhish again and it should solve this problem.

N.B.: All the steps should be performed inside the ‘ShellPhish’ directory in order to solve this error.


There are many phishing tools available on the Internet for the Linux platform but most of them have unknown errors that can’t be solved.

ShellPhish doesn’t come with a lot of templates but all of them are clones of very popular websites that most people use. Also, you can add and customize your own template with it.

And phishing attack is not about what tool you use, it’s all about how you present your malicious link to the victim. The more you creative, the more you get success in phishing.

What’s your opinion about it? did you like ShellPhish? Let us know in the comment box below. We are desperate to know your reaction.