git404hub

what is zphisher fr?

htr-tech/zphisher — explained in plain English

Analysis updated 2026-06-24

15,944HTMLAudience · ops devopsComplexity · 2/5Setup · easy

tl;dr

A Bash phishing toolkit with 30 plus prebuilt fake login page templates, intended for authorized security training and red team awareness demos.

vibe map

mindmap
  root((zphisher))
    Inputs
      Template choice
      Tunnel option
    Outputs
      Hosted fake page
      Captured credentials log
    Use Cases
      Security awareness demo
      Red team training
      Tunneling test
    Tech Stack
      Bash
      HTML
      Docker
      Cloudflared

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Run an authorized security awareness drill that shows staff how convincing a fake login page can be.

VIBE 2

Study the templates to build a phishing detector for an email gateway.

VIBE 3

Demo the role of tunneling services like Cloudflared in red team scenarios during a CTF.

what's the stack?

BashHTMLDockerCloudflared

how it stacks up fr

htr-tech/zphisherjeromeetienne/ar.jsgustavoguanabara/html-css
Stars15,94415,80716,262
LanguageHTMLHTMLHTML
Setup difficultyeasymoderateeasy
Complexity2/53/51/5
Audienceops devopsdevelopergeneral

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · easy time til it works · 5min

Auto installs dependencies on first run, but only safe to use on isolated networks with written authorization.

in plain english

Zphisher is an automated phishing toolkit, a tool that creates fake login pages designed to look like real websites in order to capture someone's credentials when they try to log in. It comes with more than 30 ready-made templates imitating login pages for popular services. The tool is described as intended for educational purposes, specifically to demonstrate how phishing attacks work, and the author states they are not responsible for misuse. Phishing is a type of cyber attack where someone is tricked into entering their username and password on a fake version of a website they trust. Tools like this are sometimes used in security training and penetration testing, authorized testing of a system's defenses, but carry significant legal risk if used without permission. Zphisher is written in Bash (a scripting language for command-line use) and runs on various Linux environments. It supports several methods for making the fake page accessible from outside a local network, including tunneling services (Cloudflared and LocalXpose), and includes URL masking to make the malicious link look more legitimate. It also supports Docker for easier deployment. Dependencies are installed automatically on first run.

prompts (copy fr)

prompt 1
Explain how zphisher chooses between Cloudflared and LocalXpose for tunneling and the trade offs for a controlled lab.
prompt 2
List the prebuilt templates in zphisher and map each one to the legitimate login page it imitates.
prompt 3
Walk me through running zphisher inside Docker on a private CTF network so nothing leaks to the public internet.
prompt 4
Help me write a corporate policy paragraph that defines when running a tool like zphisher is allowed inside our company.

Frequently asked questions

what is zphisher fr?

A Bash phishing toolkit with 30 plus prebuilt fake login page templates, intended for authorized security training and red team awareness demos.

What language is zphisher written in?

Mainly HTML. The stack also includes Bash, HTML, Docker.

How hard is zphisher to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is zphisher for?

Mainly ops devops.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.