Next-gen phishing framework with real-time browser cloning, credential & 2FA interception, bulk email engine with SMTP rotation, 29+ fake update templates, GPS location tracking, 13-layer anti-detection shield, campaign analytics with open/click tracking — all from one panel.
Every tool you need — phishing, email, tracking, protection, payload delivery — in one panel
Docker-isolated Chrome containers render targets in real-time. No outdated templates — always pixel-perfect clones of any website.
Clone any site instantly: Google, Microsoft, Facebook, Instagram, banking portals, corporate SSO, crypto wallets — all supported.
Real-time session hijacking captures authentication tokens, cookies, and 2FA codes as the victim types. Complete account takeover capability.
Advanced form interception + extension + DOM: usernames, passwords, cards, SSNs, and custom fields. OTP/SMS tokens after login.
Extract session cookies (Netscape export). Import into your browser — bypass login with stolen auth tokens.
Every keystroke in real-time: passwords, messages, sensitive input. Field-aware detection (user / pass / OTP) with TAB/ENTER context.
Modules tuned for cards, crypto wallet flows, bank logins, and checkout fields — capture payment-related data alongside credentials.
Collect emails and contacts from flows and forms. Feed follow-up campaigns and recipient groups (CSV / lists).
Watch the victim's browser screen live via noVNC — exactly what they see on the phishing session, streamed to your panel.
Live view of interactions: keystrokes, clicks, navigation, and form activity as they happen — tied to session timeline.
Capture sequences from live screen + exported artifacts. Review sessions step-by-step for analysis and evidence-style playback.
Full remote control: redirect, inject HTML, fake alerts/notifications, dialogs, and execute JS in the victim browser in real time.
QR-based phone screen sharing via WebRTC. Auto Cloudflare tunnel. View the device screen from anywhere.
Real-time command center: visitors, active sessions, credential feed, shields, and campaign metrics in one place.
Visits, conversions, geography, devices, email opens/clicks, fake-update funnels — stats and timelines per campaign.
IP geolocation on hits, globe map, FIND_ME GPS links, and configurable geo-allowlists to shape who reaches your lure.
Full campaign system: SMTP config, rate limiting, retry, CC/BCC, spoofed From, preheader injection, custom headers.
Multiple SMTP servers rotating per email (round-robin or random). Each with own From address. Maximize inbox delivery.
Invisible 1px pixel auto-injected per recipient. Know who opened, when, from which IP and device.
Every link rewritten with unique tracking ID. See who clicked, with IP + UA, then seamless redirect.
Full event log: Created → Sent → Opened → Clicked → Submitted. Per-recipient stats.
Save reusable contact lists. Import CSV. Select a group to populate recipients instantly.
Chrome, Firefox, Edge, Windows 11, macOS, Android, iOS, Zoom, Discord, Steam, Spotify, Netflix, WhatsApp, Telegram, PayPal, Coinbase, MetaMask, Binance…
Pre-built fake software update pages (Chrome, Firefox, Windows, Adobe, Java & more). One-click style deployment with view/click/download tracking.
Track page views, download clicks, completed downloads. QR code generation. Custom payload URL + redirect.
Generate tracking links via Cloudflare tunnel. Auto IP geolocation + optional GPS. Satellite map in panel with full history.
Multi-layer defense: UA/referer blocks, scanner & bot patterns, header fingerprinting, geo & IP reputation, burn links, JS challenge — reduce sandbox and crawler hits.
Toggle per layer: connection flood, rate limit, UA filter, suspicious paths, scanner bots, referer blacklist, empty UA, prefetch, header fingerprint, geo-blocking, IP reputation, burn links, JS challenge.
Allow only specific countries. Block scanners from US/IE/DE/NL. IP-based, cached.
Limit unique visitors per link. After N IPs the link dies. Prevents VirusTotal rescans.
Intermediate page requiring JavaScript. Bots (curl, wget, scanners) fail. Real browsers pass in <1s.
Block datacenter IPs (AWS, Azure, GCP…), VPNs (NordVPN, Mullvad…), and Tor exit nodes automatically.
Advanced obfuscation: @-trick URLs, shorteners (TinyURL, is.gd, v.gd), and parameters that make lures look legitimate.
One-click phishing stack: Docker session, Go resolver, nginx front — operational in minutes on your VPS.
TLS-ready setup via reverse proxy / your certs — phishing pages served over HTTPS like production apps.
Professional reverse proxy in-container: rewrite rules, static layers, and first-line bot filtering before your lure.
Each session in its own container (4GB max, dynamic). Clean separation, no cross-talk, easy teardown.
Quick tunnels for REMOTE, FIND_ME, and panel access when you need public URLs without manual port mapping.
Targets see real browser clones — desktop, tablet, and mobile layouts follow the original site behavior.
Military-grade TOTP for panel login (Google Authenticator / Authy). No stored passwords — per-operator 2FA.
Your bot token + chat ID — instant alerts for credentials, new sessions, and critical events.
Pair Telegram (and future push hooks) so hits reach your phone instantly wherever you are.
Campaign exports + tracking — summarize opens/clicks/recipients; pipe summaries to your inbox from your SMTP.
Live globe: infected targets by country, feed, and geographic analytics.
Blacklist/whitelist UA (substring or regex), import/export JSON, simulator, presets.
Send victims to the real site after capture — configurable redirects for stealth and continuity.
Custom HTML/CSS landings, error pages, and loading screens around your flows — full markup control.
Download captures, cookies, and bundles from the panel — JSON/CSV-friendly workflows for your toolchain.
Session trails, access patterns, and campaign events — filter and audit what happened per target.
Where the stack supports it, grab pasted secrets (passwords, seeds, addresses) from the victim context.
Deep link + domain stack built to slip past naive scanners: nginx + Go + Node shields, UA/geo/reputation layers, and obfuscated delivery paths.
Functional — educational scope: full interactive attack-chain workspace in the panel (vectors, multi-phase timeline, live terminal output). Use it to teach and rehearse zero-click narratives and kill-chain storytelling — not a weaponized remote exploit against arbitrary targets.
Priority Telegram channel: setup, troubleshooting, and operational guidance.
Regular framework drops: new shields, templates, and workflow improvements — stay current.
Docs and tutorials — deployment, hardening, and advanced panel usage.
Carousel with prev / next, dots, and autoplay. Swipe on mobile. Click the image for full size.
From deployment to credential harvest in minutes
Enter target URL, click Deploy. Docker builds and launches the phishing stack with auto-SSL in seconds.
Use the Email Engine or share the phishing URL directly. URL Masker makes it look legitimate. 13-layer shield protects from scanners.
Victim sees a pixel-perfect clone of the real site. They enter credentials normally. 2FA codes captured in real-time.
Watch their screen live, view keystrokes, intercept cookies, receive Telegram alerts. All data in your dashboard.
Username, password, 2FA, cookies, session tokens — all captured. Import cookies for instant account access.
All plans include ALL features — only the simultaneous session limit differs
Scan QR or copy address
Loading...Support