Remote
Learn how to deploy your local instance of Evilginx to remote server.
caution
Currently only automated deployment to Linux servers is supported. If you want to deploy to Windows Server, it is doable, but you'll have to do it manually as there is no automated deployment script to assist you.
Requirements
You need to have access to remote server running Debian 10 OS or similar with following requirements:
- At least 1GB RAM and at least 1 CPU.
- Non-root user in sudoers group with preconfigured
authorized_keysSSH keys to allow for passwordless login.
Make sure your firewall is set up with the following rules for inbound connections:
| Protocol | Port | Description |
|---|---|---|
| TCP | 443 | Reverse proxy HTTPS traffic |
| TCP | 22 | SSH port for remote configuration (can be changed to anything) |
| UDP | 53 | DNS nameserver traffic used for hostname resolution |
Make sure there is no HTTP server (e.g. Apache, nginx) or DNS server (e.g. resolvd) running on your instance before you continue.
Domain & DNS Setup
Before you can start using Evilginx on engagements, you need to register a domain. This domain will be used as a top-level domain for your phishing URLs, where all subdomains in generated URLs will be fully customizable.
With a valid registered domain, you will need to set it up to use custom nameservers, which will point to the IP of your Evilginx instance.
For example if your registered domain was not-a-phish.com and the IP of the server, where you deployed Evilginx to is 1.2.3.4, you'd set up the custom nameservers like this:
| Nameserver | IP |
|---|---|
ns1.not-a-phish.com | 1.2.3.4 |
ns2.not-a-phish.com | 1.2.3.4 |
It may take some time for the changes to propagate globally. If you're changing this for first time on a new domain, you may need to wait up to 72 hours.
Deployment
Automated
info
Script for automated deployment of Evilginx to remote servers is only available to Evilginx Pro owners.
- Precompiled
- Source code
This guide applies if you have access to Evilginx software in binary form, without access to source code.
For fully automated deployment you can use the ./deploy.sh script:
usage: ./deploy.sh <server_ip> <config_path>
This guide applies if you have access to Evilginx software with full source code.
First of all, you need to run a script, which will build Evilginx and prepare it for release, found at ./scripts/build_release.sh:
./build_release.sh
The deployment package with proper directory structure will be put into ./release directory.
For fully automated deployment you can use the ./scripts/deploy.sh script:
usage: ./deploy.sh <server_ip> <config_path>
config_path parameter is optional, but it is useful if you have a config.json file on hand, which you want to use to preconfigure your Evilginx instance right when it is deployed. Read more about configuration.
The deployment script will use scp to copy files over to your remote instance and ssh to run commands remotely on your server. Make sure you have set up a non-root user, who is in sudoers group, with an SSH public key in authorized_keys which corresponds to the SSH private key you'll be using.
The following environment variables can be used to customize the deployment process:
| Environment variable | Description |
|---|---|
| SSH_KEY_FILE | Path to your SSH private key to use for authorization (def. ~/.ssh/id_rsa) |
| SSH_USER | Non-root username to use for authorization (def. root) |
| SSH_PORT | SSH port to use when connecting to the server (def. 22) |
For example if you want to deploy the software to AWS instance, you'd issue a command like this:
SSH_KEY_FILE=~/keys/ssh.key SSH_USER=admin ./deploy.sh 1.2.3.4
Deployment script will install Evilginx and Evilpuppet on remote server, with all required dependencies, and will set up both to run in background tmux sessions. Evilginx will start itself automatically in same tmux sessions after every reboot, through systemd.
caution
During deployment the control.sh script will kill all currently running node applications, since it is not yet able to tell what is the PID of Evilpuppet process.
To open Evilginx console, you will need to open a tmux session with:
tmux a -t evilginx
To open a session with Evilpuppet do:
tmux a -t evilpuppet
tip
Whenever you want to leave the session running in the background, press Control+B and later D to detach from the current tmux session.
If you want to scroll up and in the tmux session, press Control+B and later [ first to turn on scroll mode and then use Page Up and Page Down to scroll. Turn off scrolling by pressing q.
If you ever accidentally quit Evilginx in the tmux session, you can start it again by running:
sudo ~/evilginx-package/evilginx/evilginx
If you accidentally close any of the tmux sessions, you can easily restart them by running the control script:
sudo ~/evilginx-package/control.sh start
To shut down Evilginx you can also use the control script:
sudo ~/evilginx-package/control.sh stop
Manual
Make sure you build the Evilginx binary with:
make
Then create a directory on your remote server where you will copy Evilginx files e.g. ~/evilginx.
- Upload file
./build/evilginxto~/evilginx/evilginx. - Upload directory
./phishletsto~/evilginx/phishlets. - Upload directory
./redirectorsto~/evilginx/redirectors.
Make sure to make evilginx binary executable with:
chmod 700 ./evilginx
And that's it. Make sure to run ./evilginx binary in tmux session to make it run in the background even after you log out from SSH.