Skip to main content

Config

Learn everything about Evilginx configuration files.

Configuration JSON

When Evilginx first starts it saves its configuration to ~/.evilginx/config.json file. This file can also be uploaded during deployment to pre-configure Evilginx before-hand, to automate the deployment even more.

The sample config.json file with pre-configured linkedin phishlet and a single lure may look like this:

{
"general": {
"bind_ipv4": "127.0.0.1",
"dns_port": 53,
"domain": "not-a-phish.com",
"external_ipv4": "1.2.3.4",
"https_port": 443,
"unauth_url": "https://www.linkedin.com"
},
"phishlets": {
"linkedin": {
"hostname": "linkedin.not-a-phish.com",
"enabled": true,
"visible": true
}
},
"lures": [
{
"hostname": "",
"info": "",
"og_desc": "",
"og_image": "",
"og_title": "",
"og_url": "",
"path": "/login",
"phishlet": "linkedin",
"redirect_url": "https://www.linkedin.com",
"redirector": "",
"ua_filter": ""
}
]
}

If you prefer to only pre-configure domain and ipv4 addresses for your newly deployed Evilginx instance, you can trim down the contents to:

{
"domain": "not-a-phish.com",
"bind_ipv4": "127.0.0.1",
"external_ipv4": "1.2.3.4",
"blacklist_mode": "unauth",
}

Certificates

Automatic retrieval and renewal of TLS certificates is handled by certmagic. All retrieved TLS certificates can be found in ~/.local/share/certmagic.

If at any point you come across an issue related to certificates, you may try to delete this directory and restart Evilginx to see if it fixes the issue.

Commands

: help config

config

Shows values of all configuration variables and allows to change them.

config
show all configuration variables
config domain <domain>
set base domain for all phishlets (e.g. evilsite.com)
config ipv4 <ipv4_address>
set ipv4 external address of the current server
config ipv4 external <ipv4_address>
set ipv4 external address of the current server
config ipv4 bind <ipv4_address>
set ipv4 bind address of the current server
config unauth_url <url>
change the url where all unauthorized requests will be redirected to (phishing urls will need to be regenerated)
config wildcards <true|false>
enable or disable the use of wildcard certificates retrieved from letsencrypt