Skip to main content

Config

Learn everything about Evilginx configuration files.

Configuration JSON

When Evilginx first starts it saves its configuration to ~/.evilginx/config.json file. This file can also be uploaded during deployment to pre-configure Evilginx before-hand, to automate the deployment even more.

The sample config.json file with pre-configured linkedin phishlet and a single lure may look like this:

{
    "general": {
        "bind_ipv4": "127.0.0.1",
        "dns_port": 53,
        "domain": "not-a-phish.com",
        "external_ipv4": "1.2.3.4",
        "https_port": 443,
        "unauth_url": "https://www.linkedin.com"
    },
    "phishlets": {
        "linkedin": {
            "hostname": "linkedin.not-a-phish.com",
            "enabled": true,
            "visible": true
        }
    },
    "lures": [
        {
            "hostname": "",
            "info": "",
            "og_desc": "",
            "og_image": "",
            "og_title": "",
            "og_url": "",
            "path": "/login",
            "phishlet": "linkedin",
            "redirect_url": "https://www.linkedin.com",
            "redirector": "",
            "ua_filter": ""
        }
    ]
}

If you prefer to only pre-configure domain and ipv4 addresses for your newly deployed Evilginx instance, you can trim down the contents to:

{
    "domain": "not-a-phish.com",
    "bind_ipv4": "127.0.0.1",
    "external_ipv4": "1.2.3.4",
    "blacklist_mode": "unauth",
}

Certificates

Automatic retrieval and renewal of TLS certificates is handled by certmagic. All retrieved TLS certificates can be found in ~/.local/share/certmagic.

If at any point you come across an issue related to certificates, you may try to delete this directory and restart Evilginx to see if it fixes the issue.

Commands

: help config

 config

 Shows values of all configuration variables and allows to change them.

 config
   show all configuration variables
 config domain <domain>
   set base domain for all phishlets (e.g. evilsite.com)
 config ipv4 <ipv4_address>
   set ipv4 external address of the current server
 config ipv4 external <ipv4_address>
   set ipv4 external address of the current server
 config ipv4 bind <ipv4_address>
   set ipv4 bind address of the current server
 config unauth_url <url>
   change the url where all unauthorized requests will be redirected to (phishing urls will need to be regenerated)
 config wildcards <true|false>
   enable or disable the use of wildcard certificates retrieved from letsencrypt