Skip to main content

Setting up servers

This guide will teach you how to add & deploy servers in Evilginx Pro, as well as demonstrate how to set up a server to allow connection from multiple users, allowing them to collaborate together.

Evilginx Pro implements a client-server architecture. You run the authenticated Evilginx client in your terminal, which connects to Evilginx server deployed on third-party servers. The list of servers your client is able to connect to is stored locally.

Every server needs to first be registered with the BREAKDEV RED licensing server hosted at red.breakdev.org. During the registration process, the licensing server generates the required server license and TLS certificates, which are later used to deploy the server. Everything can be done with several commands in Evilginx Pro client running in the terminal.

Create a new server

To create a server you need two things:

  • Server name: to differentiate between servers and is used solely for display purposes.
  • IP address: to let the client know where to connect.
tip

If you want to set up your server in a local environment for testing or developing phishlets, you need to follow the same registration process.

Use your local IP address when creating a server, which is: 127.0.0.1

  1. Create a new server with command:

    servers add <server_name> <ip_addr>

  2. Next, register the server with the BREAKDEV RED licensing server:

    servers register <server_name>

    Once the server is registered it will receive a unique identifier, stored as the server_id property, and a randomly generated api_token used to access the server's API.

    info

    The IP addresses of the servers you add are never transmitted to the licensing server for OPSEC and privacy reasons.

Once you register a server you become its owner. You will be the only user allowed to deploy it, update its server license or manage the list of users allowed to collaborate together on the server.

Configure SSH

Evilginx Pro uses SSH for server deployment. SSH authentication needs to be properly configured to let the client deploy the server on its own.

You can view the current server settings with command:

servers view <server_name>

The built-in SSH client only supports authentication with OpenSSH keys. You will need to provide the path to your OpenSSH private key you used to generate the public key saved on your server in ~/.ssh/authorized_keys.

You can use private keys protected with a passphrase. You will be asked for the passphrase before every deployment. Passphrase will not be stored.

Here are the server properties required to set up the SSH client:

propertydescription
ssh_portport the SSH daemon is listening on (default: 22)
ssh_userusername to use when logging in; must be a root user or a member of sudo group (default: root)
ssh_keypath to the OpenSSH private key to use for authentication (default: ~/.ssh/id_rsa)

Change the server's SSH settings with the following commands:

servers set <server_name> ssh_port <ssh_port>
servers set <ssh_user> ssh_port <ssh_user>
servers set <ssh_key> ssh_port <ssh_key>
Backslashes and spaces on Windows

Remember to escape backslashes with and additional \ character. Example path: C:\\Users\\Me\\Documents\\ssh\\mykey.key.

If your path contains spaces don't forget to use quotes. Example: "C:\\Users\\User with spaces\\Documents\\ssh\\my key.key".

Deploy a server

Once the SSH client is properly set up, we can deploy the server with command:

server deploy <server_name>
warning

Automated server deployment is compatible ONLY with Debian 12 (64-bit). Deploying to Ubuntu will result in problems finding apt packages.

Evilginx Pro will use the SSH client to:

  • Disable the local resolved DNS server to prevent conflicts when opening the UDP 53 port for the nameserver.
  • Allow non-root users to listen on ports lower than 1024.
  • Create a new non-privileged evilginx user with sudo access.
  • Upload Evilginx Pro files with the server license.
  • Install node to run Evilpuppet.
  • Install Google Chrome as the background browser for Evilpuppet.
  • Set up systemd daemons for Evilginx Pro & Evilpuppet running as the non-privileged evilginx user.

Server deployment may auto-retry due to SSH connection timeouts.

Server license expiration

Server licenses will be always automatically updated in the background while the Evilginx Pro client is running.

The server license is always valid till the end of the month. Less than 7 days before the end of the month Evilginx Pro client will automatically retrieve new server licenses from the license server and update them on all servers you manage. The retrieved new server license will be valid till the end of the next month.

If you want to update server licenses without the need to open the Evilginx Pro client, you can use the following command to trigger Evilginx Pro to check and renew server licenses for you:

evilginx.exe renew

You can set up a cron job or a scheduled task to periodically update the server licenses for you.

info

Deployed Evilginx Pro servers will never contact the licensing server for OPSEC and privacy reasons.

Server licenses are auto-updated periodically by the Evilginx Pro client, in the background.

Connect to a server

When the server is deployed you can connect to it with command:

servers connect <server_name>

On successful connection, you will see the server name prefixing the command prompt as a visual indicator to which server you are currently connected to.

The connection is performed over the standard HTTPS port (443 TCP) for extra stealth.

Evilginx Pro client puts the server's server_id as the hostname value within the SNI extension of the TLS Client Hello packet as the authorization key to access the Evilginx API admin interface.

The TLS connection is additionally authenticated with the client certificate, preventing anyone without a valid certificate from accessing the API.

To summarize, the following keys are required to gain access to the Evilginx server admin API:

  • server_id value of the Evilginx server (example: 8fe549b3873788bf.evilginx).
  • Evilginx Pro user's client certificate.

Update a server

After you update your Evilginx Pro client it is a good idea to update your Evilginx servers to prevent possible incompatibility issues.

To check if any servers can be updated show the list first with command:

servers

If any server has a green + character next to the version number in the version column, it means it is outdated.

You can update the server the same way you deployed it using command:

servers deploy <server_name>
  • Updating the server license

Delete a server

If you want to get rid of a server on your list, you can do it with command:

servers delete <server_name>

You will need to manually enter the server's name as a precaution.

note

There is currently no way of automated removal of Evilginx Pro from the server as a way of "reverse deployment", but support for this feature will come eventually.

Multi-user collaboration

One of key new features of Evilginx Pro is the ability for multiple users to collaborate together on one phishing server. This was made possible due to the introduction of client-server architecture.

Add user to a server

The server will only allow connections from Evilginx Pro users it recognizes. By default, when you create a new server, your user will be added to the allow-list and will be also recognized as the server administrator.

To let your co-worker access the server you created, add their email to the server:

servers users <server_name> add <company_email>

Evilginx Pro will retrieve a new server license with the changes from the licensing server and will automatically update the server.

Import an existing server

You need to obtain the following information from another user who added you to their server:

  • server_id of the server (example: 8fe549b3873788bf.evilginx)
  • IP address of the server (ip_address)

Follow the steps to import an existing server:

  1. Create a new server:

    servers add <server_name> <ip_address>

  2. Import the server license:

    servers import <server_name> <server_id>

That's it. You should now be able to connect to the server with:

servers connect <server_name>

You will be able to see the actions performed actions of other users currently using the same server.

Remove user from a server

If you want to remove access to the server for given server, type:

servers users <server_name> remove <email>

Server license will be automatically updated and user will not be able to connect to the server anymore.

note

The server will not automatically disconnect the user if they are already connected.

FAQ

  1. I haven't updated my server licenses for over 2 months and now I am unable to connect to my server. What can I do?

    No need to worry. You just need to run the servers deploy <server_name> command and the server license will be updated through the SSH client.