Phishlets
Phishlets are configuration files used by Evilginx Pro to intercept authentication data by simulating the behavior of legitimate login pages.
Each phishlet defines how the reverse proxy should handle redirects, modify headers, inject scripts, and bypass various protection mechanisms.
Official Phishlets
The following phishlets are officially maintained and tested with Evilginx Pro:
- Microsoft 365 (after April 2025 update)
- Microsoft Outlook (after April 2025 update)
- Okta (2025)
⚠️ Note: While we do our best to keep these phishlets up to date, we cannot guarantee they will work at all times. Authentication flows change frequently and may break phishlet functionality without notice.
Community Phishlets
In addition to the official list, many more phishlets are shared and regularly updated by users in our private BREAKDEV RED Discord community. If you would like to join it, please follow the registration link: