Modlishka

VERIFIED

Flexible HTTP reverse proxy for 2FA phishing penetration tests

Social EngineeringOSS

Advanced

LinuxWindowsmacOS

Description

Modlishka is a powerful and flexible HTTP reverse proxy tool written in Go for conducting phishing penetration tests. It automatically strips TLS, proxies requests to the legitimate site, and captures credentials and 2FA tokens without requiring custom templates or website cloning.

Use Cases

Perform reverse proxy phishing without creating custom templates
Capture 2FA tokens and credentials in real time
Test organizational defenses against sophisticated phishing attacks

Attack Phases

01. RECON

02. SCAN

03. EXPLOIT

04. PERSIST

05. COVER

MITRE ATT&CK Techniques (2)

T1557Adversary-in-the-Middle(Credential Access)

Related Tools (3)

Evilginx2 Gophish Social-Engineer Toolkit (SET)