Evilginx2 Phishlet Collection
$149.99
Evilginx2 Phishlet Collection — 12 Phishlets
Updated and tested phishlets for Evilginx2 that capture session tokens post-MFA:
- Microsoft 365 — Full phishlet covering login.microsoftonline.com with ESTSAUTH/ESTSAUTHPERSISTENT cookie capture for persistent access.
- Google Workspace — Gmail/Google phishlet with SID/HSID/SSID cookie capture, bypassing Google Prompt 2FA.
- LinkedIn — Captures li_at session token enabling full account access without re-authentication.
- AWS Console — Captures AWS session cookies from the AWS Management Console login flow.
- Okta — Phishlet for Okta SSO portal capturing session tokens and DT cookies for session persistence.
- GitHub — Captures user_session and __Host-user_session_same_site cookies for full GitHub account access.
- Additional Targets — Includes phishlets for Duo Security, Azure AD, Salesforce, Slack, Zoom, and Dropbox, all tested against current authentication flows.