Phishing Club

Phishing Club is a comprehensive phishing simulation and man-in-the-middle (MITM) framework tailored for security professionals, red teams, and companies conducting internal phishing simulations. It offers advanced capabilities beyond traditional phishing tools, focusing on multi-stage attack flows and sophisticated evasion techniques.

Key Features:

• Multi-stage phishing flows: Design complex phishing scenarios with multiple interaction points.
• Reverse proxy phishing: Capture sessions to bypass multi-factor authentication (MFA).
• Domain proxying: Mirror content from target sites for realistic lures.
• Flexible scheduling: Control campaign delivery with time windows, business hours, or manual execution.
• Advanced delivery: Support for SMTP configurations and custom API senders with OAuth.
• Recipient tracking & analytics: Monitor groups, import CSV data, track repeat offenders, and view detailed event histories.
• Automation: Integrate with other tools via HMAC-signed webhooks and a REST API.
• Multi-tenancy: Segregated client handling for service providers.
• Security features: MFA, SSO, session management, and IP filtering.
• Operational tools: In-app updates, CLI installer, and configuration management.

MITM and Red Team Features:

• Full control: Modify and capture requests and responses independently.
• DOM rewriting: Dynamically alter content using CSS/jQuery-like selectors or regex.
• Path and param rewriting: Modify URL paths and query parameters on the fly.
• Dynamic obfuscation: Evade static detection with dynamically obfuscated landing pages.
• Evasion & deny pages: Customize pre-lure evasion and deny pages for bots or evaded visitors.
• Access control: Implement default deny-lists and advanced filtering using JA4, CIDR, and geo-IP.
• Browser impersonation: Mimic JA4 fingerprints in proxied requests.
• Response overwriting: Shortcut proxying with custom responses.
• Forward proxying: Utilize HTTP and SOCKS5 proxies for origin control.
• Visual Editor: Easily set up proxy configurations with a visual interface.
• Import compromised OAuth tokens: Leverage stolen tokens for further phishing campaigns.

Phishing Club is ideal for cybersecurity students, researchers, and professionals looking to conduct hands-on phishing exercises in a safe, controlled environment, or for red teams aiming to achieve initial access through advanced social engineering tactics.