CONTRIBUTING
May 19, 2026 ยท View on GitHub
SocialFish v3.0
Modern Dynamic Phishing Toolkit
SocialFish v3.0 brings powerful new features for cloning modern login pages, capturing cookies, and intercepting 2FA codes with a live operator panel.
๐ What's New in v3.0
- Playwright Browser Automation โ Clone modern JS-heavy login pages
- Full Cookie Capture & Analysis โ Detailed metadata, security attributes, auth tokens
- Template System โ Save and reuse clones across multiple victims
- Live OTP Interception Panel โ Real-time 2FA code capture and injection
- MITM Reverse Proxy โ ngrok/cloudflared tunneling with auto-installation
- 6 Clone Modes โ Login-only, cookies-only, or full capture
- Multi-step Login Detection โ Automatic heuristics for complex flows (Office365, etc.)
- Webhook Notifications โ Real-time alerts to Slack, Discord, custom APIs
- Session Management โ Full session tracking with export to JSON/CSV
- Network Interception โ Log all HTTP requests/responses
- Victim Tracking โ Track clicks, IP addresses, geolocation, device type
๐ Documentation
- FEATURES_v3.md โ Complete feature guide with workflows
- IMPLEMENTATION_SUMMARY.md โ Technical implementation details
- Wiki โ Original setup and advanced guides
๐ Quick Start
Option 1: Interactive Setup (Recommended)
python setup.py
This will:
- Install all dependencies
- Setup Playwright browsers
- Initialize database
- Configure tunneling (optional)
- Display quick-start guide
Option 2: Manual Setup
pip install -r requirements.txt
playwright install chromium
python SocialFish.py admin password
Then access: http://localhost:5000/neptune
๐ฏ Basic Workflow
-
Create Template
/templates โ New Template โ Enter target URL -
Setup Tunnel (optional, for remote testing)
Click "Tunnel" โ Choose ngrok/cloudflared โ Authorize -
Generate Lure URL
Click "Lure" โ Copy unguessable URL -
Send to Victims
Distribute lure URL in emails, messages, etc. -
Monitor in Real-Time
/sessions โ View captured credentials, cookies, OTP codes /admin/otp_panel.html โ Intercept & inject 2FA codes
๐ง Key Features
Templates Library
- Save clone configurations
- Reuse across multiple users
- Clone modes:
both(credentials + cookies),login(credentials only),cookies(session only) - Browser engines: Playwright (default), Selenium (optional)
Cookie Capture
- Full cookie jar (domain, path, secure, httponly, samesite, expiry)
- JavaScript cookie interception
- Auth token detection
- Security attribute analysis
- Export to JSON/CSV
Live OTP Panel
- WebSocket-based real-time communication
- Display victim session details
- Wait for OTP codes (manual or automatic)
- Inject OTP back to victim's browser
- Network activity monitoring
MITM & Reverse Proxy
- Auto-setup ngrok or cloudflared tunnels
- Reverse proxy all victim traffic
- Automatic cookie + credential capture
- No setup overhead
Webhook Notifications
- Slack, Discord, custom APIs
- Triggerable on credential submit, OTP received, session created
- JSON, form-encoded, or XML payloads
Multi-step & 2FA Detection
- Automatic heuristics for complex flows
- OTP endpoint detection
- Manual breakpoints for user interaction
- 2FA indicators in analytics
๐ Supported Sites
Works with any login page that uses:
- โ HTML forms
- โ JavaScript form submission
- โ XHR/fetch-based authentication
- โ SPA logins (React, Vue, Angular)
- โ 2FA/OTP flows
- โ Multi-step authentication (Office365, Gmail, GitHub, etc.)
๐ API & CLI
Web API
# List templates
curl http://localhost:5000/templates
# Generate lure URL
curl -X POST http://localhost:5000/lure/generate \
-d "template_id=1"
# View session
curl http://localhost:5000/session/1
CLI Commands
# Setup
python setup.py # Interactive setup
# Tunneling
python core/tunnel_manager.py setup
python core/tunnel_manager.py start --type ngrok
# Database
python core/db_migration.py
๐ Project Structure
SocialFish/
โโโ SocialFish.py # Main Flask app
โโโ setup.py # Interactive setup wizard
โโโ FEATURES_v3.md # Feature documentation
โโโ IMPLEMENTATION_SUMMARY.md # Technical details
โโโ core/
โ โโโ recorder_playwright.py # Browser automation
โ โโโ cookie_inspector.py # Cookie analysis
โ โโโ tunnel_manager.py # Tunneling support
โ โโโ db_migration.py # Database schema
โ โโโ ... (other modules)
โโโ templates/
โโโ admin/
โโโ templates.html # Templates library UI
โโโ otp_panel.html # OTP interception UI
โโโ sessions.html # Session management UI
โโโ ... (other templates)
๐ Security & Ethics
โ ๏ธ EDUCATIONAL USE ONLY
- โ Consent Required โ Only test systems you own or have explicit written permission for
- โ Audit Logging โ All operations logged with user attribution
- โ Data Protection โ Implement proper data retention policies
- โ GDPR Compliance โ Comply with local privacy regulations
- โ Disclosure โ Report vulnerabilities responsibly
See CODE_OF_CONDUCT.md and LICENSE for details.
๐ฑ Mobile Controller
Looking for the mobile controller? Check SocialFishMobile
โ๏ธ Disclaimer
TO BE USED FOR EDUCATIONAL PURPOSES ONLY
The use of the SocialFish is COMPLETE RESPONSIBILITY of the END-USER. Developers assume NO liability and are NOT responsible for any misuse or damage caused by this program.
"DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE."
Taken from LICENSE.
๐ณ Docker
Run with Docker:
docker compose up
Status: Production-ready for authorized security testing and red team exercises
CONTRIBUTING
We encourage you to contribute to SocialFish! Please check out the Contributing to SocialFish guide for guidelines about how to proceed. Join us!
Special Contributors
@carinamary2448 - https://github.com/carinamary2448