The phishing framework
for red teams

Stress test the company security against phishing to convince your clients or employers to apply more secure sign-in authentication solutions.

Hero

Focus on demonstrating the risks

Evilginx Pro works hard to keep your phishing simulation undetected, while you can focus on delivering the results.

1. Send

Prepare your phishing pre-text and send out the campaign emails on your red team engagement.

2. Capture

Watch how credentials and session tokens are captured to bypass multi-factor authentication, in real-time.

3. Access

Use the captured session tokens to gain access to accounts protected with multi-factor authentication.

Features illustration
Trusted by cybersecurity professionals

7+ years of raising awareness

Community version of Evilginx was first released in 2017. It has been used to strengthen security of web services and educate users across the globe ever since.

  • Easy to use
  • 10K stars on GitHub
  • Free
  • Active development
  • Up to date

Modern phishing tradecraft at your fingertips

Evilginx Pro builds upon a solid base of a versatile phishing framework and provides additional functionality to professionals willing to excel at their craft.

Tabs 01

Manage multiple servers from one client

Evilginx Pro introduces the client-server architecture, adding the ability to run multiple servers as daemons, with a single Evilginx client being able to manage them remotely.

It offers an ability to quickly switch between servers as well as quickly deploy new servers at will, without the hassle of manual configuration or uploading files through external means.

Learn more

Available exclusively to cybersecurity professionals

Evilginx Pro is available exclusively to the owners or employees of legitimate red team or penetration testing companies.

We put the extra effort to ensure Evilginx Pro is used legitimately, by pre-screening potential buyers, before the purchase option is made available.

Features 02
Focus on what you do best

For red teamers

If you perform phishing as one of the initial vectors of gaining entry into the organization.

For penetration testers

If you want to test and improve the company security by demonstrating a successful phishing attack from potential attackers.

For internal red teams

If you perform security assessments in your company to test the security of employees and company resources.