# htr-tech/zphisher **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/htr-tech-zphisher).** 15,416 stars · 5,809 forks · HTML · gpl-3.0 ## Links - GitHub: https://github.com/htr-tech/zphisher - awesome-repositories: https://awesome-repositories.com/repository/htr-tech-zphisher.md ## Topics `htr-tech` `phisher` `phishing` `phishing-attacks` `phishing-pages` `zphisher` ## Description Zphisher is a security testing framework designed for conducting authorized social engineering assessments and penetration testing. It functions as a credential harvesting simulator that enables security professionals to evaluate organizational defenses and user awareness by deploying deceptive login interfaces. The platform automates the creation of realistic web pages through dynamic template rendering and provides tools to mask destination addresses. It integrates reverse proxy tunneling to expose local testing services to the public internet, allowing for remote access during security audits without requiring modifications to network firewall configurations. The tool supports the simulation of credential harvesting attacks to measure vulnerability within authentication workflows. It is packaged to ensure consistent execution across different host environments, facilitating the deployment of controlled testing infrastructure for security awareness training. ## Tags ### Security & Cryptography - [Attack Simulations](https://awesome-repositories.com/f/security-cryptography/governance-policy-frameworks/compliance-governance/security-and-compliance/security-and-threat-mitigations/attack-simulations.md) — Tests organizational defenses against social engineering through automated link generation and traffic redirection. - [Penetration Testing Platforms](https://awesome-repositories.com/f/security-cryptography/penetration-testing-platforms.md) — Evaluates user awareness by creating realistic login interfaces and tunneling local services to the internet. - [Phishing Attack Tools](https://awesome-repositories.com/f/security-cryptography/security/utilities/security-tools/offensive-red-team/phishing-attack-tools.md) — Provides a platform for conducting authorized social engineering assessments via deceptive login pages and URL masking. - [Phishing Page Generators](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/web-application-penetration-testing/phishing-page-generators.md) — Creates realistic web interfaces designed to capture user credentials for authorized security assessments. ([source](https://github.com/htr-tech/zphisher#readme)) - [Penetration Testing Frameworks](https://awesome-repositories.com/f/security-cryptography/penetration-testing-frameworks.md) — Automates the deployment of deceptive web interfaces and link redirection tools for security control evaluation. - [Security Testing and Auditing](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing.md) — Conducts controlled social engineering exercises to identify weaknesses in authentication workflows and user awareness. ### Development Tools & Productivity - [Local Tunneling Services](https://awesome-repositories.com/f/development-tools-productivity/developer-utilities-libraries/workflow-productivity-enhancers/developer-productivity-utilities/developer-utilities/network-traffic-proxies/local-tunneling-services.md) — Routes traffic from the public internet to local development environments using secure tunneling services. ([source](https://github.com/htr-tech/zphisher#readme)) ### Networking & Communication - [Remote Access Proxies](https://awesome-repositories.com/f/networking-communication/local-reverse-proxies/remote-access-proxies.md) — Routes traffic from public internet endpoints to local services via secure reverse proxy tunnels. ### DevOps & Infrastructure - [Service Exposure](https://awesome-repositories.com/f/devops-infrastructure/service-exposure.md) — Exposes local web services to the public internet through secure tunnels for remote testing. ### Web Development - [Request Interception Middleware](https://awesome-repositories.com/f/web-development/request-interception-middleware.md) — Intercepts and logs incoming HTTP form submissions to record user input within a controlled testing environment.