Gray Fish provides fully undetectable phishing pages. Are you bored of getting link blocked by facebook or other sites? Does your hosting provider suspend your account(e.g 000webhost)? Don't lose hope. Try Gray Fish. Hackers are 10 times more clever than simple programmers. But they don't tell you everything. Before using it, make sure to read all article to avoid any problem.

• Fully undetectable (means Link will not get blocked + Hosting provider will not suspend your account).
• Almost, all Templates are under 20KBs that helps in loading webpages fast.
• Images are encoded in base64 to avoid external + internal linking.
• Codes are highly compressed. Extra codes have been removed.
• Login form can't be bypass until all inputs have been filled by a victim.
• Link with custom preview(image + title + description) when shared on any website.
• Admin login panel has been created for absolute dummies.

git clone https://github.com/graysuit/grayfish.git

1. Upload all files to any web hosting you like
2. Enter your sitename and fill username & password(Default user & pass is fish)
3. Select any phishing link
4. Shorten link if you want
5. Send the link to your victim
6. Note: Username/Password will be displayed in admin panel

• Username = fish
• Password = fish

Different websites use different algorithms + user-agents + IPs to detect phishing. If they found similarities to original login pages then they simply block the phishing URL and also report it to host provider. And thus your account suspended.

What if we detect and allow only users with a user-agent?

It displays phishing page to only those who have human user-agents. For example, if a person has this type of user-gent (Mozilla/5.0 (Linux; U; Android 4.3; en-us; SM-N900T Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30) then phishing page will load, Else it will be directed to phishing_info folder. It helps prevent detected by facebook & other crawlers.

1. Don't share links frequently. It is considered as spam by bots.
2. Share the link only to the victim, not to whole planet.
3. Don't use domains that are already restricted or banned(e.g sitename.000webhostapp.com, sitename.htmlpasta.com, etc).
4. Use hosting providers that provides valid SSL certificate(https:// not http:https://).
5. Shorten URL before sending link.
6. Not just share. Convince the victim in your native language and catch victim by his interests.

Phishing pages never harm anyone nor it benefits script kiddies. Instead, they expose the website's mistakes and give developers a golden opportunity to make websites more secure. What if we use this knowledge secretly? Why we public this knowledge?

We publicized this knowledge to make developers acknowledged of their vulnerabilities + to make new programmers more clever.

Don't use this source code for illegal purposes. But if you do, this will on to you, I will not/never take any responsibility for your crime.

• Facebook: gray.programmerz.5
• Email: [email protected]
• Website: tiplava