Advanced Phishing with EvilGoPhish

EvilGoPhish Mastery (2025)

This is an extensive course for advanced hackers, red teams, and penetration testers looking to master advanced phishing & smishing techniques with EvilGoPhish, one of the most powerful reverse-proxy phishing tools that combines both Evilginx3 & GoPhish.

Buy Now

Why this course was created?

The goal was to create the most comprehensive course for researchers & professionals wanting to learn how complex phishing & smishing attacks are deployed in today's environment. There are no comprehensive tutorials on how to use this tool.

Why would you teach people something like this?

For those concerned about the ethics of hacking tutorials as well as tools such as EvilGoPhish it's not the learning of the skill that's unethical, but the choices made in applying it.

It's like using a hammer – it can be used to build something or to break something. The tool isn't "bad" per say, it’s how you use it that matters. Ethical hacking is using that "hammer" to make things safer, not to cause damage.

Ethical hacking, for example, is a legitimate and necessary practice in improving cybersecurity.

In this case, understanding the tactics that adversaries use in advanced phishing and smishing attacks is crucial for professionals seeking to enhance their offensive capabilities.

Course Curriculum (All Lessons)

Cybersecurity Course

1. EvilGoPhish Email Lure Template #1 - G-Suite Drive (.HTML)
2. EvilGoPhish Email Lure Template #2 - Linkedin (.HTML)
3. EvilGoPhish Email Lure Template #3 - Microsoft Azure Upgrade (.HTML)
1. Welcome to the Course & Thank You!
2. Course Welcome Survey
3. (!) Course Ethics and Legal Guidelines
1. How to Filter & Select a Domain Like a Pro
2. Domain Selection: Criteria Checklist and Filtering with Palo Alto Networks and Cisco Talos
3. Domain Alternatives: Anonymous Offshore Hosting 1984.Hosting, Njalla, and OrangeWebsite
4. Important: Advanced Domain Selection and Filtering Lessons A/B Preview
5. Advanced Domain Filtering - Part A: Strategies for Selection, Filtering, and Aged Domains
6. Advanced Domain Filtering - Part B: Filtering Domain Authority, Backlinks, Keywords, and Site Audits for EvilGoPhish
7. Anonymous Offshore Domain Registration & Server Providers (Top 3 Ranked)
1. Course Agenda & Learning Structure
2. Important Notice to All Students! Course Guidelines
3. EvilGoPhish Mastery Course - Introduction
4. Why This Course Was Created & Course Objectives and Goals
1. Important Notice: Course Guidelines
2. Important Notice: Ethical Conduct and Legal Compliance
3. Introduction to Red Teaming & Advanced Phishing
4. Red Teaming and Red Team Engagements Explained
5. Phishing Context & Techniques: Future Implications for Cybersecurity
6. Case Study: Advanced Social-Engineering vs. Chase Bank
7. Course Infrastructure Tool Stack
8. Course Infrastructure Tool Stack (Direct)
1. Modern Email Authentication Explained: A Detailed Guide to SPF, DKIM, DMARC with Namecheap DNS Demonstration
1. What Is An Adversary-in-the-Middle (AitM) Attack? iPhone iOS Attack Showcase on Hotel WiFi (Demo)
2. Evilginx3 Explained
3. GoPhish Explained
4. Phishing Infrastructure Journey Server to Server
5. Limitations of Other Phishing Tools: Evilginx3, GoPhish, Murena, etc
6. Explaining Web Servers - Reviewing HTTP & HTTPS
7. Network Security Basics - Understanding Listening Services and Ports
8. MiTM / MFA Phishing Attacks with Evilginx3 and GoPhish
1. DigitalOcean & Simpler Hacking Exclusive Offer
2. Initial VPS Server Setup with DigitalOcean | Cloud Infrastructure for Developers
3. Fixing Network Configuration & Resolving DNS Issues (Explained)
4. Fixing Network Configuration & Resolving DNS issues
5. (Code) Fixing Network Configuration & Resolving DNS issues
6. Pre-Installation: Steps to Configure Your Machine's Network Manager & Settings
7. How to Access the Updated Paid Version of EvilGoPhish 3.0 via Github Sponsors
8. How to Use a (PAT) Private Access Token to Clone a Private Github Repository
9. (!) Proper DNS Configuration for Evilginx: Adding A Records to Prevent DNS Errors
10. Adding Subdomains to DNS Records (Step by Step Documentation)
11. (!) Configuring A Records & DNS Settings
12. Best Practices: User Privileges
13. Setting Up & Installing EvilGoPhish (Premium Version)
14. Verifying Applications: GoPhish, Evilginx3 and EvilFeed
15. Configuring Phishlet Root & Subdomains: Setup Script & Verifying All Programs are Installed
16. GoPhish Setup: Configuring & Selecting a New Password in within EvilGoPhish3
17. Configuring Mailgun SMTP API in GoPhish: Verifying Email Delivery with 10 Minute Mail (10minutemail.com)
18. Understanding the Importance of RID Value
19. (Evilginx x AI Assistance) Automating ./setup.sh with Claude.AI (or GPT-4) - Evilginx3 Instagram Phishlet Example
20. Configuration of Cloudflare Turnstile with EvilGoPhish for Advanced Bot Protection
21. Resource Article - Advanced Bot Detection with Cloudflare Turnstile
22. How to save both Cloudflare Turnstile 403 Forbidden and Redirection Pages in Evilginx3/templates
23. Saving the 403 Forbidden and Redirection page for Cloudflare in Evilginx3 (HTML Templates)
24. Understanding Indicators of Compromise (IOCs) in Phishing Tools
25. Removing GoPhish IOCs (Indicators of Compromise) for Better Email Delivery
26. Understanding IOCs: Techniques for Removing GoPhish Indicators of Compromise
27. Cloning from Gmail - Finding Email Candidates
28. Editing & Importing .yaml Configurations for Custom Script Integration (Importing Linkedin Phishlet & Testing)
29. Setting Up Live Feed for Evilginx3 and GoPhish Live Notifications (Optional)
30. Optimal 4-Panel Setup for Full-Scale Campaigns with A. Evilginx3, B. GoPhish, C. VPS, & D. Live Feed Notifications
31. Resource Blog Post #2 - Evasive Phishing Campaign Steals Cloud Credentials Using Cloudflare R2 and Turnstile
32. Custom Cloudflare Turnstile HTML redirection page (CODE)
1. Finding Targets & Analyzing Usernames with the OSINT Framework
2. Introduction to Essential OSINT Tools - Dorking
3. Top 15 Commands You Need To Know
4. Essential OSINT Tool #2
5. Essential OSINT Tools #3
6. Essential OSINT Tool #4 - Powerful Domain & URL Scanner by Johannes Gilger
1. Customizing Both Turnstile.html and Forbidden.html for EvilGoPhish Turnstile Templates (Cloudflare)
2. Cloudflare Turnstile HTML Guide (From EvilGoPhish Pro Official Documentation)
3. Turnstile Rules
4. EvilGoPhish HTML Turnstile Template B
5. EvilGoPhish HTML 403 Error Template B
1. TMUX Tutorial: Understanding What It Is, How to Install and Use It
2. Using TMUX for Evilginx Session Persistence
3. Using TMUX for GoPhish Server Persistence
4. A. Initial Setup with TMUX
5. B. Detaching from TMUX (Campaign Persistence)
6. C. Re-entering TMUX (Checking the Campaign)
7. D. Exiting TMUX (Ending the Campaign)
8. Long-Term EvilGoPhish 3.0 Persistence - Setting Up Multiple TMUX Sessions for Evilginx3, GoPhish, EvilFeed
9. (Optional Code Resource) Running TMUX with EvilGoPhish3 (Evilginx3, GoPhish & EvilGoPhish Live Feed)
10. TMUX Common Questions FAQ Sheet
1. (with Tom) Avoiding Modern Spam Filters And Land Your Prospect's Inbox [Spam Checkers, Bots, Automated Filters, Preferences, Google Domains]
1. EvilGoPhish Attack Planning & Execution Preview
2. Custom Course Phishlet (Script)
3. General OPSEC Best Practices
4. Exploration of High-Level Account Attack Workflows
5. Tools for Checking Email HTML Content before Sending with GoPhish
6. Live Demonstration: Filtering and Cloning 2 Authentic Microsoft HTML Emails for the EvilGoPhish Campaign Context
7. Live Demonstration: Launching Our Phishing Campaign with EvilGoPhish3
8. Landing in Priority Inbox: Viewing EvilGoPhish Sent Messages from the Recipient's Perspective
9. Quick Tip: Understanding, Bypassing Automated Email Security and Landing in Priority Inbox with GoPhish
10. Catching the Phish in Evilginx3 & Injecting Session Tokens!
1. Analyzing, Exporting & Reviewing EvilGoPhish Campaign Results
2. Post Engagement Best Practices: Redirecting URLs, Hiding Lures and Wiping DigitalOcean VPS
1. Smishing: Why Adversaries Use Smishing, What Is It, How It Works & Famous Smishing/Phishing Attacks in Recent History.
2. Deep Dive into Smishing - Tactics, techniques, and procedures (TTPs)
3. 64 Year Old vs. Advanced Smishing Attacks - Cyber Criminals Phishing and Smishing Financial Loss
4. Setting Up Smishing Campaigns in EvilGoPhish3
5. EvilGoPhish iOS SMS TEXT Templates (Download)
1. EvilGoPhish Now Supports SMS Campaigns
2. Configuring Smishing Campaigns in EvilGoPhish
3. Creating Smishing Campaigns with Klayviyo
1. NVIDIA Morpheus Introduction - AI Framework for Cybersecurity (Demo)
2. Analysis and Prevention of AI-Based Phishing Email Attacks
3. Teach LLMs to Phish: Stealing Private Information from Language Models | Ashwinee Pandap Christopher A. Choquette-Choog Zhengming Zhangs Yaoqing Yangd Prateek Mittalp Princeton University, Google DeepMind, Southeast University, Dartmouth College
1. Analyzing & Reporting Exported Campaigns
1. Course Conclusion & Thank You
2. Connect with Simpler Hacking & Stay Updated
1. Phishing Hostname/Domain Master Keyword List (Download)
2. Evilginx & EvilProxy Master Keyword List
3. Evilginx 3.2.0 Phishlet Template (.yaml)
4. Updated Defcon Phishing Report by Industry
5. Modlishka Attack (2024) Evil Session Hijacking Webinar [Full Live Stream]
6. (Webinar Replay) Modern MITM Attack Process Deep Dive with Evilginx3 on Microsoft365

EvilGoPhish Mastery (2024)

$179.99
5 hours of video content

Frequently Asked Questions (FAQs)

Common Questions

Does this course help to avoid detection by anti-phishing filters like Google's Safe Browsing?

This advanced course delves into methods to reduce the chances of detection, such as domain validation, optimizing email and SMS templates, and using Cloudflare Turnstile for advanced bot detection and evasion. Additionally, we focus on removing indicators of compromise (IOCs) in phishing tools like EvilGoPhish, improving email delivery and campaign effectiveness.
Why should I choose this course over others for learning about Evilginx & cybersecurity?

This course was created is to give everyone access to this information in a non-expensive & understandable way. I was tired of seeing these the majority of companies charging $500+ for a shitty training, teaching it in a way that's not clear & only advanced users can understand. The point is to give value to students around the world who may not have the means or resources to access said information.
Can I access the course material after completion?

Yes, students will have lifetime access to the course material, including any future updates.
How can EvilGoPhish be used to conduct large-scale smishing campaigns while avoiding carrier blocking and spam filters?

Smishing campaigns present a different set of challenges compared to email-based phishing, especially regarding carrier spam filters. This course addresses how to integrate EvilGoPhish’s smishing functionality to conduct large-scale, personalized smishing campaigns while mitigating carrier-level blocks. We go over essential SMS template creation strategies, as well as using anonymous SMS gateways and custom domains to ensure message delivery. You'll also learn how to troubleshoot and prevent common smishing pitfalls using tools like Klayviyo and other third-party APIs.
Do I need prior experience with phishing tools to take this course?

Yes, this course is aimed at intermediate to advanced professionals who already have a foundational understanding of phishing tools, red teaming, and penetration testing. However, the course does start with a review of the fundamentals and builds up to advanced techniques, ensuring that students with some prior knowledge can follow along and progress through the material.
Do you accept cryptocurrency payments?

Yes. Most students prefer to pay with cryptocurrency. All that is required is an email address to send the course to [email protected] & Cee or SH will reach out to you. We understand that USD/EU exchange rates may be high for students in other countries. We use the Coinbase Commerce API for our invoices & all of our transactions.
What specific phishing techniques and scenarios are covered in the course?

The course covers phishing techniques like credential harvesting, session hijacking, transparent reverse proxying, multi-stage engagement flows, social engineering frameworks. Scenarios are modeled after real-world tests. Everything is updated to its current version as well.
What if I ignore the ethical guidelines discussed in the course?

It's imperative to adhere to ethical conduct; any misuse absolves all liabilities for resulting damages. Seriously. This a potent educational resource for Cybersecurity researchers, students & professionals looking to master modern advanced phishing tactics. Do not use this information for bad. Seriously.
Where can I find Phishlets?

Our phishlets can be found on https://github.com/simplerhacking/Evilginx3-Phishlets

EvilGoPhish Mastery Content Screen Preview

Key Topics & Sections

Gain a better understanding of what's in the course & what you'll learn by the end.

Master Reverse-Proxy Phishing & MFA Bypass Techniques:

Gain in-depth knowledge of advanced MiTM attacks and Multi-Factor Authentication bypass, including the latest strategies and methodologies used by top-tier red teams and penetration testers.

Advanced Domain Filtering & Validation:

Learn how configure SPF, DMARC, DKIM & MX for Evilginx & GoPhish

Learn advanced domain selection and filtering techniques, utilizing tools like Palo Alto Networks and Cisco Talos, and explore anonymous offshore hosting solutions.

Step by Step Infrastructure Setup

Configure VPS servers, fix network issues, install EvilGoPhish Pro and set up domain records correctly. Leverage automation tools like Claude.AI & GPT-4 for streamlining setup processes.

Cloud Architecture Deployment

Set up and configure the EvilGoPhish 3.0 Toolkit live. Understand network security basics and master the technical infrastructure required for effective campaigns.

Email Authentication & Domain Validation:

Learn comprehensive email authentication, how to implement SPF, DKIM, and DMARC protocols with detailed guides and practical demonstrations, ensuring emails are authenticated and delivered successfully.

Combat Google's Advanced Bot Detection Algorithms using Cloudflare Turnstile

Learn how to Integrate advanced bot detection mechanisms like Turnstile to protect your infrastructure and customize HTML templates for improved campaign stealth and effectiveness.

Indicators of Compromise (IOCs) and OPSEC

Understand and remove IOCs from your phishing tools to enhance email delivery rates, and adopt best practices for operational security during campaigns. (No courses teach this!)

OSINT Techniques and Pre-Campaign Preparation

Before deploying campaigns, learn how we utilizes OSINT tools for gathering intelligence, identifying targets, and preparing comprehensive pre-campaign strategies.

TMUX Utilization for Campaign Persistence

This is important for running engagements over long periods of time without worrying.

Master TMUX (Terminal Multiplexer) for maintaining session persistence during long-term campaigns, ensuring seamless operation and monitoring.

Learn SMS Phishing (Smishing) Techniques for iOS & Android Users:

This is the first course to dive into actually configuring, deploying & defending Smishing.

This is the first course to dive into deploying modern smishing attacks from start to finish. Set up and execute smishing campaigns, understand adversary TTPs, and create effective iOS templates to target mobile users.

Access to Comprehensive Archives, Toolkits, Custom Resources

Access a wealth of updated templates, resources, email scripts, and toolkits to support your campaigns and enhance your skillset.

Course Testimonials & Reviews

Hear what others say about the course!

“The course not only teaches you how to execute sophisticated phishing engagements with the latest pro version of Evil gophish 3.0 for your teams but also equips you with the proper knowledge and tricks to stay ahead. Its hard to explain but there some subtle parts of hacking that very few courses can accurately communicate to people with years of experience like myself.”

Rencora Security - course review via medium.com/@rencora

“If you're a cybersecurity student or on a tight budget, consider the Evilginx Pro Masterclass from Simpler Hacking to learn all about Evilginx. Took the course yesterday, and it has all the content to get you started on your engagements.”

Jan Bakker - via www.JanBakker.tech

“Thanks to @mrgretzky and @simplerhacking for making 2 of the best Phishing courses of the year!!! ”

Brigade SH

If you want to learn uncensored advanced phishing, this course is for you.

This is the most comprehensive course on advanced phishing available in 2025.

Enroll Now

Trusted by our sponsors

Extra Resources: EvilGoPhish HTML Email Templates

Course Introduction & Legal Guidelines

Domain Filtering, Selection and Research

Reverse-Proxy Phishing Fundamentals, Course Objectives and Contextual Overview

Technical Overview of Advanced MiTM Phishing Attacks and Red Teaming

Importance of Domain Validation: A Detailed Guide to SPF, DKIM, DMARC with Namecheap DNS Demonstration

Understanding Modern Phishing Toolkits (Evilginx2, Evilginx3, GoPhish, EvilProxy, etc.)

Infrastructure Setup and Environment Configuration

OSINT Techniques and Pre-Campaign Preparation

Configuring Evilginx with Cloudflare Turnstile for Advanced Bot Protection

Advanced Phishing Configuration, Troubleshooting, and TMUX Utilization

GoPhish Email Template Creation and Anti-Spam Techniques

Campaign Execution: Configuring Evilginx3, Credential Harvesting & MFA Bypass with EvilGoPhish's Custom Phishlet

Campaign Reporting and Post Engagement: Exporting, Reviewing, and Understanding Results

SMS Phishing (Smishing) with EvilGoPhish

SMS Phishing/Smishing Configuration with EvilGoPhish

Artificial Intelligence, LLMs and Generative AI for Advanced EvilGoPhish 3.0 Attacks & Defense

Analyzing Data with EvilGoPhish

Course Conclusion, Future Considerations, & Thank You!

Extra Resources: Templates, Resources, Comprehensive Toolkits, Email Scripts, Course Materials, and Replay Sessions

EvilGoPhish Mastery (2024)