Penetration Testing, Phishing, Social Engineering

Prepare your Debian server to host a phishing site

It should be noted that the following guide has been tested and it is working for Debian 8.5-8.6.

Update your system

sudo apt-get update
sudo apt-get dist-upgrade

Install MySQL

sudo apt-get install mysql-server

Activate MySQL

sudo mysql_install_db

Configure MySQL

sudo /usr/bin/mysql_secure_installation

Install PHP

sudo apt-get install php5-fpm php5-mysql
sudo service php5-fpm start

Install Nginx(engine x)

sudo apt-get install nginx

Configure Nginx + PHP

sudo nano /etc/nginx/sites-available/default

Add index.php to index:

index index.php index.html index.htm;

Edit location ~ .php$ {…}:

location ~ \.php$ {
                try_files $uri = 404;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;

Restart Nginx

sudo service nginx restart