A repository for educational and ethical exploration of 'Evil Portals,' demonstrating how rogue captive portals mimic legitimate login systems. Designed for security researchers, penetration testers, and ethical hackers to understand and mitigate network vulnerabilities.
- Previews
- What Are "Evil Portals"?
- Purpose
- Getting Started
- Development
- Disclaimer, Legal Notice, & Responsible Use
- Licensing
- Wrapping Up
You may click on any preview below to view it live. All templates are designed to:
- Be as simple and accurate as possible.
- Work on both mobile and desktop devices.
- Send a query param payload on form submit as
/login?username=example&password=example. - Be developed as HTML/SCSS but compiled to a single HTML file with inline CSS.
- Be compressed. Take note some hardware only supports displaying up to 20 KB templates at a time.
- Not use any JavaScript, vanilla HTML and CSS only. You may optionally add JS code yourself. See the Development section for more information.
All previews are hosted on raw.githack.com, a great CDN for source code!
[ Index ]
Evil Portals are custom captive portal systems often used in penetration testing to demonstrate security risks. When connected to a rogue AP, users are directed to a fake login page, where attackers can attempt to capture credentials or inject payloads.
This repository provides:
- Realistic examples of AP-powered login systems ("Evil Portals").
- Configurable templates for use in controlled and authorized environments.
- Documentation on how these systems work (this README).
[ Index ]
The goal of this repository is to raise awareness about the vulnerabilities that attackers may exploit using "Evil Portals" — captive portals designed to mimic legitimate login systems on open access points (APs) or otherwise. By providing realistic examples of how these systems operate, this repository aims to:
- Educate network administrators and developers about potential risks.
- Demonstrate the importance of securing wireless networks against unauthorized access and data interception.
- Help organizations and individuals develop stronger defenses against phishing and other attacks facilitated by rogue APs.
[ Index ]
- Clone this repository to your machine.
- Set up supported hardware:
- A Raspberry Pi Pico W or other supported hardware running Pico-Portal.
- A Flipper Zero Wi-Fi module or similar ESP32-based devices.
- A Wi-Fi Pineapple or similar device that supports captive portal testing.
- Use the provided templates from within the
/portalsfolder to simulate captive portals in a controlled environment. - Run, preview, and demonstrate with transparency the templates to educate users about the risks of rogue APs and phishing attacks.
[ Index ]
This repository is open to contributions that improve the educational value of the provided examples. To get started with development:
- Fork this repository to your GitHub account.
- Clone your fork to your local machine.
- Create a new branch for your changes.
- Ensure node.js and npm are installed on your machine.
- Run
npm installto install dependencies. - Make your changes to the files in the
src/folder, and test them locally:- Use
npm run build:watchto watch for changes and rebuild the project. - Navigate to "http://localhost:8080/{filename}/index.html" to view changes
(replace
{filename}with the file you want to view).
- Use
- Once you're happy with the changes, you can finalize your changes with
npm run build. - Commit your changes and push them to your fork.
- Open a pull request to the main repository here.
/login?username=example&password=example.
Templates must include the notice "This is a simulated template for educational purposes only. Not affiliated with or endorsed by any brand."
[ Index ]
This repository is provided for educational purposes only and is intended for use by:
- Security researchers
- Ethical hackers
- Penetration testers
- Individuals seeking to understand network vulnerabilities to improve defenses
- Web developers looking for examples on how to build login pages
Important Usage Guidelines:
- Only use these tools with explicit authorization from the owner of the network or system being tested.
- Unauthorized use may violate local, state, or international laws.
- The repository maintainers are not liable for misuse of the provided code, templates, or examples.
About Logos and Designs:
- The logos and designs in this repository are artistic representations or placeholders provided solely for educational purposes.
- They do not imply endorsement, affiliation, or sponsorship by the respective brands.
Terms of Use:
- The content in this repository is provided "as is," with no guarantees or warranties.
- By using the tools and templates herein, you accept full responsibility for ensuring compliance with applicable laws and obtaining proper authorization.
This repository is designed to be a teaching tool for ethical purposes. Users are expected to:
- Only use these tools in environments where explicit authorization has been granted (e.g., in penetration tests or lab environments).
- Inform and educate stakeholders about the risks and solutions.
- Never deploy these tools in a way that causes harm, theft, or deception without consent.
[ Index ]
This project is licensed under the MIT License. See the LICENSE.md file for the pertaining license text.
SPDX-License-Identifier: MIT
[ Index ]
Thank you for all of your support. It's important to me that this project stays accessible to everyone, so please keep this software free and open source. If you have any questions, please let me know by opening an issue here.
| Type | Info |
|---|---|
| webmaster@codytolene.com | |
| https://www.buymeacoffee.com/codytolene | |
| bc1qfx3lvspkj0q077u3gnrnxqkqwyvcku2nml86wmudy7yf2u8edmqq0a5vnt |
Fin. Happy programming friend!
Cody Tolene