CLICKFIX is a social engineering tool designed to deploy malware using a deceptive technique known as the ClickFix attack. The tool creates a fake CAPTCHA verification page to trick the victim into thinking they need to verify themselves to access the website.
Behind the scenes, when the victim interacts with the fake CAPTCHA, a hidden payload is silently copied to their clipboard. The page then displays a message instructing the user to press Win + R (opening the Windows Run dialog) and paste the copied content. If the victim follows the instructions, the payload is executed, granting the attacker control or executing malicious code on the target system.
- Custom Links: Create your own malicious payload links and make them appear legitimate using a flexible link builder.
- Templates: Choose from a list of pre-made, realistic-looking URLs (e.g., popular websites, social media pages, file-sharing links) to mask your payload.
- Link Masker: Apply the DEDSEC-style masking technique to cloak your real link behind a convincing front, increasing the chances of the victim clicking and following through.
- Clipboard Payload Injection: Automatically copies malicious commands to the victim’s clipboard through browser interaction.
- Run Dialog Exploit: The payload is crafted specifically to be executed via the Windows Run command, reducing detection by security tools.
- Tunnel Integration: Quickly expose your local page to the internet using built-in Cloudflare tunneling.
- Create Temporary Email Tempmail (Optional)
- Register a T.LY Account
- Create an API Token
* git clone https://github.com/0xbitx/DEDSEC_CLICKFIX.git
* cd DEDSEC_CLICKFIX
* sudo pip3 install requests tqdm tabulate
* sudo apt intall zip
* chmod +x dedsec-clickfix
* sudo ./dedsec-clickfix
- Kali Linux
- Parrot OS
- Ubuntu
If you find my work helpful and want to support me, consider making a donation. Your contribution will help me continue working on open-source projects.
Bitcoin Address: 36ALguYpTgFF3RztL4h2uFb3cRMzQALAcm