Grab cam shots from target's phone front camera or PC webcam just sending a link.
CamPhish is techniques to take cam shots of target's phone front camera or PC webcam. CamPhish Hosts a fake website on in built PHP server and uses serveo.net & localhost.run Tunnel to generate a link which we will forward to the target, which can be used on over internet. website asks for camera permission and if the target allows it, this tool grab camshots of target's device
A GPS location capture feature has been added.
In this tool I added two automatic webpage templates for engaged target on webpage to get more picture of cam
- Festival Wishing
- Live YouTube TV
- Online Meeting [Beta]
- GPS Location Tracking
A cleanup script has been added to remove all unnecessary files and logs.
Grab cam shots from a target's phone front camera or PC webcam by sending a link.
Original author: TechChip — https://techchip.net/ Original repo: https://github.com/techchipnet/CamPhish
Modified by: Uzair Developer (this branch)
IMPORTANT: This project is a security-research / penetration-testing proof-of-concept. Only use it on systems and users for which you have explicit permission. Unauthorized use is illegal.(Fuck this)
- Added an Islamic-themed festival template:
festivalwishes_islamic.html(visual/UI only; functionality matches the Indian template). - When choosing the Festival Wishing template the script now asks for a style (Indian or Islamic).
- Fixed
index2.htmlgeneration sofes_nameis replaced correctly in the processed page and inindex.html. - Festival names (entered at prompt) now preserve internal spaces and are escaped safely before sed replacements.
- Removed CloudFlare/ngrok usage from this branch and added easier tunnels using Serveo and localhost.run (see
camphish.sh). - Added a Windows-run guard: running the script in native Windows/Git Bash/Cygwin will increment
times-opened.txtand print a rotating teasing message, then exit.
- Festival Wishing templates (Indian and Islamic)
- Live YouTube TV template
- Online Meeting template (beta)
- GPS Location Tracking and Google Maps integration
- Periodic webcam snapshot capture + upload to
post.phpon the forwarding host - Automatic template processing with dynamic forwarding link insertion
camphish.sh— main script (now asks for festival style; escapes festival names; supports Serveo & localhost.run; Windows guard; version header updated)festivalwishes.html— Indian festival template (placeholders:fes_name,forwarding_link)festivalwishes_islamic.html— Islamic festival template (same placeholders)template.php— generic landing page used to createindex.phpcleanup.sh— helper to remove logs and saved captures
- Kali Linux
- Termux
- macOS
- Ubuntu
- Parrot Sec OS
- Windows (WSL) — note: running the script in native Windows/Git Bash/Cygwin will trigger the Windows guard and exit by design
Requirements: PHP and ssh installed on the machine that runs the script.
Install on Debian/Ubuntu derivatives:
sudo apt-get update && sudo apt-get -y install php ssh wget unzipQuick start:
git clone https://github.com/uzairdeveloper223/CamPhish
cd CamPhish
chmod +x *
bash camphish.shFollow interactive prompts: choose a template, enter festival name (multi-word allowed), choose style, and pick a tunnel (Serveo or localhost.run).
If the link generation for localhost.run fails, try running the commands below:
sh-keygen -t rsa -b 4096This will create a new SSH key pair in the default location (~/.ssh/id_rsa and ~/.ssh/id_rsa.pub) and if it fails for serveo then try running bash camphish.sh again.
- After a successful tunnel the script generates
index2.html(processed template) andindex.html(copied fromindex2.html). - Open
index.htmlin a browser (or visit the tunnel URL). Allow camera/location when prompted. - The page posts captured images to
forwarding_link/post.phpon the forwarding host — ensure that endpoint exists and saves incoming posts.
To test Windows-guard behavior locally on Linux:
env OS=Windows_NT bash ./camphish.shEach run will increment times-opened.txt and print a teasing message.
The script camphish.sh banner has been updated to show:
- Original: TechChip (https://techchip.net)
- Modified by: Uzair Developer
- Version: V2.1
- Sed-based substitutions attempt to escape common special characters (
/and&). For fully arbitrary input (newlines, exotic characters), consider stronger templating (Perl, here-docs, or a small templating utility). - This repository is provided for education and defensive research. The author and modifier are not responsible for misuse.
This Project is licensed under the GNU GENERAL PUBLIC LICENSE. This project and assets by TechChip — https://techchip.net/ Original repository: https://github.com/techchipnet/CamPhish
Modified by: Uzair Developer Github
thanks to the original authors.