Skip to content

TechSky-Code/Camish

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
static/css
static/css
 
 
templates
templates
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
app.py
app.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Camish — Camera Phishing Simulation

⚠️ For educational and authorized security research only. This tool is designed for use in controlled lab environments, security awareness training, and academic demonstrations. Do not use against individuals or systems without explicit written consent.

What It Does

Camish is a red-team demonstration tool that shows how phishing pages can silently request camera access. It includes four realistic phishing templates (Zoom, Netflix, Instagram, Microsoft Teams) and a full attacker control panel to manage campaigns, capture photos, and record video from connected targets.

The goal is to teach students and professionals how these attacks work so they can recognize and defend against them.

Features

  • Campaign-based architecture — create named campaigns with custom URL slugs (e.g. /verify-now, /zoom-check)
  • Zero public routes — everything except active campaign links returns 404
  • Randomized panel URL — attacker panel URL changes on every restart
  • Four phishing templates — Zoom, Netflix, Instagram, Microsoft Teams
  • Auto camera request — camera permission dialog fires on page load, no interaction needed
  • Photo capture — silent screenshot from target's camera
  • Video recording — timed (custom seconds/minutes) or live stream mode
  • Per-campaign controls — capture/record per campaign or per individual target
  • Social preview (OG tags) — WhatsApp/Telegram link previews show realistic platform names
  • Persistent campaigns — survive server restarts via JSON
  • Attacker panel — real-time target grid, captures gallery, event log, downloadable session report

Requirements

  • Python 3.9+
  • pip

Installation

git clone https://github.com/TechSky-Code/camish.git
cd camish
python3 -m venv .venv
source .venv/bin/activate        # Windows: .venv\Scripts\activate
pip install -r requirements.txt
python app.py

The terminal will print your attacker panel URL on every start:

═══════════════════════════════════════════════════════════════════
           CAMISH — Campaign-Based Awareness Lab                  
              By TechSky - Security Research Team                 
═══════════════════════════════════════════════════════════════════
  🖥  ATTACKER PANEL (new URL every restart):                      
  http://192.168.1.10:5000/panel/<random-token>                   
═══════════════════════════════════════════════════════════════════
  🔑 Password : techsky2025                                        
═══════════════════════════════════════════════════════════════════

Change the default password before use — open app.py and update:

ATTACKER_PASSWORD = "your-strong-password"

Usage

Attacker Workflow

  1. Start the server — copy the panel URL from the terminal
  2. Open the panel in your browser and log in with the password
  3. Click + New Campaign — choose a template and set a custom URL slug
  4. Share the link with targets (via a public tunnel for internet, or LAN IP for local lab)
  5. Targets open the link → camera permission dialog fires immediately on page load
  6. Connected targets appear in the Targets tab in real time
  7. Click 📸 Photo to capture a still, or ⏺ Record to record video (timed or live)
  8. All captures appear in the Captures tab with view and download options

Sharing Over the Internet

Expose your local server using any tunnel or hosted server — for example:

# ngrok
ngrok http 5000

# cloudflared
cloudflared tunnel --url http://localhost:5000

Paste the public HTTPS URL into the Public URL field when creating a campaign. The shareable link and WhatsApp/social previews will use that address.

Project Structure

camish/
├── app.py                   # Flask + Socket.IO backend
├── requirements.txt
├── README.md
├── LICENSE
├── .gitignore
├── templates/
│   ├── target.html          # Phishing templates (Zoom, Netflix, Instagram, Teams)
│   ├── attacker.html        # Attacker control panel
│   └── attacker_login.html  # Panel login page
├── static/
│   └── css/
│       └── camish.css
└── uploads/
    ├── photos/              # Captured photos (gitignored — never committed)
    └── videos/              # Captured videos (gitignored — never committed)

Ethical Use

  • Only use in authorized environments — your own lab, classroom settings with informed participants, or pentest engagements where you have explicit written permission
  • Captured images and videos contain real biometric data — handle responsibly and delete after the session
  • This tool demonstrates real-world attack techniques — the same methods used by actual phishing campaigns in the wild

License

MIT License — see LICENSE

Built by TechSky - Security Research Team for educational purposes.

About

No description, website, or topics provided.

Resources

Readme

License

View license
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages