performing-initial-access-with-evilginx3

This script is a utility for extracting credentials and cookies from EvilGinx3 session capture files and exporting them in browser-compatible formats. It does not itself perform network exfiltration or run obfuscated/malicious system commands, but it explicitly processes and persists highly sensitive data (usernames, passwords, session cookies) which can be used to hijack accounts. Use of this code in a project or as a dependency carries significant risk because it facilitates credential theft and reuse; treat it as a high-risk utility and review intent and provenance before including or running it.

High-risk offensive security skill. Its purpose and capabilities are internally consistent, but that purpose is to run AiTM phishing, steal credentials/session cookies, bypass MFA, and hijack accounts; this makes it an exploit-oriented skill unsuitable for normal agent deployment.

This Markdown template is an operational playbook for running phishing campaigns with EvilGinx3. It explicitly guides attackers to collect credentials and session cookies, bypass MFA, export artifacts, and document post-authentication access. Although non-executable, it materially facilitates malicious activity and should be treated as high risk. If found in a repository or on a host, escalate to incident response, remove the document from public access, and audit related artifacts and infrastructure for compromise. If the file is claimed to be part of an authorized engagement, require written authorization and scope documentation before retention or use.

This document is an explicit, high-risk malicious playbook for AiTM phishing and session hijacking using EvilGinx3 and cookie import tools. It provides actionable steps to bypass MFA, import stolen session cookies, and establish persistence inside tenant accounts. Treat as malicious content: remove, investigate, and remediate any deployments or artifacts that implement these instructions.