RGSecurityTeam  /  v0.1  /  Camera Phishing Framework

EVIL-EYE

Silent Camera Capture Framework

A modern, modular camera phishing tool that silently captures high-quality images through the victim's webcam using social engineering templates and an encrypted tunnel.

Bash PHP Cloudflared Open Source Linux macOS
Get Started Learn More
SCROLL

01   Overview

What is Evil-Eye?

📷
Silent Camera Capture
Captures images from the target's front camera using the browser's getUserMedia API — without any visible indication to the victim.
🌐
Cloudflare Tunnel
Uses Cloudflared to instantly generate a public HTTPS link — no port forwarding, no static IP, works from any network.
🎭
Social Engineering Templates
Five convincing lure pages — YouTube Live, Birthday Wish, Secret Message, Fake Instagram, and AI Chatbot — to maximize link-open rates.
📍
IP & User-Agent Logging
Automatically logs the victim's IP address, browser user-agent, and timestamp the moment the link is opened.
🔧
Auto Dependency Install
Automatically detects and installs missing tools — PHP, jq, lolcat, curl, wget, and cloudflared — on first run.
🖥️
Cross-Distro Support
Tested on Kali Linux, Parrot OS, Ubuntu, and macOS. Detects OS and architecture automatically for correct binary selection.

02   Templates

Lure Templates

[ 01 ]
YouTube Live TV
[ 02 ]
Birthday Wish
[ 03 ]
Secret Message
[ 04 ]
Fake Instagram Followers
[ 05 ]
AI Chatbot

03   Installation

Getting Started

Dependency Purpose Status
phpBuilt-in web server to serve templatesRequired
php-cgiFallback CGI server (Parrot OS fix)Required
curlNetwork requests and health checksRequired
wgetDownloading cloudflared binaryRequired
jqJSON processing for secret message templateRequired
cloudflaredPublic HTTPS tunnel generationAuto-Downloaded
lolcatColorful terminal banner outputAuto-Installed
01

Clone the Repository

Download Evil-Eye from GitHub to your local machine.

git clone https://github.com/rgsecteam/evil-eye.git cd evil-eye
02

Install Dependencies

Install required packages. Evil-Eye will auto-install most on first run, but pre-installing is recommended.

sudo apt update sudo apt install -y php php-cgi curl wget jq # lolcat and cloudflared are auto-installed on first run
brew install php curl wget jq gem install lolcat
03

Make Executable & Run

Give execution permission and launch Evil-Eye.

chmod +x evel.sh bash evel.sh

04   Usage Guide

How to Use

Step-by-Step Workflow

  • Run bash evel.sh — tool checks internet, verifies all dependencies.
  • Select a template from the main menu (1–5).
  • Fill in any required input (e.g. victim name, YouTube URL, message file).
  • Select tunnel option — Cloudflared (public link) or Localhost.
  • Copy the generated Cloudflare link and send it to the target.
  • Terminal will show when the link is opened and images are received.
  • Captured images saved to captured_imgs/ folder.
  • Press Ctrl+C to terminate. Images auto-move to output folder.

Captured Data

  • captured_imgs/ — JPEG images from target's camera, named with timestamp.
  • captured_ip.txt — Target IP address and user-agent logged here.
  • Camera permission prompt appears on the target's browser — once accepted, capture begins silently every 1.5 seconds.
  • Images captured at full native camera resolution (up to 4K).
  • All data is stored locally — nothing sent to any third-party server.

Tunnel Options

  • Cloudflared — Generates a public trycloudflare.com link. Works from any network. Recommended.
  • Localhost — Runs on 127.0.0.1:9090 only. Useful for local testing on the same device or LAN.

Tips & Notes

  • Camera access requires HTTPS — Cloudflared provides this automatically.
  • On Parrot OS, ensure php-cgi is installed as a fallback server.
  • The link only works while the terminal session is active. Closing the terminal stops the server.

05   Legal

⚠ Disclaimer

Evil-Eye is developed strictly for educational purposes and authorized penetration testing only. This tool demonstrates how camera phishing attacks work so that security professionals and researchers can understand, detect, and defend against them.

Using this tool against any individual or system without explicit written permission is illegal and unethical.
The developers and contributors of Evil-Eye are not responsible for any misuse, damage, or legal consequences arising from the use of this tool.
Unauthorized interception of camera feeds may violate computer crime laws, privacy laws, and surveillance regulations in your jurisdiction.
This tool must only be used in controlled lab environments or with targets who have provided informed consent in writing.
By using Evil-Eye, you agree that you are solely responsible for your actions and confirm that you have the legal authority to perform any tests.

This software is provided "as-is" with no warranty. RGSecurityTeam is not liable for any damages or legal issues resulting from misuse.