Generic captive-portal and login-style pages for educational use only — e.g. security awareness workshops, phishing demos, and training.
For educational use only. Do not use these pages to collect credentials or data outside of controlled, consented training environments.
I am not the original author of all of these Some I made, some I have collected. Please let me know if you created one of these and want it removed or attributed. I will happily take it down or tag you.
Thanks
Static HTML pages that look like common login or "sign in to get internet" screens. Each form submits credentials (or other fields) to a POST /sendJSON endpoint as JSON so you can hook them to your own backend for workshops.
| File | Description |
|---|---|
amaindex.html |
Generic login with "Remember me" |
angry_coffee.html |
Coffee shop WiFi login (dark theme) |
coffee.html |
Coffee shop / generic WiFi login |
db.html |
DB WLANPortal — German railway guest WiFi |
fb.html |
Facebook-style login |
google.html |
Google-style sign-in |
hotel.html |
Hotel guest WiFi (room + guest name) |
IG.html |
Instagram-style login |
link.html |
Multi-step Google-style + 2FA flow |
link_2.html |
Public WiFi style (e.g. Google/Apple SSO) |
linkedin.html |
LinkedIn-style sign-in |
ms.html |
Microsoft-style sign-in |
router_update.html |
Router firmware update (Wi‑Fi password) |
vpn.html |
Corporate VPN / work account sign-in |
Xfinity-Tmobile.html |
Xfinity WiFi by T-Mobile (email/password) |
- POC / education only. The only portal in this repo that includes scripts, download prompts, or shell-style behavior — a proof-of-concept to demonstrate additional attack surface, not a generic login clone.
- What it is: A single-file captive-portal clone that looks like “The Coffee House” complimentary WiFi login (dark theme, gold accent, “Sign in with Google” style form). It is intended for security awareness to show how a fake WiFi page can both harvest credentials and deliver a follow-up payload.
- How it works:
- Credentials: The form submits email and password via
POST /sendJSONas JSON (username,password,source: "angry_coffee",timestamp), same as the other portals. - Config: At the top of the inline script,
ATTACK_BOX_IPandATTACK_BOX_PORT(default192.168.1.100:4444) define where the optional payload connects. Set these to your listener before use. - After a successful submit: The page builds an HTA (HTML Application) that contains VBScript launching a hidden PowerShell reverse shell to that IP:port, triggers a download of it as
WiFi_Connect.hta, and opens a popup instructing the user to “Open” or “Run” the file to “complete WiFi setup.” In a real training scenario, participants would see how one click after “logging in” can lead to code execution (e.g. on a Windows VM).
- Credentials: The form submits email and password via
- Use only in controlled, consented environments with proper authorization.
Serve the folder with any static HTTP server. Example with Python:
python3 -m http.server 8000Then open e.g. http://localhost:8000/coffee.html (or any other .html file).
The pages do not implement /sendJSON. You need a server that:
- Accepts
POST /sendJSON - Reads
Content-Type: application/jsonbody - Handles the JSON payload (e.g.
username,pwd,source,timestampand any page-specific fields)
Without that backend, form submits will fail in the browser (e.g. 404); the pages still load and display correctly for demos.
- Coffee: @iamnotaskid
Question loudly so others can learn quietly.
Don't Be A Skid
-Zero
MIT. See LICENSE.
For educational use only. Seriously I do not support or endorse inapropriate usage of this content. You are responsible for your actions. No warranty. Provided as is.