King Phisher is a tool for testing and promoting awareness by simulating real world phishing attacks

Create a Phishing Campaign With King Phisher Toolkit

It's only fair to share...Digg thisShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInFlattr the authorShare on TumblrShare on VKShare on YummlyShare on RedditShare on StumbleUpon

Create a Phishing Campaign With King Phisher Toolkit

 

Phishing Campaign Toolkit

king-phisher

Create a Phishing Campaign With King Phisher Toolkit. Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. The word is a neologism created as a homophone of fishing due to the similarity of using a bait in an attempt to catch a victim. According to the 2013 Microsoft Computing Safety Index, released in February 2014, the annual worldwide impact of phishing could be as high as US$5 billion.

Phishing is typically carried out by email spoofingor instant messaging, and it often directs users to enter personal information at a fake website, the look and feel of which are almost identical to the legitimate one. Communications purporting to be from social web sites, auction sites, banks, online payment processors or IT administrators are often used to lure victims. Phishing emails may contain links to websites that are infected with malware. Create a Phishing Campaign With King Phisher Toolkit.

Installation

For instructions on how to install, please see the INSTALL.md file. After installing, for instructions on how to get started please see the wiki.

Overview

King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.

ALSO READ  Set up your own web application pentesting lab

King Phisher is only to be used for legal applications when the explicit permission of the targeted organization has been obtained.

Get the latest stable version from the GitHub Releases Page or use git to checkout the project from source.

Feature Overview

  • Run multiple phishing campaigns simultaneously
  • Send email with embedded images for a more legitimate appearance
  • Optional Two-Factor authentication
  • Credential harvesting from landing pages
  • SMS alerts regarding campaign status
  • Web page cloning capabilities
  • Integrated Sender Policy Framework (SPF) checks
  • Geo location of phishing visitors
  • Send email with calendar invitations

Plugins

Both the client and server can be extended with functionality provided by plugins. A small number of plugins are packaged with King Phisher and additional ones are available in thePlugins repository. Create a Phishing Campaign With King Phisher Toolkit.

Template Files

Template files for both messages and server pages can be found in the separate King PhisherTemplates repository. Any contributions regarding templates should also be submitted via a pull request to the templates repository.

Documentation

Documentation for users of the application is provided on the project’s wiki page. This includes steps to help new users get started with their first campaigns. Additional technical documentation intended for developers is kept seperate as outlined in section below.

Code Documentation

King Phisher uses Sphinx for internal technical documentation. This documentation can be generated from source with the command sphinx-build -b html docs/source docs/html. The latest documentation is kindly hosted on ReadTheDocs at king-phisher.readthedocs.io.

Message Template Variables

The client message templates are formatted using the Jinja2 templating engine and support a number of variables. These are included here as a reference, check the templates wiki page for comprehensive documentation. Create a Phishing Campaign With King Phisher Toolkit.

ALSO READ  How-To ARP Poisoning With Kali Linux
Variable Name Variable Value
client.company_name The target’s company name
client.email_address The target’s email address
client.first_name The target’s first name
client.last_name The target’s last name
client.message_id The unique tracking identifier (this is the same as uid)
sender.email The email address in the “Source Email (MIME)” field
sender.friendly_alias The value of the “Friendly Alias” field
sender.reply_to The value of the “Reply To” field
url.tracking_dot URL of an image used for message tracking
url.webserver Phishing server URL with the uid parameter
url.webserver_raw Phishing server URL without any parameters
tracking_dot_image_tag The tracking image in a preformatted <img /> tag
uid The unique tracking identifier (this is the same as client.message_id)

The uid is the most important, and must be present in links that the messages contain.

License

King Phisher is released under the BSD 3-clause license, for more details see the LICENSEfile.

Credits

Special Thanks (QA / Beta Testing):

  • Jake Garlie – jagar
  • Jeremy Schoeneman – Shad0wman
  • Ken Smith – p4tchw0rk
  • Brianna Whittaker

King Phisher Development Team:

CREDITS: securestate
DOWNLOAD KING PHISHER

It's only fair to share...Digg thisShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInFlattr the authorShare on TumblrShare on VKShare on YummlyShare on RedditShare on StumbleUpon