King Phisher – Phishing Campaign Toolkit

King Phisher, a tool for testing and promoting user awareness by simulating real world phishing attacks. It is easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials. It is only to be used for legal applications when the explicit permission of the targeted organization has been obtained.

For more information regarding King Phisher please visit GitHub Releases Page or use git to checkout the project from source. For instructions on how to install, please see the install.md file. After installing, for instructions on how to get started please see the wiki.

 

Features

  • Run multiple phishing campaigns simultaneously
  • Send email with embedded images for a more legitimate appearance
  • Optional Two-Factor authentication
  • Credential harvesting from landing pages
  • SMS alerts regarding campaign status
  • Web page cloning capabilities
  • Integrated Sender Policy Framework (SPF) checks
  • Geo location of phishing visitors
  • Send email with calendar invitations

 

Plugins

Both the client and server can be extended with functionality provided by plugins. A small number of plugins are packaged with King Phisher and additional ones are available in the Plugins repository .

Template Files

Template files for both messages and server pages can be found in the separate King Phisher Templates repository . Any contributions regarding templates should also be submitted via a pull request to the templates repository.

Message Template Variables

The uid is the most important, and must be present in links that the messages contain.

 

King Phisher

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients