Skip to content

r0ug3/king-phisher

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

808 Commits

data

data

 
 

docs

docs

 
 

king_phisher

king_phisher

 
 

tests

tests

 
 

tools

tools

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

INSTALL.md

INSTALL.md

 
 

KingPhisher

KingPhisher

 
 

KingPhisherSMTPD

KingPhisherSMTPD

 
 

KingPhisherServer

KingPhisherServer

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

alt text

King Phisher

Phishing Campaign Toolkit

Build Status Documentation Status Github Issues

King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.

King Phisher is only to be used for legal applications when the explicit permission of the targeted organization has been obtained.

Get the latest stable version from the GitHub Releases Page or use git to checkout the project from source.

For instructions on how to install, please see the INSTALL.md file. After installing, for instructions on how to get started please see the wiki.

alt text

License

King Phisher is released under the BSD 3-clause license, for more details see the LICENSE file.

Credits

Special Thanks (QA / Beta Testing):

  • Jake Garlie - jagar

  • Ken Smith - p4tchw0rk

  • Brianna Whittaker

King Phisher Development Team:

Code Documentation

King Phisher uses Sphinx for internal code documentation. This documentation can be generated from source with the command sphinx-build docs/source docs/html. The latest documentation is kindly hosted on ReadTheDocs at king-phisher.readthedocs.org.

Client Configuration

The client configuration file is encoded in JSON and most options are configurable through the GUI interface.

The following options will be honored but are not configurable through the GUI:

  • gui.refresh_frequency (Default: 5 minutes)
  • mailer.max_messages_per_connection (Default: 5)
  • rpc.serializer (Default: Automatically determined)
  • ssh_preferred_key (Default: N/A)

Message Template Variables

The client message templates are formatted using the Jinja2 templating engine and support a number of variables. These are included here as a reference, check the templates wiki page for comprehensive documentation.

Variable Name Variable Value
client.company_name The target's company name
client.email_address The target's email address
client.first_name The target's first name
client.last_name The target's last name
client.message_id The unique tracking identifier (this is the same as uid)
url.tracking_dot URL of an image used for message tracking
url.webserver Phishing server URL with the uid parameter
url.webserver_raw Phishing server URL without any parameters
tracking_dot_image_tag The tracking image in a preformatted <img /> tag
uid The unique tracking identifier (this is the same as client.message_id)

The uid is the most important, and must be present in links that the messages contain.

About

Phishing Campaign Toolkit

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

10 tags

Packages

No packages published

Languages

  • Python 97.2%
  • Ruby 1.2%
  • HTML 1.2%
  • Other 0.4%