Plugins to extend the King Phisher Phishing Campaign Toolkit. For more information regarding King Phisher, see the project's wiki page.
| Name | Description |
|---|---|
| Blink(1) Notifications | A plugin which will flash a Blink(1) peripheral based on campaign events such as when a new visit is received or new credentials have been submitted. |
| Clockwork SMS | Send SMS messages using the Clockwork SMS API's email gateway. While enabled, this plugin will automatically update phone numbers into email addresses for sending using the service. |
| DMARC Check | This plugin adds another safety check to the message precheck routines to verify that if DMARC exists the message will not be quarentined or rejected. If no DMARC policy is present, the policy is set to none or the percentage is set to 0, the message sending operation will proceed. |
| Domain Validator | Checks to see if a domain can be resolved. Good for email spoofing and bypassing some spam filters. |
| File Logging | Write the client's logs to a file in the users data directory. Additionally if an unhandled exception occurs, the details will be written to a dedicated directory. |
| Hello World! | A 'hello world' plugin to serve as a basic template and demonstration. This plugin will display a message box when King Phisher exits. |
| Save KPM On Exit | Prompt to save the message data as a KPM file when King Phisher exits. |
| Upload KPM | Saves a KPM file to the King Phisher server when sending messages. The user must have write permissions to the specified directories. Both the "Local Directory" and "Remote Directory" options can use the variables that are available for use in message templates. |
| Office 2007+ Document Metadata Remover | Remove metadata from Microsoft Office 2007+ file types. These files types generally use the extension docx, pptx, xlsx etc. If the attachment file is not an Office 2007+ file, this plugin does not modify it or block the sending operation. |
| Generate PDF | Generates a PDF file with a link which includes the campaign URL with the individual message_id required to track individual visits to a website. Visit https://github.com/y4utj4/pdf_generator for example template files to use with this plugin. |
| Phishery DOCX URL Injector | Use Phishery to inject Word Document Template URLs into DOCX files. This can be used in conjunction with a server page that requires Basic Authentication to collect Windows credentials. Note that for HTTPS URLs, the King Phisher server needs to be configured with a proper, trusted SSL certificate for the user to be presented with the basic authentication prompt. Phishery homepage: https://github.com/ryhanson/phishery |
| SFTP Client | Secure File Transfer Protocol Client that can be used to upload, download, create, and delete local and remote files on the King Phisher Server. The editor allows you edit files on remote or local system. It is primarily designed for the use of editing remote web pages on the King Phisher Server. |
| Spell Check | Add spell check capabilities to the message editor. This requires GtkSpell to be available with the correct Python GObject Introspection bindings. On Ubuntu and Debian based systems, this is provided by the 'gir1.2-gtkspell3-3.0' package. After being loaded, the language can be changed from the default of en_US via the context menu (available when right clicking in the text view). |
| TOTP Self Enrollment | This plugin allows users to manage the two factor authentication settings on their account. This includes setting a new and removing an existing TOTP secret. The two factor authentication used by King Phisher is compatible with free mobile applications such as Google Authenticator. |
| URI Spoof Generator | Exports a redirect page which allows URI spoofing in the address bar of the target's browser |
| Name | Description |
|---|---|
| Hello World! | A 'hello world' plugin to serve as a basic template and demonstration. This plugin will log simple messages to show that it is functioning. |
| IFTTT Campaign Success Notification | A plugin that will publish an event to a specified IFTTT Maker channel when a campaign has been deemed 'successful'. |
| Pushbullet Notifications | A plugin that uses Pushbullet's API to send push notifications on new website visits and submitted credentials. |
| XMPP Notifications | A plugin which pushes notifications regarding the King Phisher server to a specified XMPP server. |
Client plugins can be placed in the $HOME/.config/king-phisher/plugins
directory, then loaded and enabled with the plugin manager.
Server plugins can be placed in the data/server/king_phisher/plugins
directory of the King Phisher installation. Additional search paths can be
defined using plugin_directories in the server's configuration file. After
being copied into the necessary directory, the server's configuration file
needs to be updated to enable the plugin.
King Phisher Plugins are released under the BSD 3-clause license, for more details see the LICENSE file.