Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/securestate/king-phisher
Phishing Campaign Toolkit
https://github.com/securestate/king-phisher
king-phisher phishing python security
Last synced: about 1 month ago
JSON representation
Phishing Campaign Toolkit
- Host: GitHub
- URL: https://github.com/securestate/king-phisher
- Owner: rsmusllp
- License: bsd-3-clause
- Created: 2014-01-02T20:00:55.000Z (over 10 years ago)
- Default Branch: master
- Last Pushed: 2023-08-01T23:01:41.000Z (11 months ago)
- Last Synced: 2024-05-18T22:07:40.184Z (about 1 month ago)
- Topics: king-phisher, phishing, python, security
- Language: Python
- Homepage:
- Size: 6.8 MB
- Stars: 2,153
- Watchers: 137
- Forks: 528
- Open Issues: 27
-
Metadata Files:
- Readme: README.md
- Contributing: .github/CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Lists
- awesome-pentest - King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. (Tools / Social Engineering Tools)
- awesome-python-applications - Repo - phisher.readthedocs.io/)) Server-based [phishing](https://en.wikipedia.org/wiki/Phishing) campaign toolkit, used to simulate real-world phishing attacks, with GTK-powered client application. `(linux, windows, server)` (<a id="tag-dev" href="#tag-dev">Dev</a> / <a id="tag-dev.security" href="#tag-dev.security">Security</a>)
- awesome-pentest-listas - King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. (Tools / Social Engineering Tools)
- awesome-selfhosted - King Phisher - King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. `BSD-3-Clause` `Python` (Misc/Other / Video Streaming)
- awesome-selfhosted123 - King Phisher - King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. `BSD-3-Clause` `Python` (Misc/Other / Video Streaming)
- awesome-selfhosted - King Phisher - King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. `BSD-3-Clause` `Python` (Misc/Other / Video Streaming)
- awesome-pentest - King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. (Social Engineering Tools / Penetration Testing Report Templates)
- awesome-cybersecurity-blueteam - King Phisher - Tool for testing and promoting user awareness by simulating real world phishing attacks. (Phishing awareness and reporting / Firewall appliances or distributions)
- awesome-selfhosted-cn - King Phisher - King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. `BSD` `Python` (杂项/其它 / 视频流)
- awesome-pentest - King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. (Tools / Social Engineering Tools)
- paralax-awesome-pentest - King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. (Tools / Social Engineering Tools)
- awesome-blueteam - King Phisher - Tool for testing and promoting user awareness by simulating real world phishing attacks. (Phishing awareness and reporting / Firewall appliances or distributions)
- awesome-cyber-security - **994**星
- awesome-cyber-security - **1019**星
- awesome-pentest-resource - King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. (Social Engineering / Social Engineering Tools)
- awesome-pentest - King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. (Social Engineering / Social Engineering Tools)
- awesome-pentest - King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. (Social Engineering / Social Engineering Tools)
- awesome-phishing - King Phisher
- awesome-cybersecurity-blueteam-cn - King Phisher - 通过模拟真实的网络钓鱼攻击来测试和提高用户意识的工具 (网络外围防御 / 网络钓鱼意识和报告)
- awesome-cybersecurity-blueteam - King Phisher - Tool for testing and promoting user awareness by simulating real world phishing attacks. (Phishing awareness and reporting / Firewall appliances or distributions)
- awesome-pentest - King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. (Social Engineering / Social Engineering Tools)
- awesome-python-application - Repo - phisher.readthedocs.io/)) Server-based [phishing](https://en.wikipedia.org/wiki/Phishing) campaign toolkit, used to simulate real-world phishing attacks, with GTK-powered client application. `(linux, windows, server)` (<a id="tag-dev" href="#tag-dev">Dev</a> / <a id="tag-dev.security" href="#tag-dev.security">Security</a>)
- awesome-penetest - King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. (Social Engineering / Social Engineering Tools)
- awesome-stars - king-phisher - Phishing Campaign Toolkit (Python)
- awesome-python-applications - Repo - phisher.readthedocs.io/)) Server-based [phishing](https://en.wikipedia.org/wiki/Phishing) campaign toolkit, used to simulate real-world phishing attacks, with GTK-powered client application. `(linux, windows, server)` (<a id="tag-dev" href="#tag-dev">Dev</a> / <a id="tag-dev.security" href="#tag-dev.security">Security</a>)
- awesome-pentest - King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. (Social Engineering / Social Engineering Tools)
- awesome-selfhosted - King Phisher - King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. `BSD-3-Clause` `Python` (Misc/Other / Video Streaming)
- awesome-phishing - King Phisher
- awesome-pentest - King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. (Social Engineering Tools / Penetration Testing Report Templates)
- awesome-pentest - King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. (Tools / Social Engineering Tools)
- awesome-pentest - King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. (Tools / Social Engineering Tools)
- awesome-selfhosted - King Phisher - King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. `BSD-3-Clause` `Python` (Misc/Other / Video Streaming)
- venom - `King Phisher` - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. (Social Engineering / Penetration Testing Report Templates)
- fucking-awesome-pentest - King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. (Social Engineering / Social Engineering Tools)
- awesome-pentest - King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content. (Social Engineering / Social Engineering Tools)
README
# King Phisher [![Documentation Status][doc-status]][doc-link] [![GitHub Issues][issue-status]][issue-link] [![GitHub Downloads][downloads-status]][downloads-link] [![Slack Status][slack-status]][slack-link]
*Phishing Campaign Toolkit*
# King Phishger is no longer being maintained.
## Installation
For instructions on how to install, please see the
[INSTALL.md](https://github.com/securestate/king-phisher/blob/master/INSTALL.md)
file. After installing, for instructions on how to get started please see the
[wiki](https://github.com/securestate/king-phisher/wiki).
## Overview
King Phisher is a tool for testing and promoting user awareness by simulating
real world phishing attacks. It features an easy to use, yet very flexible
architecture allowing full control over both emails and server content.
King Phisher can be used to run campaigns ranging from simple awareness
training to more complicated scenarios in which user aware content is served
for harvesting credentials.
King Phisher is only to be used for legal applications when the explicit
permission of the targeted organization has been obtained.
Get the latest stable version from the
[GitHub Releases Page](https://github.com/securestate/king-phisher/releases) or
use git to checkout the project from source.
## Feature Overview
* Run multiple phishing campaigns simultaneously
* Send email with embedded images for a more legitimate appearance
* Optional Two-Factor authentication
* Credential harvesting from landing pages
* SMS alerts regarding campaign status
* Web page cloning capabilities
* Integrated Sender Policy Framework (SPF) checks
* Geo location of phishing visitors
* Send email with calendar invitations
## Plugins
Both the client and server can be extended with functionality provided by
plugins. A small number of plugins are packaged with King Phisher and
additional ones are available in the [Plugins repository](https://github.com/securestate/king-phisher-plugins).
## Template Files
Template files for both messages and server pages can be found in the separate
King Phisher [Templates repository](https://github.com/securestate/king-phisher-templates).
Any contributions regarding templates should also be submitted via a pull
request to the templates repository.
## Documentation
Documentation for users of the application is provided on the project's
[wiki page](https://github.com/securestate/king-phisher/wiki). This includes
steps to help new users get started with their first campaigns. Additional
technical documentation intended for developers is kept separate as outlined
in section below.
### Code Documentation
King Phisher uses Sphinx for internal technical documentation. This
documentation can be generated from source with the command
```sphinx-build -b html docs/source docs/html```. The latest documentation is
kindly hosted on [ReadTheDocs](https://readthedocs.org/) at
[king-phisher.readthedocs.io][doc-link].
### Message Template Variables
The client message templates are formatted using the Jinja2 templating engine
and support a number of variables. These are included here as a reference, check
the templates [wiki page](https://github.com/securestate/king-phisher/wiki/Templates)
for comprehensive documentation.
Variable Name | Variable Value
---------------------------|---------------
client.company\_name | The target's company name
client.email\_address | The target's email address
client.first\_name | The target's first name
client.last\_name | The target's last name
client.message\_id | The unique tracking identifier (this is the same as uid)
sender.email | The email address in the "Source Email (MIME)" field
sender.friendly\_alias | The value of the "Friendly Alias" field
sender.reply\_to | The value of the "Reply To" field
url.tracking\_dot | URL of an image used for message tracking
url.webserver | Phishing server URL with the uid parameter
url.webserver\_raw | Phishing server URL without any parameters
tracking\_dot\_image\_tag | The tracking image in a preformatted ```![]()
``` tag
uid | The unique tracking identifier (this is the same as client.message_id)
The uid is the most important, and must be present in links that the messages
contain.
## License
King Phisher is released under the BSD 3-clause license, for more details see
the [LICENSE](https://github.com/securestate/king-phisher/blob/master/LICENSE) file.
## Credits
Special Thanks (QA / Beta Testing):
- Jake Garlie - jagar
- Jeremy Schoeneman - Shad0wman
- Bryan Sfara
- Ken Smith - p4tchw0rk
- Brianna Whittaker
King Phisher Development Team:
- Erik Daguerre - wolfthefallen ([@wolf_thefallen](https://twitter.com/wolf_thefallen))
- Brandan Geise - coldfusion ([@coldfusion39](https://twitter.com/coldfusion39))
- Jeff McCutchan - jamcut ([@jamcut](https://twitter.com/jamcut))
- Spencer McIntyre - zeroSteiner ([@zeroSteiner](https://twitter.com/zeroSteiner))
[doc-link]: http://king-phisher.readthedocs.io/en/latest
[doc-status]: https://readthedocs.org/projects/king-phisher/badge/?version=latest
[downloads-link]: https://github.com/securestate/king-phisher/releases
[downloads-status]: https://img.shields.io/github/downloads/securestate/king-phisher/total.svg
[issue-link]: https://github.com/securestate/king-phisher/issues
[issue-status]: http://img.shields.io/github/issues/securestate/king-phisher.svg
[slack-link]: https://king-phisher-slackin.herokuapp.com/
[slack-status]: https://img.shields.io/badge/slack-join-brightgreen.svg