Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/rsmusllp/king-phisher
Phishing Campaign Toolkit
https://github.com/rsmusllp/king-phisher
king-phisher phishing python security
Last synced: about 5 hours ago
JSON representation
Phishing Campaign Toolkit
- Host: GitHub
- URL: https://github.com/rsmusllp/king-phisher
- Owner: rsmusllp
- License: bsd-3-clause
- Created: 2014-01-02T20:00:55.000Z (almost 11 years ago)
- Default Branch: master
- Last Pushed: 2024-07-26T17:57:16.000Z (5 months ago)
- Last Synced: 2024-11-27T23:02:40.770Z (14 days ago)
- Topics: king-phisher, phishing, python, security
- Language: Python
- Homepage:
- Size: 6.8 MB
- Stars: 2,278
- Watchers: 138
- Forks: 542
- Open Issues: 28
-
Metadata Files:
- Readme: README.md
- Contributing: .github/CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
- awesome-python-applications - Repo - phisher.readthedocs.io/)) Server-based [phishing](https://en.wikipedia.org/wiki/Phishing) campaign toolkit, used to simulate real-world phishing attacks, with GTK-powered client application. `(linux, windows, server)` (<a id="tag-dev" href="#tag-dev">Dev</a> / <a id="tag-dev.security" href="#tag-dev.security">Security</a>)
- awesome-starz - rsmusllp/king-phisher - Phishing Campaign Toolkit (Python)
- Python-Security-Tool-Database - King Phisher - May look reduntant since the SET has a set of modules for phishing, but worry not this is definitely meant to be here. SET has a broad set of tooling in it, but King Phisher focuses on one thing and it does it really well. SMS alerts, MFA bypass, detailed email building, and a lot more are cooked into this tool. (Synopsis / Table of Contents)
- awesome-homelab - King Phisher - phisher?style=flat) ![King Phisher](https://img.shields.io/github/languages/top/rsmusllp/king-phisher?style=flat) | Phishing Campaign Toolkit | (Apps / X)
README
![alt text](https://github.com/securestate/king-phisher/raw/master/data/king-phisher-logo.png "King Phisher")
# King Phisher [![Documentation Status][doc-status]][doc-link] [![GitHub Issues][issue-status]][issue-link] [![GitHub Downloads][downloads-status]][downloads-link] [![Slack Status][slack-status]][slack-link]
*Phishing Campaign Toolkit*![alt text](https://raw.githubusercontent.com/securestate/king-phisher/screenshots/dashboard.png "Campaign Dashboard")
# King Phishger is no longer being maintained.
## Installation
For instructions on how to install, please see the
[INSTALL.md](https://github.com/securestate/king-phisher/blob/master/INSTALL.md)
file. After installing, for instructions on how to get started please see the
[wiki](https://github.com/securestate/king-phisher/wiki).## Overview
King Phisher is a tool for testing and promoting user awareness by simulating
real world phishing attacks. It features an easy to use, yet very flexible
architecture allowing full control over both emails and server content.
King Phisher can be used to run campaigns ranging from simple awareness
training to more complicated scenarios in which user aware content is served
for harvesting credentials.King Phisher is only to be used for legal applications when the explicit
permission of the targeted organization has been obtained.Get the latest stable version from the
[GitHub Releases Page](https://github.com/securestate/king-phisher/releases) or
use git to checkout the project from source.## Feature Overview
* Run multiple phishing campaigns simultaneously
* Send email with embedded images for a more legitimate appearance
* Optional Two-Factor authentication
* Credential harvesting from landing pages
* SMS alerts regarding campaign status
* Web page cloning capabilities
* Integrated Sender Policy Framework (SPF) checks
* Geo location of phishing visitors
* Send email with calendar invitations## Plugins
Both the client and server can be extended with functionality provided by
plugins. A small number of plugins are packaged with King Phisher and
additional ones are available in the [Plugins repository](https://github.com/securestate/king-phisher-plugins).## Template Files
Template files for both messages and server pages can be found in the separate
King Phisher [Templates repository](https://github.com/securestate/king-phisher-templates).
Any contributions regarding templates should also be submitted via a pull
request to the templates repository.## Documentation
Documentation for users of the application is provided on the project's
[wiki page](https://github.com/securestate/king-phisher/wiki). This includes
steps to help new users get started with their first campaigns. Additional
technical documentation intended for developers is kept separate as outlined
in section below.### Code Documentation
King Phisher uses Sphinx for internal technical documentation. This
documentation can be generated from source with the command
```sphinx-build -b html docs/source docs/html```. The latest documentation is
kindly hosted on [ReadTheDocs](https://readthedocs.org/) at
[king-phisher.readthedocs.io][doc-link].### Message Template Variables
The client message templates are formatted using the Jinja2 templating engine
and support a number of variables. These are included here as a reference, check
the templates [wiki page](https://github.com/securestate/king-phisher/wiki/Templates)
for comprehensive documentation.Variable Name | Variable Value
---------------------------|---------------
client.company\_name | The target's company name
client.email\_address | The target's email address
client.first\_name | The target's first name
client.last\_name | The target's last name
client.message\_id | The unique tracking identifier (this is the same as uid)
sender.email | The email address in the "Source Email (MIME)" field
sender.friendly\_alias | The value of the "Friendly Alias" field
sender.reply\_to | The value of the "Reply To" field
url.tracking\_dot | URL of an image used for message tracking
url.webserver | Phishing server URL with the uid parameter
url.webserver\_raw | Phishing server URL without any parameters
tracking\_dot\_image\_tag | The tracking image in a preformatted `````` tag
uid | The unique tracking identifier (this is the same as client.message_id)The uid is the most important, and must be present in links that the messages
contain.## License
King Phisher is released under the BSD 3-clause license, for more details see
the [LICENSE](https://github.com/securestate/king-phisher/blob/master/LICENSE) file.## Credits
Special Thanks (QA / Beta Testing):- Jake Garlie - jagar
- Jeremy Schoeneman - Shad0wman
- Bryan Sfara
- Ken Smith - p4tchw0rk
- Brianna WhittakerKing Phisher Development Team:
- Erik Daguerre - wolfthefallen ([@wolf_thefallen](https://twitter.com/wolf_thefallen))
- Brandan Geise - coldfusion ([@coldfusion39](https://twitter.com/coldfusion39))
- Jeff McCutchan - jamcut ([@jamcut](https://twitter.com/jamcut))
- Spencer McIntyre - zeroSteiner ([@zeroSteiner](https://twitter.com/zeroSteiner))[doc-link]: http://king-phisher.readthedocs.io/en/latest
[doc-status]: https://readthedocs.org/projects/king-phisher/badge/?version=latest
[downloads-link]: https://github.com/securestate/king-phisher/releases
[downloads-status]: https://img.shields.io/github/downloads/securestate/king-phisher/total.svg
[issue-link]: https://github.com/securestate/king-phisher/issues
[issue-status]: http://img.shields.io/github/issues/securestate/king-phisher.svg
[slack-link]: https://king-phisher-slackin.herokuapp.com/
[slack-status]: https://img.shields.io/badge/slack-join-brightgreen.svg