Page tree
Skip to end of metadata
Go to start of metadata

https://sourceforge.net/projects/king-phisher.mirror/

https://github.com/securestate/king-phisher

https://github.com/securestate/king-phisher-plugins

 

 

King Phisher is an open source tool that can simulate real world phishing attacks. It has an easy-to-use, flexible architecture that allows for full control over both emails and server content. It is useful for running awareness campaigns and training, and can only be used for legal applications when the explicit permission of the targeted organization has been obtained.

Features

  • Fully open source means there's no limits on use
  • Run multiple phishing campaigns simultaneously
  • View detailed graphs regarding the campaign results
  • Send email with embedded images for a more legitimate appearance
  • Optional Two-Factor authentication
  • Highly flexible to accommodate different phishing goals
  • Powerful template system using the Jinja2 engine
  • Ability to capture credentials
  • SMS alerts regarding campaign status
  • Web page cloning capabilities
  • Integrated Sender Policy Framework (SPF) checks
  • Easy installation without setting up an additional web server
  • Geo location of phishing visitors
  • Send email with calendar invitations
  • Plugin support for extending both the Client and Server

  

 

Overview

King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.

King Phisher is only to be used for legal applications when the explicit permission of the targeted organization has been obtained.

Get the latest stable version from the GitHub Releases Page or use git to checkout the project from source.

Feature Overview

  • Run multiple phishing campaigns simultaneously
  • Send email with embedded images for a more legitimate appearance
  • Optional Two-Factor authentication
  • Credential harvesting from landing pages
  • SMS alerts regarding campaign status
  • Web page cloning capabilities
  • Integrated Sender Policy Framework (SPF) checks
  • Geo location of phishing visitors
  • Send email with calendar invitations

Plugins

Both the client and server can be extended with functionality provided by plugins. A small number of plugins are packaged with King Phisher and additional ones are available in the Plugins repository.

 

 

King Phisher Plugins

Plugins to extend the King Phisher Phishing Campaign Toolkit. For more information regarding King Phisher, see the project's wiki page.

Client Plugins

NameDescription
Blink(1) NotificationsA plugin which will flash a Blink(1) peripheral based on campaign events such as when a new visit is received or new credentials have been submitted.
Campaign Message Configuration ManagerStore campaign message configurations for their respective campaigns. This allows users to switch between campaigns while keeping each of the message configurations and restoring them when the user returns to the original campaign. New campaigns can either be created with customizable default settings or from the existing configuration (see the "Transfer Settings" option).
Clockwork SMSSend SMS messages using the Clockwork SMS API's email gateway. While enabled, this plugin will automatically update phone numbers into email addresses for sending using the service.
DMARC CheckThis plugin adds another safety check to the message precheck routines to verify that if DMARC exists the message will not be quarentined or rejected. If no DMARC policy is present, the policy is set to none or the percentage is set to 0, the message sending operation will proceed.
Domain ValidatorChecks to see if a domain can be resolved and then looks up the WHOIS information for it. Good for email spoofing and bypassing some spam filters.
File LoggingWrite the client's logs to a file in the users data directory. Additionally if an unhandled exception occurs, the details will be written to a dedicated directory.
GTUBE HeaderAdd the Generic Test for Unsolicited Bulk Email (GTUBE) string as a X-GTUBE header and append it to the end of all text/* parts of the MIME messages that are sent.

This will cause messages to be identified as SPAM.
Hello World!A 'hello world' plugin to serve as a basic template and demonstration. This plugin will display a message box when King Phisher exits.
Save KPM On ExitPrompt to save the message data as a KPM file when King Phisher exits.
Upload KPMSaves a KPM file to the King Phisher server when sending messages. The user must have write permissions to the specified directories. Both the "Local Directory" and "Remote Directory" options can use the variables that are available for use in message templates.
Message PaddingAdd and modify custom HTML messages from a file to reduce Spam Assassin scores. This plugin interacts with the message content to append a long series of randomly generated sentences to meet the ideal image-text ratio.
Message PlaintextParse and include a plaintext version of an email based on the HTML version.
Custom Message MIME HeadersAdd custom MIME headers to messages that are sent. This can, for example be used to add a Sender and / or a Return-Path header to outgoing messages. Headers are rendered as template strings and can use variables that are valid in messages.
Office 2007+ Document Metadata RemoverRemove metadata from Microsoft Office 2007+ file types. These files types generally use the extension docx, pptx, xlsx etc. If the attachment file is not an Office 2007+ file, this plugin does not modify it or block the sending operation.
Generate PDFGenerates a PDF file from an html attachment that process client King Phisher Jinja variables allowing to embed links to your landing page so users that click the link in the PDF can be tracked when they visit.
Phishery DOCX URL InjectorInject Word Document Template URLs into DOCX files. The Phishery technique is used to place multiple document template URLs into the word document (one per-line from the plugin settings).
Request RedirectEdit entries for the server "Request Redirect" plugin.
Sample Set GeneratorBrings in a master list and generates a sample set from said list.
SFTP ClientSecure File Transfer Protocol Client that can be used to upload, download, create, and delete local and remote files on the King Phisher Server.

The editor allows you edit files on remote or local system. It is primarily designed for the use of editing remote web pages on the King Phisher Server.
Spell CheckAdd spell check capabilities to the message editor. This requires GtkSpell to be available with the correct Python GObject Introspection bindings. On Ubuntu and Debian based systems, this is provided by the 'gir1.2-gtkspell3-3.0' package.

After being loaded, the language can be changed from the default of en_US via the context menu (available when right clicking in the text view).
TOTP Self EnrollmentThis plugin allows users to manage the two factor authentication settings on their account. This includes setting a new and removing an existing TOTP secret. The two factor authentication used by King Phisher is compatible with free mobile applications such as Google Authenticator.
URI Spoof GeneratorExports a redirect page which allows URI spoofing in the address bar of the target's browser.

Server Plugins

NameDescription
Campaign Alerts: via Python 3 SMTPLibSend campaign alerts via the SMTP Python 3 lib. This requires that users specify their email through the King Phisher client to subscribe to notifications.
Campaign Alerts: via SMTP2GoSend campaign alerts via the SMTP2go lib. This requires that users specify their email through the King Phisher client to subscribe to notifications.
Campaign Alerts: via Clockwork SMSSend campaign alerts via the Clockwork SMS API. This requires that users specify their cell phone number through the King Phisher client.
Campaign Alerts: via Carrier SMS Email GatewaysSend campaign alerts as SMS messages through cell carrier's email gateways. This requires that users supply both their cell phone number and specify a supported carrier through the King Phisher client.
Hello World!A 'hello world' plugin to serve as a basic template and demonstration. This plugin will log simple messages to show that it is functioning.
IFTTT Campaign Success NotificationA plugin that will publish an event to a specified IFTTT Maker channel when a campaign has been deemed 'successful'.
Postfix Message InformationA plugin that analyzes message information from the postfix logs to provide King Phisher clients message status and detail information.
Pushbullet NotificationsA plugin that uses Pushbullet's API to send push notifications on new website visits and submitted credentials.
Request RedirectA plugin that allows requests to be redirected based on a matching source IP address or Range. This can be useful for redirecting known ranges of systems which maybe analyzing the server. Rules are processed in order and each one is a hash with at least a source key of an IP address or network. Additionally a target string will be used as the destination of the redirect or can be left as null for an exception. Finally, a boolean key of permanent can be used to specify whether a 301 or 302 redirect should be used.
Slack NotificationsA plugin that uses Slack Webhooks to send notifications on new website visits and submitted credentials to a slack channel. Notifications about credentials are sent with @here.
XMPP NotificationsA plugin which pushes notifications regarding the King Phisher server to a specified XMPP server.

Plugin Installation

Client Plugin Installation

Client plugins can be placed in the $HOME/.config/king-phisher/plugins directory, then loaded and enabled with the plugin manager.

Server Plugin Installation

Server plugins can be placed in the data/server/king_phisher/plugins directory of the King Phisher installation. Additional search paths can be defined using the plugin_directories option in the server's configuration file. After being copied into the necessary directory, the server's configuration file needs to be updated to enable the plugin.

Dependency Installation

Some plugins require additional Python packages to be installed in order to function. These packages must be installed in the King Phisher environment by running pipenv install $package from within the King Phisher installation directory.

License

King Phisher Plugins are released under the BSD 3-clause license, for more details see the LICENSE file.

  • No labels