KING PHISHER
PRESENTED BY
Spencer McIntyre
DOWNLOAD LINK:
https://github.com/securestate/king-phisher
King Phisher is an open source Phishing Campaign Toolkit. This is its technical documentation intended for use by contributors. The source code is available on the GitHub homepage. Additionally documentation intended for use by users can be found in the King Phisher GitHub wiki.
What differentiates King Phisher from other phishing tools is the focus it has on the requirements of consultants needing a tool for penetration testing. It was built from the ground up with a heavy emphasis on flexibility to allow pentesters to tailor their attack for their current assessment. It also includes unique features not included in other phishing tools such as the ability to craft calendar invite messages.
King Phisher is an open source tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials and drive by attacks.
The King Phisher Server is only supported on Linux. The King Phisher Client is supported on both Windows and Linux. Windows executables are available from the releases page.
An installation script is available to automate the process on supported versions of Linux. Instructions on how it can be used are Linux Install Steps section. It is highly recommended that users ensure that the system clock and timezone are set accurately on both the client and server.
Overview
King Phisher uses a client server architecture. The KingPhisherServer
application runs as a daemon on the phishing server. The KingPhisher
client file is meant to connect to the daemon over SSH from a remote system. The server must be running SSH and allow ports to be forwarded. The client after connecting, communicates via RPC to the server through the encrypted SSH tunnel.
Additionally, the user logging in with the King Phisher Client will require a valid local account on the King Phisher Server. The King Phisher Server provides its own HTTP server and does not require an additional one such as Apache, or Nginx. Running an additional server such as Apache or Nginx will likely result in a conflict in when trying to bind to a default port.
This post first appeared on Computer Security.org - CyberSecurity News, Inform, please read the originial post: here