King Phisher is a tool for testing and promoting user awareness by simulating real-world phishing attacks.
It features an easy to use, yet very flexible architecture allowing full control over both emails and server content.
King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.
- Run multiple phishing campaigns simultaneously
- View detailed graphs regarding the campaign results
- Send email with embedded images for a more legitimate appearance
- Optional Two-Factor authentication
- Highly flexible to accommodate different phishing goals
- Powerful template system using the Jinja2 engine
- Ability to capture credentials
- SMS alerts regarding campaign status
- Web page cloning capabilities
- Integrated Sender Policy Framework (SPF) checks
- Easy installation without setting up an additional web server
- Geolocation of phishing visitors
- Docker image for the server
- Send email with calendar invitations
- Plugin support for extending both the Client and Server
A small number of plugins are packaged with King Phisher and additional ones are available in the Plugins repository.
The King Phisher client is supported on Windows and Linux, while the King Phisher server is only supported on Linux.
Linux (Client & Server)For installation on supported Linux distros (BackBox, CentOS [no Client Support], Debian, Fedora, Kali, Ubuntu):
wget -q https://github.com/securestate/king-phisher/raw/master/tools/install.sh && \
sudo bash ./install.sh
Windows (Client Only)Download the latest Windows build: Download King Phisher
You might also like:
- OWASP SwitchBlade - An Open-Source Denial of Service Attack Tool
- How Anonymous Hackers Changed the World (Documentary Film)
- Katana - A Portable Multi-Boot Security Distribution
- Volatility - An Open Source Memory Forensics Framework
- Qualys BrowserCheck - An Online Security Scanner
- DNSChef - An Advanced DNS Proxy
- PenTBox - An Open Source Security Suite
- Shoryuken - An SQL Injection Tool
- NetworkMiner - Network Forensic Analysis Tool
- Scythe Framework - An Account Enumeration Tool
- DNSwalk - A DNS Database Debugger
- Wifislax - A Slackware-Based Penetration Testing Distribution
- SQLSentinel - A Cross-Platform SQLi Vulnerability Scanner
- AnonTwi - Tool To Have More Privacy On Social Media
- HoneyDrive - A Honeypot Linux Distribution