Skip to content

Home

Jump to bottom
Spencer McIntyre edited this page Oct 15, 2015 · 26 revisions

alt text

Overview

King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.

King Phisher is only to be used for legal applications when the explicit permission of the targeted organization has been obtained.

Feature Overview

  • Run multiple phishing campaigns simultaneously
  • View detailed graphs regarding the campaign results
  • Send email with embedded images for a more legitimate appearance
  • Optional Two-Factor authentication
  • Highly flexible to accommodate different phishing goals
  • Powerful template system using the Jinja2 engine
  • Ability to capture credentials
  • SMS alerts regarding campaign status
  • Web page cloning capabilities
  • Integrated Sender Policy Framework (SPF) checks
  • Easy installation without setting up an additional web server
  • Geo location of phishing visitors

Documentation Documentation Status

The intention of this wiki is to hold documentation useful for the users of King Phisher. Advanced users looking to modify the source code or contribute to the project should look through the technical documentation available on ReadTheDocs. Furthermore the documentation contained within this wiki is for the latest, often upcoming release of King Phisher. As such, some features may be documented and discussed within the wiki that are not yet available on the master branch. To beta test new features, please use git to check out the dev branch, steps on how to do this are available here.

Why Use King Phisher

Fully Featured And Flexible

King Phisher was created out of a need for an application that would facilitate running multiple separate campaigns with different goals ranging from education, credential harvesting and so called "Drive By" attacks. King Phisher has been used to run campaigns ranging from hundreds of targets to tens of thousands of targets with ease. It also supports sending messages with embedded images and determining when emails are opened with a tracking image.

Integrated Web Server

King Phisher uses the packaged web server that comes standard with Python making configuring a separate instance unnecessary.

Open Source

The Python programming language makes it possible to modify the King Phisher source code to suite the specific needs of the user. Alternatively end users not interested in modifying the source code are welcome to open an issue and request a feature. Users are able to run campaigns as large as they like, as often as they like.

No Web Interface

No web interface makes it more difficult for prying eyes to identify that the King Phisher server is being used for social engineering. Additionally the lack of a web interface reduces the exposure of the King Phisher operator to web related vulnerabilities such as XSS.

More Information

For more information, users are welcome to join the IRC channel #king-phisher on Freenode.

Home | Blog | Install | Technical Docs | IRC | Slack | Copyright © 2013-2019 SecureState LLC

Wiki Home

Frequently Asked Questions

Jinja Variables

Want King Phisher Hosted For You?

Videos

Using King Phisher

  1. Getting Started
  2. Running A Campaign
  3. Creating Server Content
  4. Creating Message Content
  5. Updating King Phisher

Additional Resources

Clone this wiki locally