King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. Its flexible architecture allows you the full control over both emails and server content.
King Phisher: Phishing Campaign Toolkit
The King Phisher is an open source phishing tool, which is fully featured and very flexible. It allows you to easily run multiple separate campaigns, with different areas (phishing attacks/credential harvesting, education, etc.) and with huge number of targets ( up to 10k+). According to the official documentation, it also supports sending messages with embedded images and determining when emails are opened with a tracking image.
It’s written in Python, and since it’s fully open sourced, you can modify source code to suite your needs. In addition, there is no web interface which makes King Phisher server hard to identify if it’s being used for social engineering.
- Fully open source means there’s no limits on use
- Run multiple phishing campaigns simultaneously
- View detailed graphs regarding the campaign results
- Send email with embedded images for a more legitimate appearance
- Optional Two-Factor authentication
- Highly flexible to accommodate different phishing goals
- Powerful template system using the Jinja2 engine
- Ability to capture credentials
- SMS alerts regarding campaign status
- Web page cloning capabilities
- Integrated Sender Policy Framework (SPF) checks
- Easy installation without setting up an additional web server
- Geo location of phishing visitors
- Send email with calendar invitations
- Plugin support for extending both the Client/Server
Plugins & Templates:
It is recommended to install King Phisher into
/opt/king-phisher. Clone the repo:
$ cd /opt/ # or your desired installation directory git clone $ git clone https://github.com/securestate/king-phisher.git
Then run the
install.sh script (located in the
tools directory), which will install all required packages and set up a default server configuration:
$ cd king-phisher $ cd tools $ sudo ./install.sh
To see Install script options, use
$ tools/install.sh --help Usage: install.sh [-h] [-n/-y] King Phisher Install Script optional arguments -h, --help show this help message and exit -n, --no answer no to all questions -y, --yes answer yes to all questions --skip-client skip installing client components --skip-server skip installing server components
To install client, run the following:
$ sudo ./install.sh --skip-server
$ wget -q https://github.com/securestate/kingphisher/raw/master/tools/install.sh && \ $ sudo bash ./install.sh
Windows (Client only):
Click the “download” button at the bottom to download the latest build.
In order to connect and start using client, you’ll need to start King Phisher server first:
$ sudo ./KingPhisherServer
But you may encounter the following error:
KingPhisherServer: error: the following arguments are required: config_file
So, run the config script:
$ ./KingPhisherServer server_config.yml
To start the client, run:
$ python3 KingPhisher
Now, you’ll be prompt to enter the credentials (same as for SSH).
After you connect, you’ll need to confirm server’s host key and SSH key passphrase. If the client successfully connects to the server, you’ll see the campaign page. Before you continue, configure your SMPT settings.