How to install and use King-Phisher Phishing Campaign Toolkit
Welcome to HackingVision, Today we will show you how to install and use King-Phisher to deploy phishing attacks.
First, we need to install King-Phisher in this tutorial I will be using Kali Linux you can use another Linux distro but Kali Linux is recommended.
Github Page: https://github.com/securestate/king-phisher
King Phisher is a tool for testing and promoting user awareness by simulating real-world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.
How to use King-Phisher
Features
- Run multiple phishing campaigns simultaneously
- Send an email with embedded images for a more legitimate appearance
- Optional Two-Factor authentication
- Credential harvesting from landing pages
- SMS alerts regarding campaign status
- Web page cloning capabilities
- Integrated Sender Policy Framework (SPF) checks
- Geolocation of phishing visitors
- Send an email with calendar invitations
Documentation
King Phisher uses Sphinx for internal technical documentation.
sphinx-build -b html docs/source docs/html
http://king-phisher.readthedocs.io/en/latest
Installing King-Phisher
We are using Linux so we will go ahead and install King-Phisher for Linux.
Open up a command terminal and enter commands below to get and install King-Phishing for Linux. There is also a Windows version of King-Phisher however it is Client only version Linux version contains both Client and Server.
mkdir king-phisher
cd king-phisher
wget -q https://github.com/securestate/king-phisher/raw/master/tools/install.sh
sudo bash ./install.sh
Message Template Variables
The client message templates are formatted using the Jinja2 templating engine and support a number of variables. These are included here as a reference, check the templates wiki page for comprehensive documentation.
Variable Name | Variable Value |
---|---|
client.company_name | The target’s company name |
client.email_address | The target’s email address |
client.first_name | The target’s first name |
client.last_name | The target’s last name |
client.message_id | The unique tracking identifier (this is the same as uid) |
sender.email | The email address in the “Source Email (MIME)” field |
sender.friendly_alias | The value of the “Friendly Alias” field |
sender.reply_to | The value of the “Reply To” field |
url.tracking_dot | URL of an image used for message tracking |
url.webserver | Phishing server URL with the uid parameter |
url.webserver_raw | Phishing server URL without any parameters |
tracking_dot_image_tag | The tracking image in a preformatted <img /> tag |
uid | The unique tracking identifier (this is the same as client.message_id) |
The uid is the most important and must be present in links that the messages contain.
Now that we have installed King-Phisher we can start creating phishing campaigns.
When we use King-phisher we are expected to set up SSH and SSL ourselves.
apt-get install certbot
apt-get install openssh-server
To start King-Phisher open up a command terminal and enter the command below.
/opt/king-phisher/KingPhisher
Public SMTP Servers
https://github.com/securestate/king-phisher/wiki/Public-SMTP-Servers