How to install and use King-Phisher Phishing Campaign Toolkit

by

How to install and use King-Phisher Phishing Campaign Toolkit

Welcome to HackingVision, Today we will show you how to install and use King-Phisher to deploy phishing attacks.

First, we need to install King-Phisher in this tutorial I will be using Kali Linux you can use another Linux distro but Kali Linux is recommended.

Github Page: https://github.com/securestate/king-phisher

King Phisher is a tool for testing and promoting user awareness by simulating real-world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.

How to use King-Phisher

Features

  • Run multiple phishing campaigns simultaneously
  • Send an email with embedded images for a more legitimate appearance
  • Optional Two-Factor authentication
  • Credential harvesting from landing pages
  • SMS alerts regarding campaign status
  • Web page cloning capabilities
  • Integrated Sender Policy Framework (SPF) checks
  • Geolocation of phishing visitors
  • Send an email with calendar invitations

Documentation

King Phisher uses Sphinx for internal technical documentation.

sphinx-build -b html docs/source docs/html

http://king-phisher.readthedocs.io/en/latest

Installing King-Phisher

We are using Linux so we will go ahead and install King-Phisher for Linux.

Open up a command terminal and enter commands below to get and install King-Phishing for Linux. There is also a Windows version of King-Phisher however it is Client only version Linux version contains both Client and Server.

mkdir king-phisher
cd king-phisher
wget -q https://github.com/securestate/king-phisher/raw/master/tools/install.sh
sudo bash ./install.sh

Message Template Variables

The client message templates are formatted using the Jinja2 templating engine and support a number of variables. These are included here as a reference, check the templates wiki page for comprehensive documentation.

Variable Name Variable Value
client.company_name The target’s company name
client.email_address The target’s email address
client.first_name The target’s first name
client.last_name The target’s last name
client.message_id The unique tracking identifier (this is the same as uid)
sender.email The email address in the “Source Email (MIME)” field
sender.friendly_alias The value of the “Friendly Alias” field
sender.reply_to The value of the “Reply To” field
url.tracking_dot URL of an image used for message tracking
url.webserver Phishing server URL with the uid parameter
url.webserver_raw Phishing server URL without any parameters
tracking_dot_image_tag The tracking image in a preformatted <img /> tag
uid The unique tracking identifier (this is the same as client.message_id)

The uid is the most important and must be present in links that the messages contain.

Now that we have installed King-Phisher we can start creating phishing campaigns.

When we use King-phisher we are expected to set up SSH and SSL ourselves.

apt-get install certbot
apt-get install openssh-server

To start King-Phisher open up a command terminal and enter the command below.

/opt/king-phisher/KingPhisher

Public SMTP Servers

https://github.com/securestate/king-phisher/wiki/Public-SMTP-Servers