- How to install and use King-Phisher Phishing Campaign Toolkit
- How to use King-Phisher
- Features
- Documentation
- Installing King-Phisher
- Message Template Variables
- How To Install king-phisher on Kali Linux
- What is king-phisher
- Install king-phisher Using apt-get
- Install king-phisher Using apt
- Install king-phisher Using aptitude
- How To Uninstall king-phisher on Kali Linux
- Uninstall king-phisher And Its Dependencies
- Remove king-phisher Configurations and Data
- Remove king-phisher configuration, data, and all of its dependencies
- References
- Summary
- Saved searches
- Use saved searches to filter your results more quickly
- Advanced Installation
How to install and use King-Phisher Phishing Campaign Toolkit
Welcome to HackingVision, Today we will show you how to install and use King-Phisher to deploy phishing attacks.
First, we need to install King-Phisher in this tutorial I will be using Kali Linux you can use another Linux distro but Kali Linux is recommended.
King Phisher is a tool for testing and promoting user awareness by simulating real-world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.
How to use King-Phisher
Features
- Run multiple phishing campaigns simultaneously
- Send an email with embedded images for a more legitimate appearance
- Optional Two-Factor authentication
- Credential harvesting from landing pages
- SMS alerts regarding campaign status
- Web page cloning capabilities
- Integrated Sender Policy Framework (SPF) checks
- Geolocation of phishing visitors
- Send an email with calendar invitations
Documentation
King Phisher uses Sphinx for internal technical documentation.
sphinx-build -b html docs/source docs/htmlInstalling King-Phisher
We are using Linux so we will go ahead and install King-Phisher for Linux.
Open up a command terminal and enter commands below to get and install King-Phishing for Linux. There is also a Windows version of King-Phisher however it is Client only version Linux version contains both Client and Server.
wget -q https://github.com/securestate/king-phisher/raw/master/tools/install.sh
Message Template Variables
The client message templates are formatted using the Jinja2 templating engine and support a number of variables. These are included here as a reference, check the templates wiki page for comprehensive documentation.
| Variable Name | Variable Value |
|---|---|
| client.company_name | The target’s company name |
| client.email_address | The target’s email address |
| client.first_name | The target’s first name |
| client.last_name | The target’s last name |
| client.message_id | The unique tracking identifier (this is the same as uid) |
| sender.email | The email address in the “Source Email (MIME)” field |
| sender.friendly_alias | The value of the “Friendly Alias” field |
| sender.reply_to | The value of the “Reply To” field |
| url.tracking_dot | URL of an image used for message tracking |
| url.webserver | Phishing server URL with the uid parameter |
| url.webserver_raw | Phishing server URL without any parameters |
| tracking_dot_image_tag | The tracking image in a preformatted |
| uid | The unique tracking identifier (this is the same as client.message_id) |
The uid is the most important and must be present in links that the messages contain.
Now that we have installed King-Phisher we can start creating phishing campaigns.
When we use King-phisher we are expected to set up SSH and SSL ourselves.
apt-get install openssh-server
To start King-Phisher open up a command terminal and enter the command below.
/opt/king-phisher/KingPhisher
How To Install king-phisher on Kali Linux
In this tutorial we learn how to install king-phisher on Kali Linux.
What is king-phisher
This package contains is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.
There are three ways to install king-phisher on Kali Linux . We can use apt-get , apt and aptitude . In the following sections we will describe each method. You can choose one of them.
Install king-phisher Using apt-get
Update apt database with apt-get using the following command.
After updating apt database, We can install king-phisher using apt-get by running the following command:
sudo apt-get -y install king-phisher Install king-phisher Using apt
Update apt database with apt using the following command.
After updating apt database, We can install king-phisher using apt by running the following command:
sudo apt -y install king-phisher Install king-phisher Using aptitude
If you want to follow this method, you might need to install aptitude first since aptitude is usually not installed by default on Kali Linux. Update apt database with aptitude using the following command.
After updating apt database, We can install king-phisher using aptitude by running the following command:
sudo aptitude -y install king-phisher How To Uninstall king-phisher on Kali Linux
To uninstall only the king-phisher package we can use the following command:
sudo apt-get remove king-phisher Uninstall king-phisher And Its Dependencies
To uninstall king-phisher and its dependencies that are no longer needed by Kali Linux, we can use the command below:
sudo apt-get -y autoremove king-phisher Remove king-phisher Configurations and Data
To remove king-phisher configuration and data from Kali Linux we can use the following command:
sudo apt-get -y purge king-phisher Remove king-phisher configuration, data, and all of its dependencies
We can use the following command to remove king-phisher configurations, data and all of its dependencies, we can use the following command:
sudo apt-get -y autoremove --purge king-phisher References
Summary
In this tutorial we learn how to install king-phisher using different package management tools like apt, apt-get and aptitude.
Saved searches
Use saved searches to filter your results more quickly
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.
Advanced Installation
Clone this wiki locally
wget -q https://github.com/securestate/king-phisher/raw/master/tools/install.sh && \ sudo bash ./install.sh The King Phisher Server is only supported on Linux. The King Phisher Client is supported on both Windows and Linux. Windows installation executables are available from the releases page.
An installation script is available to automate the process on supported versions of Linux. Instructions on how it can be used are available in the Linux Install Steps section. It is highly recommended that users ensure that the system clock and timezone are set accurately on both the client and server.
King Phisher uses a client server architecture. The KingPhisherServer application runs as a daemon on the phishing server. The KingPhisher client file is meant to connect to the daemon over SSH from a remote system. The server must be running SSH and allow ports to be forwarded. The client, after connecting, communicates via RPC to the server through the encrypted SSH tunnel.
Additionally, the user logging in with the King Phisher Client will require a valid local account on the King Phisher Server. The King Phisher Server provides its own HTTP server and does not require an additional one such as Apache, or Nginx. Running an additional server such as Apache or Nginx will likely result in a conflict when trying to bind to a default port, resulting in the server failing to start.
Recommended Minimum Requirements
It is recommended that King Phisher be run on a system which exceeds the host operating systems minimum requirements. At this time a minimum of 2048 MB of RAM and at least a CPU with 2 cores running at 1.5 GHz is sufficient. Furthermore the hard disk should have additional space on top of the host OS recommendations for the installation of required packages. For the client it is recommended that the display support a minimum resolution of 1024×800.
Recommended Linux Flavors:
Install Script Supported Flavors
| Linux Flavor | Min Version | Client Support | Server Support |
|---|---|---|---|
| BackBox | 5 | yes | yes |
| CentOS | 7.0 | no | yes |
| Debian | 8 | yes | yes |
| Fedora | 24 | yes | yes |
| Kali | rolling | yes | yes |
| Red Hat | 7.0 | no | yes |
| Ubuntu | 16.04 | yes | yes |
The following steps walk through manually installking King Phisher into a self contained directory. Installing King Phisher into /opt/king-phisher is recommended.
cd /opt/ # or your desired installation directory git clone https://github.com/securestate/king-phisher.git
King Phisher comes with an install script for a convenient installation process. It will handle installing all of the operating system dependencies, the required Python packages, and basic configuration. The automated install scripts supports a limited set of [Linux flavors][operating-systems]. To request that one be added, please open a support ticket.
After cloning the repository run the install.sh script that is in the tools directory as such: sudo tools/install.sh . This will download all the required packages and set up a default server configuration. The automated installation process may take up to 20 minutes to complete depending on the speed at which packages are downloaded. The tools/install.sh script has additional options which can be used for customization.
cd king-phisher sudo tools/install.sh The installation script supports a number of command line options. The latest of which can be viewed by running tools/install.sh —help . These options can be used to (for example) install the King Phisher client or server components from another automation tool such as Ansible.
tools/install.sh --help Usage: install.sh [-h] [-n/-y] King Phisher Install Script optional arguments -h, --help show this help message and exit -n, --no answer no to all questions -y, --yes answer yes to all questions --skip-client skip installing client components --skip-server skip installing server components
Install Script Environment Variables
Certain environment variables can also be set to change the default behaviour of the installation script. Command line options take priority over environment variables.
| Variable Name | Description | Default |
|---|---|---|
| KING_PHISHER_DIR | The base directory to install to | /opt/king-phisher |
| KING_PHISHER_SKIP_CLIENT | Skip installing client components | NOT SET |
| KING_PHISHER_SKIP_SERVER | Skip installing server components | NOT SET |
Variables which are not set by default are flags which are toggled when defined. For example to skip installing client components the following command could be used: KING_PHISHER_SKIP_CLIENT=x tools/install.sh