With the ability to write your own plugins for King Phisher, basically the possibilities for what YOU want King Phisher to do have fallen into your hands.
During the newer release for King Phisher, the development team has incorporated the ability to add your own plugins to allow customization on what you’d like the phishing tool to do. For example, we’ve started a plugin repo which has a few plugins already submitted. Some include the ability to use a programmable LED light, called a Blink1 to flash a colored status based on user actions. Another plugin allows you to enable spellcheck on your HTML file, and yet another prompts you to save your campaign file upon exit. Basically, writing a plugin doesn’t change the necessary behaviors of King Phisher, but allows you to add features to the software.
Plugins could be written for both the client and the server, however client plugins allow for more customization for the individual user, where the server plugins will add features such as notification preferences or actions taken by all users. Most of what I’ll be discussing here in this blog is client plugins. Here’s how it works:
1. The King Phisher client reads plugins from your ~/.config/plugins folder. If you clone the repo or if you write your own, you need the actual plugin files (without a folder) to be copied in there.
2. There are two different types of plugins; client and server. Make sure the appropriate plugins are installed.
To make your own plugin, you must include the following to import the library:
import king_phisher.client.plugins as plugins
and a section to define a “Plugin” class such as the following:
class Plugin(plugins.ClientPlugin):
authors = ['your name here']
title = 'your title here'
description = 'Describe your plugin here'
homepage = 'https://github.com/securestate/king-phisher-plugins'
def initialize(self):
return True
Other King Phisher functionality may be included into the plugin. For example, when you close the client you may want to perform some sort of action. For that, in the Plugin.initialize method, you must include the following, then define your ‘do_stuff’ function afterwards.
self.signal_connect('exit-confirm', self.do_stuff)
Another option to play around with is user customization of your function within the client itself. Say you’d like to choose colors for your own plugin. With that, creating your own options (which automatically saves in your config file) is easy. Just include the following in your Plugin class:
options = [
plugins.ClientOptionEnum(
'color_visits',
'The color to flash the Blink(1) for new visits.',
choices=COLORS,
default='yellow',
display_name='Visits Flash Color'
),
plugins.ClientOptionEnum(
'color_credentials',
'The color to flash the Blink(1) for new credentials.',
choices=COLORS,
default='red',
display_name='Credentials Flash Color'
)
]
Obviously, you’d have to define your COLORS constant beforehand, but you get the idea. After including those options, if you were to visit your client’s preferences, click the ‘Plugins’ tab, you can set your own values.
So far adding plugins is something new we’ve been working on with King Phisher and for the most part, the majority of written plugins have been for client customization. However, server plugins are a great way to send notifications per your own preferences. Based on signals, you can have the server send you a status email or if you use something like PushBullet, send you a notification that way.
So in conclusion, we’ve been working on ways which you, the user, can customize your own King Phisher experience and tailor the software in ways which you would find more useful or beneficial for your own personal needs. The ability to incorporate plugins is one excellent way to do so, and if you feel like sharing (because Open Source is the reason we do the things we do), feel free to first check out our docs page, then write and submit a PR through our plugins page. We’d be happy to accept submissions.
