The latest version of RSM’s phishing tool King Phisher has been released with numerous improvements. King Phisher is RSM’s Phishing Campaign toolkit of choice, developed internally to meet the demands of the engagements that the team encounters.
Some of the new features in this release include:
- Support for email messages with inline images that do not need to be downloaded
- Import and Export support for saving message contents and settings
- Support for using Postgres as a database backend
Probably one of the most exciting features added to King Phisher recently is the ability to embed images directly into messages. This removes the need for the target to click “Download Images” or the equivalent that is provided in most email clients and thus provides a more realistic message. Many users do not automatically download images, so when impersonating messages from popular services, missing logos that need to be downloaded can be a quick clue to the target that something is wrong.
King Phisher now supports full import and export capabilities for messages including the contents of the message, target list, any attachments, inline images, and all the settings configured through the “Configuration” tab. This is very useful for recording all the settings of a message that has been sent so they can be referenced or reproduced at a later point in time. This lets King Phisher users create better template messages that can be more easily used for performing retests.
Prior to version 0.1.6, King Phisher only support using SQLite as a database backend. As the project continues to grow, it is desirable to support a more fully featured DBMS to get the benefits of automatic schema migrations and easier management. King Phisher continues to support SQLite but as schema updates are released, the database can not be automatically updated as it can be with Postgres.
King Phisher is available on RSM’s GitHub page and can be downloaded here: http://engage.securestate.com/king-phisher.