• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

War Room

Shells from above

RSM logo

  • Home
  • About
  • Blog
  • Talks/Whitepapers
  • Tools
  • Recreation
Home > R&D > Development > King Phisher 0.1.7 Released

King Phisher 0.1.7 Released

February 20, 2015 By Spencer

We are very pleased to announce today that the latest release of RSM’s open source phishing toolkit, King Phisher, is now available. This latest release has lots of new features, client GUI improvements and stability fixes.

Some of the highlights of version 0.1.7 include:

  • Integration for checking SPF records
  • Automatic CSRF page generation
  • Full support for serving pages over SSL
  • Automated installation support for Debian and CentOS
  • A desktop file and icon for the King Phisher client GUI
  • Lots of changes for future support of Python 3

king_phisher_spf_check_failureProbably one of the greatest new features in version 0.1.7 is the integrated checks for Sender Policy Framework (SPF) records. SPF is used to validate which mail servers are authorized to send email on the behalf of a particular domain. These records are often used by spam filters as a first line of defense. With this new integration, the client will automatically check the SPF record of the domain which emails are being sent from in order to help prevent sending emails which may be marked as spam, prior to them being sent.

Another new feature is the make_csrf_page function that allows server pages to quickly generate a CSRF form that will be submitted when viewed. This is useful when the target organization has a login page that is vulnerable to CSRF. The King Phisher user can create a standard login server page that imitates it and have the form action send the login request to a second server page hosting the CSRF form. In this fashion, the King Phisher server will log the credentials and the user will be authenticated into the targeted application. More information on how to use this feature is available in the project’s wiki.

As always, King Phisher is available on RSM’s GitHub page and can be downloaded here: http://engage.securestate.com/king-phisher. We welcome any feedback you may have. Have a good idea for a useful feature you would like to see us add? Submit a feature request by opening a ticket on the issues page.

Happy Phishing!

Share this...
  • Reddit
  • Email
  • Facebook
  • Twitter
  • Linkedin

Spencer

Primary Sidebar

Categories

  • Defense
  • Forensics
  • Offense
  • Physical
  • R&D

Most Viewed Posts

  • DLL Injection Part 1: SetWindowsHookEx 10.8k views
  • Sophos UTM Home Edition – 3 – The Setup 10.8k views
  • Leveraging MS16-032 with PowerShell Empire 10k views
  • Bypassing Gmail’s Malicious Macro Signatures 9.8k views
  • How to Bypass SEP with Admin Access 8.9k views

Footer

  • RSS
  • Twitter
  • Tools
  • About
  • RSM US LLP

+1 800 903 6264

1 S Wacker Dr Suite 800
Chicago, IL 60606

Copyright © 2023 RSM US LLP. All rights reserved. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit for more information regarding RSM US LLP and RSM International.