Today, RSM is releasing the latest version of the King Phisher phishing campaign toolkit. This version adds some excellent features for visualizing the results of a campaign to help with the analysis. Some of the features in this version were referenced in the Advanced Phishing Techniques webinar hosted by the RSM King Phisher team in March.
Some of the newest features in 0.2.0 include:
- GeoIP integration for identifying the origin of views
- World and USA maps for plotting the GeoIP information
- Additional graphs for campaign data and a customizable dashboard layout
- Support for web page cloning, powered by the WebKit engine
- Support for installing on Fedora Linux
- Support for running the server with Docker
One of the more exciting features is the ability to plot the geographic origins of visits on maps. This can help users to visualize where their targets are coming from. Currently there are maps available for the world and USA which can be selected from the Tools > “Create A Graph” menu or configured in the dashboard under Edit > Preferences > Client > “Dashboard Layout”. The map shows the origins of locations and colors them based on whether or not credentials were submitted.
Another new and exciting feature is the ability to clone web pages. While other tools have historically used methods to clone web pages like using wget or downloading and possibly parsing the HTML, King Phisher takes a different approach. The limitation with the aforementioned techniques is that they are marginally effective based on how well formed the HTML is and what if anything is used to parse it searching for images, CSS and JS files. Instead of trying to parse any HTML itself, King Phisher uses the powerful WebKit2GTK+ engine. WebKit is a popular open source engine used by many browsers. By using WebKit to load the target page, King Phisher can determine every web resource that would be loaded by a browser and copy them to disk without parsing a single line of HTML. The advantage to this approach is highly accurate cloning of web pages regardless of how the HTML is formed.
Unfortunately due to a limitation in the older WebKitGTK+ engine, version 2 must be used which is not available on Windows and Linux distributions which use older versions of GTK such as Kali and Debian 7. At this time, users looking to get the most out of their King Phisher client experience are recommended to use a different Linux distribution such as Ubuntu 14.04 LTS or Fedora 21.
Finally version 0.2.0 also marks the first version to integrate with Docker. Files to be used with the docker-compose utility are available in the data/server/docker directory. Supporting the popular Docker utility will allow users to get a working server up and running with minimal difficulty. All that is required is cloning the King Phisher repository and running “docker-compose up -d” from the aforementioned directory. More detailed instructions on getting started with King Phisher and Docker will be added to the wiki within the next week.
As always, King Phisher is available on RSM’s GitHub page and can be downloaded here: http://engage.securestate.com/king-phisher. We welcome any feedback you may have. Have a good idea for a useful feature you would like to see us add? Submit a feature request by opening a ticket on the issues page.