Yesterday, RSM released the latest version of their King Phisher phishing campaign toolkit. This version adds some exciting new features with a focus on usability.
The message editor received some nice improvements, including syntax highlighting. The editor window now uses the GtkSourceView project to provide a more user friendly environment for writing and modifying message templates. Furthermore if users choose not to use the integrated message editor and instead opt to use an external editor, changes made to the document will be reflected in the King Phisher client. This makes editing messages using the integrated editor easier. Additionally users that might not have been aware of it’s existence should checkout the right click menu in the editor for easy access to common Jinja tags without needing to remember the exact syntax.
Some additional features have also been added at the request of some users. The King Phisher server can now be configured to use an IP address provided by a cookie. This feature can be enabled from the server configuration file to allow the server to be located behind a proxy. Also it is now easier than ever to embed training videos hosted on You Tube into server pages. A single Jinja function can be used to embed a video by it’s ID. Many times though it is requested that users watch the entire video before being able to accept training. While the use of JavaScript limits what the page can “force” a user to do, King Phisher does make a best effort attempt to ensure that the training element of the HTML page is disabled until the video has finished playing.
King Phisher has also had a fantastic new Metasploit plugin submitted by community user coldfusion39. This plugin for msfconsole is available in the data/msf directory and uses the King Phisher server’s optional REST API to send SMS messages when new sessions are opened. This is a very handy feature if users are expecting sessions to be opened from the emails that they are sending.
Finally, the King Phisher client has new support for exporting geographic information regarding visits to the popular GeoJSON format. This allows the information to optionally be loaded into third party services such as geojson.io for additional analysis. The new GeoJSON format is available from the File > Export menu within the client.
As always, King Phisher is available on RSM’s GitHub page and can be downloaded here: https://github.com/securestate/king-phisher. We welcome any feedback you may have. Have a good idea for a useful feature you would like to see us add? Submit a feature request by opening a ticket on the issues page.
Happy Phishing!
