Yesterday, RSM released the latest version of their King Phisher phishing campaign toolkit. This version adds some exciting new features with a focus on usability.
The message editor received some nice improvements, including syntax highlighting. The editor window now uses the GtkSourceView project to provide a more user friendly environment for writing and modifying message templates. Furthermore if users choose not to use the integrated message editor and instead opt to use an external editor, changes made to the document will be reflected in the King Phisher client. This makes editing messages using the integrated editor easier. Additionally users that might not have been aware of it’s existence should checkout the right click menu in the editor for easy access to common Jinja tags without needing to remember the exact syntax.
King Phisher has also had a fantastic new Metasploit plugin submitted by community user coldfusion39. This plugin for msfconsole is available in the data/msf directory and uses the King Phisher server’s optional REST API to send SMS messages when new sessions are opened. This is a very handy feature if users are expecting sessions to be opened from the emails that they are sending.
Finally, the King Phisher client has new support for exporting geographic information regarding visits to the popular GeoJSON format. This allows the information to optionally be loaded into third party services such as geojson.io for additional analysis. The new GeoJSON format is available from the File > Export menu within the client.
As always, King Phisher is available on RSM’s GitHub page and can be downloaded here: https://github.com/securestate/king-phisher. We welcome any feedback you may have. Have a good idea for a useful feature you would like to see us add? Submit a feature request by opening a ticket on the issues page.