Since it’s inception almost two years ago King Phisher has changed the way we at RSM provide email based social engineering services to our clients. We have integrated it into our external penetration testing methodology as well as relied on it for dedicated social engineering assessments. At the time, other phishing projects did not have the flexibility to meet all of the requirements by our team. Today we’re happy to announce a mile stone with the release of the 1.0 version. Over the last two years we’ve seen the project mature from what started as a command line script to send emails with attachments into the full solution we know today. Whats new in this release is a couple of things including a sharp new theme to make the GUI more appealing and the support for two factor authentication on the server. Many people may not be familiar with all of the features as they might have been waiting for a “stable” release, and to that end the wiki has been updated to reflect some of the most useful features that are included in King Phisher. Additionally a new king-phisher-templates repository has been created with the dedicated purpose of hosting King Phisher compatible templates for both email messages as well as server pages.
To those that have been using King Phisher prior to this release, we thank you. Your insight, feedback and bug reports have all provided important information to help the project get to this point and we hope to see the community continue to grow. This will not be the last release of the project, but rather marks the point at which we feel it is stable and fully featured to be used for its intended purpose. Additional features are in the works, so check back in a couple of months for the next release.
As with RSM’s other open source projects, King Phisher is hosted on GitHub https://github.com/securestate/king-phisher. For a demonstration of one of the many ways we use King Phisher, sign up for the upcoming webinar on using it with Empire. Additionally for more information about the tool, past blogs on earlier releases can be found under the king-phisher tag.