King Phisher version 1.1 has been released today with numerous improvements since the last release in October. One of the most exciting new features is the ability to send phishing emails in the form of calendar invites. This causes an email to be sent to the target that looks like a typical meeting request. More information on using the new calendar invite mode (including an example with a sharp new meeting site template) can be found in shad0wman’s previous Phishing For Days post. This feature adds a new spin on classic phishing scenarios as most user awareness programs do not cover calendar invites.
Another new feature that has been requested for a while now is the ability to send a message to a single target user without the need for creating a list. In the message configuration tab, a target mode of either “List” or “Single” can now be selected. When the mode is set to Single, a user’s email address and name can be defined without creating a separate CSV file. This is very useful for sending initial testing emails before switching over to a list for processing all other targets.
Since before the days of the (Powershell) Empire, King Phisher has been effectively used in combination with malicious Microsoft Office documents to execute macros on the systems of unsuspecting victims. To aid in this process, the King Phisher client will now optionally automatically detect if a Office 2007 type document (docx, pptx, xlsx) file is being attached and remove it’s metadata. This will prevent the attackers username from being leaked in the sent file.
New users will enjoy the added support for setting up the PostgreSQL database via the King Phisher install script. This makes it easier than ever for users looking to install a new instance of the King Phisher server and use the preferred backend DBMS of PostgreSQL instead of SQLite.
The last major feature included in the 1.1 release is the support for exporting campaign data to Excel work books. Many times after a campaign is completed, it’s necessary to store the information for analysis off line later or pass it over to a third party. Exporting the campaign data to Excel will create a work sheet for each of the major data tabs (messages, visits, & credentials). This eliminates the need to create individual CSV files and merge them together.
As with RSM’s other open source projects, King Phisher is hosted on GitHub (https://github.com/securestate/king-phisher). For more information about the tool, past blogs on earlier releases can be found under the king-phisher tag.