King Phisher version 1.12 is finally here. One improvement that we are most excited about is King Phisher now utilizes Pipenv to manage it’s dependencies. This will greatly improve the stability of the platform moving forward as there won’t be any dependency conflicts or bugs from upstream changes.
After doing a git fetch and git pull to update King Phisher, you now runsudo tools/install.sh--update to complete the King Phisher update process. The --update option will make sure all system packages are installed, and King Phisher’s Pipenv environment is up-to-date without making any changes to King Phisher’s configuration files. This new option will honor the --skip-client and --skip-server options if you are using an advanced installation process. As always, check the wiki on how to update King Phisher to the latest version.
Many people know about King Phisher’s capability to send campaign updates via text messaging. King Phisher’s core now allows users to store their email to utilize plugins such as alerts email via smtp to get these updates delivered directly to their email. Additional plugins can be found at https://github.com/securestate/king-phisher-plugins/.
King Phisher’s client plugin manager has undergone multiple improvements as well. Plugins can now have dedicated documentation in markdown files. This allows complex plugins to provide advanced use case documentation that the user can easily read from within the client. Additionally, the plugin manager’s a right click menu now has an update option to install the newest version of an already installed plugin.
As King Phisher is now running in a Pipenv environment, you will need to install plugin required Python packages into this environment for them to work. To do this navigate to King Phisher’s directory, and then run pipenv install <package name>. You might have to run this with sudo depending on the permissions of the King Phisher’s installation.
Other changes in King Phisher 1.12:
Added additional plugin metadata fields for reference URLs and category classifiers
Added additional documentation including an architecture overview for reference
Added the new fetch Jinja function and fromjson Jinja filter
Added campaign-alert-expired and campaign-expired server signals
Switched to using Pipenv to manage the environment and dependencies
Happy Phishing!
