War Room

Shells from above

RSM logo

Home > R&D > Development > King Phisher Release 1.9

King Phisher Release 1.9

By

Today RSM is proud to announce the latest release of our open source Phishing tool King Phisher. This release brings many new features that we hope offer users a much more pleasant experience and facilitate tapping into some of the more customizable potential of King Phisher.

The biggest upgrade with King Phisher version 1.9 is that the client’s plugin manager got a huge overhaul. With this upgrade you can now install and enable plugins directly from RSM’s Official plugins GitHub repository.  The plugin manager will now download a catalog of available plugins so you can look through all available plugins, read their descriptions and see if their requirements are met. Compatible plugins are then able to be installed by simply clicking a checkbox. This makes installing and managing plugin extremely easy for the end user!

Christain Belk (cbelk) updated install.sh script so King Phisher now supports Arch Linux. This increases the number operating systems supported by King Phisher. We would like to thank Christian Belk (cbelk) for the contribution to the project.

Please note King Phisher will no longer, by default, strip meta data off of Microsoft office 2007+ documents, spreadsheets, pdfs ect. You will now need to install the Office 2007+ Document Metadata Remover plugin and enable it. Once enabled, if you attach files such as docx, and xlsx files to the phishing email, King Phisher will automatically remove the metadata from the file prior to sending out the email.

King Phisher version 1.9  includes the following changes:

  • Support resetting plugins options to their respective defaults
  • Moved Office 2007+ metadata removal to a new plugin
  • Added support for installing plugins from remote sources through the UI
  • Added timeout support for SPF DNS queries
  • Support for installing on Arch Linux
    • Upgrade AdvancedHTTPServer to v2.0.11 to support async SSL handshakes
    • Support using an include directive in the server configuration file
    • Added a request-handle signal for custom HTTP request handlers
    • Removed address support from the server config in favor of addresses
    • Support login as an alias of the username parameter for credentials
    • Multiple server improvements

King Phisher version 1.9.0 can be found under the releases page here: https://github.com/securestate/king-phisher/releases/tag/v1.9.0. Happy Phishing!

Interested in having a private King Phisher server instance hosted for your organization? Check out RSM’s Phishing Self Service for details.