What is King Phisher?
King Phisher is an amazing tool to perform real-world phishing attacks.
It has a flexible architecture which allows you to full control over emails + server content.
King Phisher – Phishing Campaign Toolkit | Full Tutorial:
If you are looking for an open-source phishing tool built with Python.
King Phisher can be a great choice.
It is fully featured and flexible tool with no web interface.
Which makes it very difficult to detect the phishing server.
“According to the official documentation, it also supports sending messages with embedded images and determining when emails are opened with a tracking image.”
King Phisher Highlights:
- Fully open-source means there are no limits on the use.
- Run multiple phishing campaigns simultaneously.
- View detailed graphs regarding the campaign results.
- Send an email with embedded images for a more legitimate appearance.
- Optional Two-Factor authentication.
- Highly flexible to accommodate different phishing goals.
- Powerful template system using the Jinja2 engine.
- Ability to capture credentials.
- SMS alerts regarding campaign status.
- Web page cloning capabilities.
- Integrated Sender Policy Framework (SPF) checks.
- Easy installation without setting up an additional webserver.
- Geolocation of phishing visitors.
- Send an email with calendar invitations.
- Plugin support for extending both the Client and Server.
Installing King Phisher:
Team CSHAWK recommend you to install King Phisher in
/opt/king-phisher. Clone the repo:
$ cd /opt/ # or your desired installation directory git clone
$ git clone https://github.com/securestate/king-phisher.git
Then run the
install.sh script (located in the
tools directory), which will install all required packages and set up a default server configuration without any hassle:
$ cd king-phisher
$ cd tools
$ sudo ./install.sh
To see Install script options, use
$ tools/install.sh --help
Usage: install.sh [-h] [-n/-y]
King Phisher Install Script
-h, --help show this help message and exit
-n, --no answer no to all questions
-y, --yes answer yes to all questions
--skip-client skip installing client components
--skip-server skip installing server components
To install client, run the following command:
$ sudo ./install.sh --skip-server
For quick installation, run the following command:
$ wget -q https://github.com/securestate/kingphisher/raw/master/tools/install.sh && \
$ sudo bash ./install.sh
Windows (Client only):
Click the “download” button at the bottom to download the latest build.
In order to connect and start using client, you’ll need to start King Phisher server first.
Use the following command:
$ sudo ./KingPhisherServer
Many people encounter the following issue:
KingPhisherServer: error: the following arguments are required: config_file
If you are the one. Run the config script:
$ ./KingPhisherServer server_config.yml
* The King Phisher client connects over SSH to the server for communication.
The SSH service must be installed, configured, and started independently of the provided King Phisher install script.
To start the client, run this command:
$ python3 KingPhisher
Now, you’ll be prompt to enter the credentials (same as for SSH).
After you connect, you’ll need to confirm the server’s host key and SSH key passphrase.
If the client successfully connects to the server, you’ll see the campaign page.
Before you continue, configure your SMPT settings.
King Phisher can be a very good tool for you to use.
If you found value in this article make sure to leave a comment down below and appreciate our hard work.