King Phisher – Phishing Campaign Toolkit | Full Tutorial

What is King Phisher?

King Phisher is an amazing tool to perform real-world phishing attacks.

It has a flexible architecture which allows you to full control over emails + server content.

King Phisher – Phishing Campaign Toolkit | Full Tutorial:

If you are looking for an open-source phishing tool built with Python.

King Phisher can be a great choice.

It is fully featured and flexible tool with no web interface.

Which makes it very difficult to detect the phishing server.

“According to the official documentation, it also supports sending messages with embedded images and determining when emails are opened with a tracking image.”

King Phisher Highlights:

• Fully open-source means there are no limits on the use.
• Run multiple phishing campaigns simultaneously.
• View detailed graphs regarding the campaign results.
• Send an email with embedded images for a more legitimate appearance.
• Optional Two-Factor authentication.
• Highly flexible to accommodate different phishing goals.
• Powerful template system using the Jinja2 engine.
• Ability to capture credentials.
• SMS alerts regarding campaign status.
• Web page cloning capabilities.
• Integrated Sender Policy Framework (SPF) checks.
• Easy installation without setting up an additional webserver.
• Geolocation of phishing visitors.
• Send an email with calendar invitations.
• Plugin support for extending both the Client and Server.

Installing King Phisher:

Team CSHAWK recommend you to install King Phisher in /opt/king-phisher. Clone the repo:

$ cd /opt/ # or your desired installation directory git clone 
$ git clone https://github.com/securestate/king-phisher.git

Then run the install.sh script (located in the tools directory), which will install all required packages and set up a default server configuration without any hassle:

$ cd king-phisher
$ cd tools
$ sudo ./install.sh

To see Install script options, use --help:

$ tools/install.sh --help
Usage: install.sh [-h] [-n/-y]

King Phisher Install Script

optional arguments
   -h, --help            show this help message and exit
   -n, --no              answer no to all questions
   -y, --yes             answer yes to all questions
   --skip-client         skip installing client components
   --skip-server         skip installing server components

To install client, run the following command:

$ sudo ./install.sh --skip-server

For quick installation, run the following command:

$ wget -q https://github.com/securestate/kingphisher/raw/master/tools/install.sh && \ 
$ sudo bash ./install.sh

Windows (Client only):

Click the “download” button at the bottom to download the latest build.

Basic Usage

In order to connect and start using client, you’ll need to start King Phisher server first.

Use the following command:

$ sudo ./KingPhisherServer

Many people encounter the following issue:

KingPhisherServer: error: the following arguments are required: config_file

If you are the one. Run the config script:

$ ./KingPhisherServer server_config.yml

* The King Phisher client connects over SSH to the server for communication.

The SSH service must be installed, configured, and started independently of the provided King Phisher install script.

To start the client, run this command:

$ python3 KingPhisher

Now, you’ll be prompt to enter the credentials (same as for SSH).

After you connect, you’ll need to confirm the server’s host key and SSH key passphrase.

If the client successfully connects to the server, you’ll see the campaign page.

Before you continue, configure your SMPT settings.

Video Tutorial:

Final Words:

King Phisher can be a very good tool for you to use.

If you found value in this article make sure to leave a comment down below and appreciate our hard work.