The computer programmer Chris King known for making a lot of useful network-related utilities has released and updated his phishing framework known as FiercePhish.
FiercePhish is a Powerful Tool
The FiercePhish phishing framework is an extensive open-source solution that has been created by Chris King, a well known security expert that has contributed a lot of programs to the security community. The program allows attackers to create individual phishing campaigns, scheduling and processing of emails and a lot of other related procedures that are involved in phishing computer targets. The program is still in development and we expect to see major updates and changes in the future.
At this moment the currently implemented functionality includes the following:
-
Prefix Establishment – This feature allows the attackers to set up custom URL’s that mask as legitimate sources.
-
Phishing Campaigns Creation and Operation – The framework allows the careful tuning of sending a predefined number of emails over defined periods of time. Email templates, target user lists and schedules are supported.
-
Sending of Individual Emails – This is used for sending out individual emails to the targets.
-
Email Configuration Check – The FiercePhish platform allows the operators to parse MX records, A records and SPF records to ensure that proper configuration is performed.
-
Activity Logs – The platform tracks all activity and can give detailed information such when the emails were sent and all interactions performed with them.
-
Quick Replacement – The program allows the operators to use an easy Import/Export feature to issue a new server into sending out the emails.
-
User Management – FiercePhish allows its operators to use mulitple accounts for better organization.
-
Two-Factor Authentication – The operators can use Two-Factor Authentication using Google’s service.
The software depends on the following dependencies to run:
-
Linux
-
PHP >= 5.5.9
-
OpenSSL PHP Extension
-
PDO PHP Extension
-
Mbstring PHP Extension
-
Tokenizer PHP Extension
-
Rewrite PHP Extension
Currently the supported distributions are Ubuntu 14.04, 16.04 and 16.10. Two forms of installation are possible – automated and manual.
Future changes will bring new functionality which include the following:
-
Add inbox functionality (for email responses)
-
Add Activity Log export
-
Add file hoster + notifications when files are touched
-
Add site spoofer (tiny websites with the intent to harvest credentials or prompt a download)
The creator recommends that all users who engage in phishing campaigns should purchase their own custom domain to avoid spam filtering.
For more information you can visit the project’s site.