A couple weeks ago I presented at this years Derbycon on an email phishing platform that I have been working on. The web application is geared towards penetration testers who want to help streamline the creation and management of email phishing campaigns. The application is written in ruby on rails and is available for download on the Github repository: Phishing Frenzy.
For those of you who came out to my presentation, I appreciate you all getting up so early (Saturday 9am) to hear my talk. Those of you who missed the talk I went over some of the features of Phishing Frenzy and launched a live phishing simulation. You can see the recording below thanks to irongeek. If your looking to see just the demo, fast forward to 11:52.
Phishing Frenzy: 7 Seconds from Hook to Sinker
I briefly want to go over some of the features that Phishing Frenzy has to offer, including campaign creation, customization, and execution:
Once you’ve setup a phishing scenario that works with Phishing Frenzy you can reuse them for all future campaigns. Phishing Frenzy also offers the ability to backup and restore templates. This allows the community to share phishing scenarios with everyone else. To share a Phishing Frenzy template you can submit a pull request to: https://github.com/pentestgeek/phishing-frenzy-templates
This phishing scenario that I demonstrated at Derbycon is available as part of the Phishing Frenzy install. I typically make the email look like it came from someone within the company who is an authoritative figure. The email states that everyone should test their passwords to ensure they are in compliance with the company policies.