Phishing Frenzy: Installing the Monster
If you’ve been following along with us, you’ve noticed we recently released a new software tool for penetration testers called Phishing Frenzy (PF). PF is a feature rich ruby on rails application that helps manage your email phishing campaigns from creation, customization, to execution.
Since the release of PF we have been making lots of changes to help enhance the software for easier management of your email phishing campaigns. Some of the biggest changes you’ll notice when you checkout the latest version is a new layout built on bootstrap, a new shiny logo, and sending of emails in the background using sidekiq.
I want to first give a few shout-outs to some core contributors to the project that have really stepped up in making it a stellar email phishing platform (Dalton, smilingraccoon, hostess, AvidHacker, and others).
Dalton has been contributing code like crazy and has helped implement a new authentication scheme using the Devise gem, as well as a system that creates an audit trail for all successful logins to PF. The biggest contribution was his sleek code that now allows for sending of email messages in the background using sidekiq which communicates with redis.
Installing Phishing Frenzy
If you’re not a rails guru or haven’t ever dabbled with ruby on rails, the installation process might seem overwhelming. I’ve created this helpful video which follows the newly created wiki on how to get up and running with PF on Kali linux.
Checkout the github repository and wiki for more resources
New Shiny Layout
PF now comes with a new shiny layout that is built with bootstrap. It’s a huge improvement from the old interface and gives the application a much cleaner look if I may say so myself. The new logo was created by a close friend Michael Schoenecker. If you need any digital photography work done, feel free to contact Michael.
Manage Email Phishing Campaigns with PF
Sending Emails with Sidekiq
Another one of our additions is the ability send emails in the background using Sidekiq. This is a critical piece if you are planning on sending lots of emails for a campaign. If you don’t send emails in the background it will hang the console while sending out each email one by one. You are not required to send emails using Sidekiq but the Admin interface gives you an option to toggle this feature on and off if you so choose.
Also Sidekiq gives us a nice console where we can manage our queues and see each email as it is processed one by one.
Outro
We are continually improving the PF platform so stay tuned for some of the newest features coming soon. If you would like to request a feature or submit a bug, please visit our Github repository located at:
https://github.com/pentestgeek/phishing-frenzy
Keep on Phishing!
Share this article
Leave a Reply
Share This
Recent Posts
- Playing With the New Burp Suite REST API
- Burp Suite 2.0 Beta Review
- Attacking Palo Alto Networks PAN-OS ‘readSessionVarsFromFile()’
- GPG Errors While Updating Kali Linux
- Installing Kali NetHunter on HTC Nexus 9
Subscribe To Our Mailing List
The Ultimate Burp Suite Training Program
Learn Network Penetration Testing
Penetration Testing
Categories
- AWBS
- Burp Suite
- Definitions
- Forensics and Incident Response
- Information Gathering
- Metasploit
- Penetration Testing Tutorials
- Phishing
- Presentations
- Tools
- Web Applications
- Wireless
Hello,
I wanted to know if phishingfrenzy is local installation or my local machine ? for example can it be like Nessus vulnerability scanner on 127.0.0.1 with specific port ?
Thanks
Does phising frenzy have templates to phising apple ID?
Hello guys
I’m really a big fan of yours and I hope your project will grow bigger and bigger !
I haven’t got any problem during the installing process and I’ve following your guide step by step and everything seemed so perfect
but suddenly, the only one issue I had is I can’t connect to the PF server
when I tried to connect to the the server localhost my Iceweasel browser be like :
“Iceweasel can’t find the server at http://www.phishingfrenzy.local ”
I’ve tried to check every single step to see what I’ve done wrong by it’s seems like I did exactly the same as you suggested in your video I think ,
I’ll be more than thankful if you could help me with that
and thank you so much for your hard work
I’m stuck installing nokogiri. I had to do a bundle install to get rake. and the bundle install fails to install nokogiri
Here is my error
http://pastebin.com/VVtGTgRc
This is valuable feedback. In the future could you try submitting tickets to the Github page here: https://github.com/pentestgeek/phishing-frenzy/issues
Hey guys, saw your presentation at Derby and was gearing up to install PF.
I was following along with your wiki and tutorial and found an error or two. During the rake db:migrate command I was getting an error that it could not login. This was due to the database not matching the login information that was inputted by default. (I like to start with default settings and then change to ensure that any of my own inputs are not causing issues if I run into them.)
The default database name was incorrect, set as “pf_dev” and the script had named the database “phishing_frenzy_development”
It took a few playbacks of your video to copy the original defaults and then re-run the rake commands and it worked.
Also, an additional line is now generated to be pasted into the apache2.conf file. appended with a
After that no errors… But there’s still a problem. I run sidekiq and apachectl and browse to phishingfrenzy.local and get a problem loading page.
I went through the installation piece by piece and can’t seem to find the problem. Checked the installation video back and forth, and still can’t find it. I removed the from the apache2.conf file and still can’t seem to get it.
The only things that seem to be different is Ruby is 2.1.1 and passenger is 4.0.40 but you wouldn’t think that would just break all the things.
Any thoughts? Am I missing something THAT obvious?
-SFisher
Please use the github repository to create a new ticket for all PF issues.
ok i’ve got it installed. i’m not a html expert. trying to create new template – what exactly is the format needed to go into the email, www files.
my best effort just got an email send out with html source code.
Here is the minimum you would want to send out an email. There are other ways to accomplish this task, but here is an example that works for me.
From: #{display_from} < #{from}>
BCC: #{to}
MIME-Version: 1.0
Content-Type: Multipart/Related; boundary="00123"
Subject: #{subject}
--00123
Content-Type: Text/HTML; charset=ISO-8859-1
Content-Transfer-Encodding: 7bit
html_tags
Just put your html tags where “html_tags” is located and it will render whatever html you code. Often times you can design the email in outlook or thunderbird and import them into the email file.
Eventually this will change a bit when we update the software to use rails ActiveMailers, but for now this will work.