Phishing Frenzy: Installing the Monster - Pentest Geek

Phishing Frenzy: Installing the Monster

Author: Brandon McCann Posted In Phishing On: 2013/12/30 Comments: 9

If you’ve been following along with us, you’ve noticed we recently released a new software tool for penetration testers called Phishing  Frenzy (PF). PF is a feature rich ruby on rails application that helps manage your email phishing campaigns from creation, customization, to execution.

Since the release of PF we have been making lots of changes to help enhance the software for easier management of your email phishing  campaigns. Some of the biggest changes you’ll notice when you checkout the latest version is a new layout built on bootstrap, a new shiny logo, and sending of emails in the background using sidekiq.

I want to first give a few shout-outs to some core contributors to the project that have really stepped up in making it a stellar email phishing platform (Dalton, smilingraccoon, hostess, AvidHacker, and others).

Dalton has been contributing code like crazy and has helped implement a new authentication scheme using the Devise gem, as well as a system that creates an audit trail for all successful logins to PF. The biggest contribution was his sleek code that now allows for sending of email messages in the background using sidekiq which communicates with redis.

Installing Phishing Frenzy

If you’re not a rails guru or haven’t ever dabbled with ruby on rails, the installation process might seem overwhelming. I’ve created this helpful video which follows the newly created wiki on how to get up and running with PF on Kali linux.

Checkout the github repository and wiki for more resources

New Shiny Layout

PF now comes with a new shiny layout that is built with bootstrap.  It’s a huge improvement from the old interface and gives the application a much cleaner look if I may say so myself. The new logo was created by a close friend Michael Schoenecker. If you need any digital photography work done, feel free to contact Michael.

Phishing Frenzy Login

 

Manage Email Phishing Campaigns with PF

 

Sending Emails with Sidekiq

Another one of our additions is the ability send emails in the background using Sidekiq. This is a critical piece if you are planning on sending lots of emails for a campaign. If you don’t send emails in the background it will hang the console while sending out each email one by one. You are not required to send emails using Sidekiq but the Admin interface gives you an option to toggle this feature on and off if you so choose.

Also Sidekiq gives us a nice console where we can manage our queues and see each email as it is processed one by one.

Outro

We are continually improving the PF platform so stay tuned for some of the newest features coming soon. If you would like to request a feature or submit a bug, please visit our Github repository located at:

https://github.com/pentestgeek/phishing-frenzy

Keep on Phishing!

Share this article

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmail
9 Comments
  • Hello,
    I wanted to know if phishingfrenzy is local installation or my local machine ? for example can it be like Nessus vulnerability scanner on 127.0.0.1 with specific port ?

    Thanks

  • Does phising frenzy have templates to phising apple ID?

  • Hello guys
    I’m really a big fan of yours and I hope your project will grow bigger and bigger !
    I haven’t got any problem during the installing process and I’ve following your guide step by step and everything seemed so perfect
    but suddenly, the only one issue I had is I can’t connect to the PF server
    when I tried to connect to the the server localhost my Iceweasel browser be like :
    “Iceweasel can’t find the server at http://www.phishingfrenzy.local
    I’ve tried to check every single step to see what I’ve done wrong by it’s seems like I did exactly the same as you suggested in your video I think ,
    I’ll be more than thankful if you could help me with that

    and thank you so much for your hard work

  • I’m stuck installing nokogiri. I had to do a bundle install to get rake. and the bundle install fails to install nokogiri
    Here is my error
    http://pastebin.com/VVtGTgRc

  • Hey guys, saw your presentation at Derby and was gearing up to install PF.

    I was following along with your wiki and tutorial and found an error or two. During the rake db:migrate command I was getting an error that it could not login. This was due to the database not matching the login information that was inputted by default. (I like to start with default settings and then change to ensure that any of my own inputs are not causing issues if I run into them.)

    The default database name was incorrect, set as “pf_dev” and the script had named the database “phishing_frenzy_development”

    It took a few playbacks of your video to copy the original defaults and then re-run the rake commands and it worked.

    Also, an additional line is now generated to be pasted into the apache2.conf file. appended with a

    After that no errors… But there’s still a problem. I run sidekiq and apachectl and browse to phishingfrenzy.local and get a problem loading page.

    I went through the installation piece by piece and can’t seem to find the problem. Checked the installation video back and forth, and still can’t find it. I removed the from the apache2.conf file and still can’t seem to get it.

    The only things that seem to be different is Ruby is 2.1.1 and passenger is 4.0.40 but you wouldn’t think that would just break all the things.

    Any thoughts? Am I missing something THAT obvious?

    -SFisher

  • ok i’ve got it installed. i’m not a html expert. trying to create new template – what exactly is the format needed to go into the email, www files.
    my best effort just got an email send out with html source code.

    • zeknox

      Here is the minimum you would want to send out an email. There are other ways to accomplish this task, but here is an example that works for me.

      From: #{display_from} < #{from}>
      BCC: #{to}
      MIME-Version: 1.0
      Content-Type: Multipart/Related; boundary="00123"
      Subject: #{subject}

      --00123
      Content-Type: Text/HTML; charset=ISO-8859-1
      Content-Transfer-Encodding: 7bit

      html_tags

      Just put your html tags where “html_tags” is located and it will render whatever html you code. Often times you can design the email in outlook or thunderbird and import them into the email file.

      Eventually this will change a bit when we update the software to use rails ActiveMailers, but for now this will work.

  • Leave a Reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Share This

    Recent Posts

    Subscribe To Our Mailing List

    The Ultimate Burp Suite Training Program

    Learn Network Penetration Testing

    Penetration Testing

    Categories

    Metasploit

    Web Application Hacking


    Brandon McCann

    Copyright 2024

    css.php

    The Ultimate Phishing Framework

    Enter your email address below to discover the secrets of a successful Email Phishing campaign. 

    This completely free e-book will teach you the theory on how to phish like one of the pros. 

    Written by the creator of the most powerful email phishing framework on the market today!

    Download your free e-book and start phishing right now!

     

    You have Successfully Subscribed!