SecureState Blog

Read SecureState's award winning blog.

Friday January 3, 2014 marked the release of SecureState’s newest open source project, a tool designed to run email based social engineering campaigns, dubbed “King-Phisher.” This project was the product of an internal SecureState event known as “Innovation Day,” where the employees are granted time to work on various projects relevant to the information security industry.

Members of the SecureState Research & Innovation team set out to make a phishing tool that would UncleSammeet the highly specialized demands of their clients. Many clients want custom tailored solutions specifically for their needs. The HTTP server component of King Phisher facilitates serving static HTML content. Incoming requests are then monitored for specific parameters which correspond to recorded information in the database to track new and returning visitors. Using this form of content serving allows King-Phisher to be very flexible in what content is provided to the targeted users. The new Python powered King-Phisher tool has features such as SMS reporting and credential harvesting, which not all other tools support.

King-Phisher comes with several default templates for both emails and landing pages with more coming soon. The aim of the project has been to help increase and test user awareness against email based social engineering threats. Furthermore, King-Phisher makes adding a tracking dot to its phished victims relatively easy. Using this feature, users who open their emails and load images can be tracked to identify valid email addresses. This is the tactic that can be leveraged against Google’s new default Gmail image loading policy.


Download King Phisher Today!  [CLICK HERE].