Zum Inhalt

König Phisher Sozialtechnik Toolkit Cheat Blatt

generieren

Überblick

King Phisher ist ein professionelles Phishing-Kampagne-Toolkit, das von RSM US LLP entwickelt wurde, um Benutzerbewusstsein zu testen und zu fördern. Es bietet einen kompletten Rahmen für die Erstellung, Verwaltung und Analyse von Phishing-Kampagnen mit erweiterten Reporting-Funktionen.

ZEIT Warnung: Dieses Tool ist nur für autorisierte Sicherheitstests und Aufklärungstraining gedacht. Stellen Sie sicher, dass Sie eine ordnungsgemäße Autorisierung haben, bevor Sie Phishing-Kampagnen durchführen.

Installation

Ubuntu/Debian Installation

```bash

Add King Phisher repository

wget -q https://github.com/rsmusllp/king-phisher/raw/master/data/client/king_phisher_icon.ico echo 'deb https://github.com/rsmusllp/king-phisher/raw/master/data/server/king_phisher_server.py /'|sudo tee /etc/apt/sources.list.d/king-phisher.list

Install via package manager

sudo apt update sudo apt install king-phisher

Manual installation

git clone https://github.com/rsmusllp/king-phisher.git cd king-phisher sudo ./tools/install.sh ```_

CentOS/RHEL Installation

```bash

Install dependencies

sudo yum install python3 python3-pip git

Clone repository

git clone https://github.com/rsmusllp/king-phisher.git cd king-phisher

Install Python dependencies

pip3 install -r requirements.txt

Install King Phisher

sudo ./tools/install.sh ```_

Docker Installation

```bash

Build Docker image

git clone https://github.com/rsmusllp/king-phisher.git cd king-phisher docker build -t king-phisher .

Run King Phisher server

docker run -it -p 80:80 -p 443:443 king-phisher ```_

Basisnutzung

Starting King Phisher Server

```bash

Start server with default configuration

sudo king-phisher-server

Start with custom configuration

sudo king-phisher-server -c /path/to/config.yml

Start with specific interface

sudo king-phisher-server -a 0.0.0.0

Start with custom port

sudo king-phisher-server -p 8080 ```_

Starting King Phisher Client

```bash

Start GUI client

king-phisher-client

Connect to remote server

king-phisher-client --server https://server.com

Use specific configuration

king-phisher-client --config /path/to/client_config.json ```_

Konfiguration

Serverkonfiguration (server_config.yml)

```yaml

Basic server configuration

server: bind: host: 0.0.0.0 port: 80 ssl: enabled: true host: 0.0.0.0 port: 443 cert: /path/to/cert.pem key: /path/to/key.pem

Database configuration

database: driver: postgresql host: localhost port: 5432 database: king_phisher username: king_phisher password: password

Email configuration

email: smtp: host: smtp.gmail.com port: 587 username: your-email@gmail.com password: app-password use_tls: true

Logging configuration

logging: level: INFO file: /var/log/king-phisher.log ```_

Client Konfiguration

json \\\\{ "server": "https://king-phisher.local", "server_username": "username", "server_use_ssl": true, "server_verify_ssl": false, "gui": \\\\{ "show_campaign_graph": true, "show_campaign_map": true \\\\} \\\\}_

Kampagnenmanagement

Kampagnen erstellen

```bash

Campaign components:

1. Email template

2. Landing page

3. Target list

4. SMTP configuration

5. Campaign settings

```_

Email Vorlagen

```html

Security Alert

Security Alert - Immediate Action Required

Dear \\\\{\\\\{ client.first_name \\\\}\\\\} \\\\{\\\\{ client.last_name \\\\}\\\\},

We have detected suspicious activity on your account associated with \\\\{\\\\{ client.email_address \\\\}\\\\}.

Please verify your account immediately to prevent suspension.

Verify Account Now

This link will expire in 24 hours.

Best regards,
IT Security Team

```_

Landing Pages

```html

Account Verification

This verification is required to maintain account security.

```_

Ziellisten

```csv

CSV format for target import

first_name,last_name,email_address,department,company John,Doe,john.doe@company.com,IT,Acme Corp Jane,Smith,jane.smith@company.com,HR,Acme Corp Bob,Johnson,bob.johnson@company.com,Finance,Acme Corp Alice,Williams,alice.williams@company.com,Marketing,Acme Corp ```_

Erweiterte Funktionen

Mustervariablen

```html

\\{\\{ client.first_name \\}\\} \\{\\{ client.last_name \\}\\} \\{\\{ client.email_address \\}\\} \\{\\{ client.company_name \\}\\} \\{\\{ client.department \\}\\} \\{\\{ url.webserver \\}\\} \\{\\{ url.tracking_image \\}\\} \\{\\{ time.local \\}\\} \\{\\{ time.utc \\}\\} ```_

Kundenspezifische Felder

```python

Add custom fields to campaigns

custom_fields = \\{ 'employee_id': 'EMP001', 'manager': 'John Manager', 'location': 'New York Office', 'security_level': 'Standard' \\} ```_

Plugins und Erweiterungen

```python

King Phisher plugin structure

import king_phisher.plugins as plugin_manager

class CustomPlugin(plugin_manager.ClientPlugin): authors = ['Your Name'] title = 'Custom Plugin' description = 'Custom functionality for King Phisher' version = '1.0'

def initialize(self):
    # Plugin initialization code
    pass

def finalize(self):
    # Plugin cleanup code
    pass

```_

Reporting und Analytics

Campaign Statistik

```python

Access campaign data via API

import king_phisher.client.client_rpc as client_rpc

Connect to server

rpc = client_rpc.KingPhisherRPCClient( ('server.com', 443), username='admin', password='password', use_ssl=True )

Get campaign statistics

campaign_id = 1 stats = rpc.remote_table_row('campaigns', campaign_id) messages = rpc.remote_table('messages', query_filter=\\{'campaign_id': campaign_id\\}) visits = rpc.remote_table('visits', query_filter=\\{'campaign_id': campaign_id\\}) credentials = rpc.remote_table('credentials', query_filter=\\{'campaign_id': campaign_id\\})

print(f"Messages sent: \\{len(messages)\\}") print(f"Visits: \\{len(visits)\\}") print(f"Credentials harvested: \\{len(credentials)\\}") ```_

Geografische Analyse

```python

Analyze visitor geographic data

import geoip2.database

def analyze_visitor_locations(visits): reader = geoip2.database.Reader('/path/to/GeoLite2-City.mmdb') locations = \\{\\}

for visit in visits:
    try:
        response = reader.city(visit['visitor_ip'])
        country = response.country.name
        city = response.city.name

        location = f"\\\\{city\\\\}, \\\\{country\\\\}"
        locations[location] = locations.get(location, 0) + 1
    except:
        pass

return locations

```_

Zeitanalyse

```python

Analyze campaign timeline

import datetime import matplotlib.pyplot as plt

def plot_campaign_timeline(visits): timestamps = [datetime.datetime.fromisoformat(v['visit_time']) for v in visits] timestamps.sort()

# Group by hour
hourly_counts = \\\\{\\\\}
for ts in timestamps:
    hour = ts.replace(minute=0, second=0, microsecond=0)
    hourly_counts[hour] = hourly_counts.get(hour, 0) + 1

# Plot timeline
hours = list(hourly_counts.keys())
counts = list(hourly_counts.values())

plt.figure(figsize=(12, 6))
plt.plot(hours, counts, marker='o')
plt.title('Campaign Activity Timeline')
plt.xlabel('Time')
plt.ylabel('Visits')
plt.xticks(rotation=45)
plt.tight_layout()
plt.savefig('campaign_timeline.png')

```_

Sicherheitsmerkmale

SSL/TLS Konfiguration

```bash

Generate SSL certificate

openssl req -newkey rsa:4096 -nodes -keyout king-phisher.key -x509 -days 365 -out king-phisher.crt

Configure Let's Encrypt

certbot certonly --standalone -d yourdomain.com ```_

Authentifizierung und Zulassung

```yaml

User authentication configuration

authentication: provider: pam # or ldap, database

LDAP configuration

ldap: server: ldap://ldap.company.com base_dn: dc=company,dc=com user_filter: (sAMAccountName=\\{username\\})

Database authentication

database_auth: table: users username_column: username password_column: password_hash ```_

Zugriffskontrolle

```python

Role-based access control

user_permissions = \\{ 'admin': ['campaign.create', 'campaign.delete', 'user.manage'], 'operator': ['campaign.create', 'campaign.view'], 'viewer': ['campaign.view'] \\} ```_

API Integration

REST API Verwendung

```python

King Phisher REST API client

import requests import json

class KingPhisherAPI: def init(self, server_url, username, password): self.server_url = server_url self.session = requests.Session() self.authenticate(username, password)

def authenticate(self, username, password):
    auth_data = \\\\{
        'username': username,
        'password': password
    \\\\}
    response = self.session.post(f"\\\\{self.server_url\\\\}/api/login", json=auth_data)
    return response.status_code == 200

def get_campaigns(self):
    response = self.session.get(f"\\\\{self.server_url\\\\}/api/campaigns")
    return response.json()

def create_campaign(self, campaign_data):
    response = self.session.post(f"\\\\{self.server_url\\\\}/api/campaigns", json=campaign_data)
    return response.json()

def get_campaign_stats(self, campaign_id):
    response = self.session.get(f"\\\\{self.server_url\\\\}/api/campaigns/\\\\{campaign_id\\\\}/stats")
    return response.json()

```_

Webhook Integration

```python

Webhook for real-time notifications

from flask import Flask, request import json

app = Flask(name)

@app.route('/webhook', methods=['POST']) def handle_webhook(): data = request.get_json()

if data['event_type'] == 'visit':
    # Handle website visit
    print(f"New visit from \\\\{data['visitor_ip']\\\\}")
elif data['event_type'] == 'credentials':
    # Handle credential submission
    print(f"Credentials submitted: \\\\{data['username']\\\\}")

return 'OK'

if name == 'main': app.run(host='0.0.0.0', port=5000) ```_

Evasion Techniken

E-Mail senden

```html

From: IT Security <security@company-portal.com>

Subject: [Action Required] Account Security Verification

Click Here

```_

Domain Reputation

```bash

Use aged domains

Purchase expired domains with good reputation

Use subdomain takeover techniques

Implement proper SPF/DKIM/DMARC records

Example SPF record

v=spf1 include:_spf.google.com ~all

Example DKIM record

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC...

Example DMARC record

v=DMARC1; p=quarantine; rua=mailto:dmarc@company.com ```_

Inhaltsverzeichnis

```html

Verify Account

PHISHINGLegitimateATTACK Content ```_

Fehlerbehebung

Server-Ausgaben

```bash

Check server status

sudo systemctl status king-phisher

View server logs

sudo journalctl -u king-phisher -f

Test server connectivity

curl -k https://localhost/ping

Check database connection

sudo -u king-phisher psql -d king_phisher -c "SELECT version();" ```_

Lieferung von E-Mails

```bash

Test SMTP configuration

python3 -c " import smtplib server = smtplib.SMTP('smtp.gmail.com', 587) server.starttls() server.login('user@gmail.com', 'password') server.quit() print('SMTP connection successful') "

Check DNS records

dig TXT company.com|grep spf dig TXT _domainkey.company.com dig TXT _dmarc.company.com

Test email deliverability

echo 'Test email'|mail -s 'Test Subject' test@company.com ```_

SSL/TLS Ausgaben

```bash

Verify certificate

openssl x509 -in /path/to/cert.pem -text -noout

Test SSL configuration

openssl s_client -connect domain.com:443 -servername domain.com

Check certificate chain

curl -vI https://domain.com ```_

Leistungsfragen

```bash

Monitor resource usage

top -p $(pgrep king-phisher)

Check database performance

sudo -u postgres psql -d king_phisher -c " SELECT schemaname,tablename,attname,n_distinct,correlation FROM pg_stats WHERE schemaname='public'; "

Optimize database

sudo -u postgres psql -d king_phisher -c "VACUUM ANALYZE;" ```_

Ressourcen

--

*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Verwendung von King Phisher. Stellen Sie immer sicher, dass Sie eine ordnungsgemäße Autorisierung haben und ethische Richtlinien bei der Durchführung von Phishing-Simulationen beachten. *