king phisher v1.12.0 release: Phishing Campaign Toolkit

King Phisher is a tool for testing and promoting user awareness by simulating real-world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.

King Phisher is only to be used for legal applications when the explicit permission of the targeted organization has been obtained.

Feature Overview

  • Run multiple phishing campaigns simultaneously
  • Send email with embedded images for a more legitimate appearance
  • Optional Two-Factor authentication
  • Credential harvesting from landing pages
  • SMS alerts regarding campaign status
  • Web page cloning capabilities
  • Integrated Sender Policy Framework (SPF) checks
  • Geo location of phishing visitors
  • Send email with calendar invitations

Changelog v1.12.0

  • Added support for users to set their email address for campaign alerts via email
  • Added additional plugin metadata fields for reference URLs and category classifiers
  • Added additional documentation including an architecture overview for reference
  • Multiple improvements to the client plugin manager
    • There is now an option to update plugins in the menu
    • Plugins can ship with dedicated documentation in markdown files that will be displayed
    • The GUI no longer locks up while tasks like downloading plugins are taking place
  • Added the new fetch Jinja function and fromjson Jinja filter
  • Added campaign-alert-expired and campaign-expired server signals
  • Switched to using Pipenv to manage the environment and dependencies


Copyright (c) 2013-2018, SecureState LLC
All rights reserved.