Phishing engagements they can uncover how susceptible are the employees of a company in this type of attack. The fact that almost anybody can implement very fast a phishing scam in order to obtain valid credentials and other sensitive information makes it important for companies to test the security awareness of their users and to include phishing exercises into their security testing program.  Most of the times this type of attack is successful because it is exploiting the user trust in conjunction with the lack of security awareness of the user.

However even though as a community through the years we have built frameworks and tools for almost every type of assessment we never had a tool which it will implement and manage a phishing engagement very fast, simple and with the stats that we need for our clients. Phishing Frenzy is here to close this gap and to assist the penetration testers that conduct phishing engagements.

Phishing Frenzy is a tool which created by @zeknox , a security consultant and researcher from Accuvant Labs. One of the main advantages compared to other similar tools is that you can manage your phishing tests more efficiently as you can include the scope of your engagement as well when you create a new phishing campaign.

phishing frenzy - campaign
phishing frenzy – campaign

 

Another advantages of Phishing Frenzy is that it can generate statistics regarding the users in scope (i.e. how many clicked the link?) which is always essential for the clients who order this type of test and the penetration tester as this information can be included as well in the final report.

Phishing Options
Phishing Options

 

By default there are two templates installed but you can add more so you can create multiple scenarios.

templates
Phishing Frenzy – Templates

 

In the presentation of Phishing Frenzy at DerbyCon the creator of the tool mentioned something which I believe it is really important:

“If you spend the time to create a phishing template that works with this framework, you can share it with the community…”

This is a great opportunity for the penetration testers that they are conducting phishing engagements to collaborate and to share their templates through this framework in order to make the tool even better and to improve the quality of our work.

Tool Details

Author: Brandon McCann 

Twitter Account: @zeknox

Download: https://github.com/pentestgeek/phishing-frenzy

Installation Guide: https://github.com/pentestgeek/phishing-frenzy/wiki/Installing-Phishing-Frenzy-on-Kali-Linux

Video Demonstration

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s