Top 5 Phishing Simulators

 

Phishing

Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details or other sensitive details, by impersonating oneself as a trustworthy entity in a digital communication. 

 

1. Phishing Frenzy

While this open-source Ruby on Rails application is designed as a penetration testing tool, it has many features that could make it an effective solution for internal phishing campaigns. Perhaps the most important feature is the ability to view detailed campaign stats and easily save the information to a PDF or an XML file. You can probably guess the “however” part that’s coming up: Phishing Frenzy is a Linux-based application, with installation not to be handled by a rookie.

2. King Phisher

With this open-source solution from SecureState, we are entering the category of more sophisticated products. King Phisher’s features are plentiful, including the ability to run multiple campaigns simultaneously, geo location of phished users, web cloning capabilities, etc. A separate template repository contains templates for both messages and server pages. User interface is clean and simple. What is not that simple, however, is installation and configuration. King Fisher server is only supported on Linux, with additional installation and configuration steps required depending on flavor and existing configuration.

3. SpeedPhish Framework (SPF)

Another Python tool created by Adam Compton. SPF includes many features that allow you to quickly configure and perform effective phishing attacks, including data entry attack vector (3 website templates are included, with possibility of using custom templates as well). While a tech-savvy security professional can have a lot of fun with SPF and will be able to run phishing campaigns against multiple targets, it is still mainly a pentesting tool, with many great features (such as email address gathering) being of little importance for someone performing internal phishing tests.

4. Social-Engineer Toolkit (SET)

Another tool from TrustedSec, which, as the name suggests, was designed for performing various social engineering attacks. For phishing, SET allows for sending spear-phishing emails as well as running mass mailer campaigns, as well as some more advanced options, such as flagging your message with high importance and adding list of target emails from a file. SET is Python based, with no GUI. As a penetration testing tool, it is very effective. As a phishing simulation solution, it is very limited and does not include any reporting or campaign management features.

5. SpearPhisher BETA

This tool isn’t trying to deceive anyone (other than its phishing targets). Developed by TrustedSec, SpearPhisher says it all right in the description: “A Simple Phishing Email Generation Tool.” With an emphasis on ‘simple.’ Designed for non-technical users, SpearPhisher is a Windows-based program with a straightforward GUI. It allows you to quickly craft a phishing email with customized From Email, From Name, and Subject fields and includes a WYSIWYG HTML editor and an option to include one attachment. You can send the crafted email to several recipients via adding email addresses to To, CC, and BCC fields. The program has been in Beta since 2013, so it’s not likely to see any updates in the near future.