• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2019
  • August
  • 3
  • FiercePhish – Full-fledged Phishing Framework

FiercePhish – Full-fledged Phishing Framework

August 3, 2019 Comments Off on FiercePhish – Full-fledged Phishing Framework
best phishing framework fierce phish how to use fierce phish

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more. The features will continue to be expanded and will include website spoofing, click tracking, and extensive notification options.

The current functionality with this framework are:

  • FiercePhish URL Prefix – this to change the console URL
  • Phishing Campaigns – allows you to create large phishing campaigns that send emails over whatever length of time you would like. You simply give it an “Email Template”, “Target User List”, and sending schedule and it will take care of the rest.
  • Email Simple Sending – Sometimes all you want to do is send one simple phishing email without the hassle of creating everything needed for a campaign.
  • Catch-all Inbox – allows you to receive emails to the domain you have setup for FiercePhish to use. This is incredibly useful if a phishing target replies to an email or you get a “vacation” message.
  • Email Configuration Check – It can be a hassle to check if all DNS entries are properly configured to bypass spam filters. Luckily, FiercePhish has you covered with the configuration check. It will parse A records, MX records, and SPF records to ensure they are properly configured for you to begin sending emails.
  • Activity Logs – Keeping track of all activity is extremely important for penetration tests and especially phishing exercises.
  • Fast Replacement – Sometimes you will want to kill a server that has been burned by a phishing campaign and stand up a new server. The worst part about that is losing all the data associated with that first server! This framework has an easy Import/Export feature which allows you to quickly export all the data from one server and import it into the new server. It makes standing up new systems and tearing down old systems a breeze. All information is transferred, including Activity Logs.
  • User Management and 2-Factor Authentication.

 

Quick Automated Install

For more information (like a manual installation method), see the wiki pages

This is the preferred method of installing FiercePhish + SMTP + IMAP services.

Supported Operating Systems

  • Ubuntu 16.04
  • Ubuntu 16.10
  • Ubuntu 18.04

(Fresh installs are expected, but the installer should work on a used OS with no problems)

(Ubuntu 14.04 support has been removed. To install FiercePhish on 14.04, read these instructions)

If you would like a different OS distribution supported, create a Github issue

Recommended Prerequisites

  • Purchase a domain name to send emails from

This isn’t required, but it is heavily suggested. Phishing campaigns where you spoof an active domain you don’t own are extremely susceptible to being spam filtered (unless the domain’s SPF record is improperly configured). The best way to perform a phishing campaign is by buying a generic domain that can fool someone (“yourfilehost.com”) or a domain that is very similar to a real domain (“microsoft-secure.com”).

Installation Method #1 (remote curl download)

This method is probably the easiest way to install/configure everything. It is a fully unattended installation (aside from the beginning).

  1. You must run the installer as root:

sudo su

  1. Generate the configuration file:

curl https://raw.githubusercontent.com/Raikia/FiercePhish/master/install.sh | bash

  1. This will create a configuration file located at “~/fiercephish.config”. You must edit this file before moving on!

Click here for a detailed description of the configuration variables

  1. Once “CONFIGURED=true” is set in the configuration file, re-run the install script:

curl https://raw.githubusercontent.com/Raikia/FiercePhish/master/install.sh | bash

  1. Sit and wait. The installation could take anywhere from 5-15 minutes depending on your server’s download speed.
  2. Once the installation completes, follow the instructions it prints out. It will tell you what DNS entries to set.

Installation Method #2 (local installation run)

This method is just as easy as method #1, but the install will prompt you as it runs for the information it requires (as opposed to using a configuration file like method #1).

  1. You must run the installer as root:

sudo su

  1. Download the configuration file:

wget https://raw.githubusercontent.com/Raikia/FiercePhish/master/install.sh

  1. Set the installer as executable:

chmod +x install.sh

  1. Run the installer:

./install.sh

The installer will prompt you for the same information as is described in the configuration file for method #1. See that wiki page for information on what to provide.

  1. Sit and wait. The installation could take anywhere from 5-15 minutes depending on your server’s download speed.
  2. Once the installation completes, follow the instructions it prints out. It will tell you what DNS entries to set.

You can read more and download this framework over here: https://github.com/Raikia/FiercePhish

Post navigation

HackerPro: All in One Hacking Tool for Linux & Android
Slurp – S3 Bucket Enumerator

Related Articles

CATPHISH – Phishing and Corporate Espionage

- Phishing
October 13, 2019

Phishing Simulation – Phishing Assessment Tool

- Phishing
September 12, 2019

Hidden Eye – Modern Phishing Tool With Advanced Functionality

- Phishing
July 23, 2019
hacker gadgets
hacker phone covers

Recent Posts

Suborner - The Invisible Account Forger

Suborner – The Invisible Account Forger

February 2, 2023
DefaScan: Defacement Scan and Alert

DefaScan: Defacement Scan and Alert

February 2, 2023
curio: finds risks and vulnerabilities in your code

curio: finds risks and vulnerabilities in your code

February 1, 2023
Monomorph - MD5-Monomorphic Shellcode Packer - All Payloads Have The Same MD5 Hash

Monomorph – MD5-Monomorphic Shellcode Packer – All Payloads Have The Same MD5 Hash

February 1, 2023
A Guide to Crypto Self-Custody

A Guide to Crypto Self-Custody

February 1, 2023
CVE-2023-23924: Critical-Severity RCE Flaw Found in Popular Dompdf Library

CVE-2023-23924: Critical-Severity RCE Flaw Found in Popular Dompdf Library

February 1, 2023

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Join Our Community!

Please wait...
Get the latest News and Hacking Tools delivered to your inbox.
Don't Worry ! You will not be spammed

Active Members

Submit a Tool

Hackers Handbook 2018


Grab your copy here

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW