We are happy to announce the long awaited release of version 1.6.
The development of version 1.6 is massive compared to prior releases. The major changes are to the back-end API calls too and from the King Phisher server. Utilizing AdvancedHTTPServer capabilities for web sockets, the server will now alert the client when there are changes to the database tables. This allows the King Phisher Client to subscribe to database tables, and even more granular specific information related to your current campaign. When changes are made the client will be alerted to what information changed, so the client knows exactly what information to request. By default the King Phisher Client will subscribe to your current campaign and provide live updates to the campaign tabs as targets open up the email, visit the landing page, and submit credentials.
For those who are enjoying King Phisher plug-ins, you can have your client plug-ins subscribe to campaigns and/or tables. Don’t worry there is even a new feature for server plug-ins, they get the capability of persistent data storage.
While these changes were taking place we moved forward adding in additional functionality to the API by integrating GraphQL and Graphene libraries. With these libraries it allows for more efficient API calls to the server for information retrieval. For those that run massive phishing campaigns you will notice a significant change in the speed of opening and loading your campaigns.
The she-bang line is now set to python3. You will no longer have to prefix
python3 when launching the application. If you are already running King Phisher with python3 follow the updating instructions on the Wiki. If you are running King Phisher with python2 we recommend running the
tools\install.sh script to upgrade to python3. Once you have successfully run the install script copy the configuration backup by doing
cp server_config.yml.bck server_config.yml. There is no need now to create a backup of your server configuration file prior to running the install script. We have updated its functionality to automatically create numbered backups for you. These numbered backups will look like the following if you run the script multiple times: server_config.yml.bck, server_config.yml.bck.~1~, server_config.yml.bck.~2~, etc. This way if you have several iterations of utilizing the tools/install.sh you can choose which backup to restore from.
Here is a list of all changes to King Phisher in version 1.6.0 from the change log:
- Support negotiating STARTTLS with SMTP servers that support it
- Support for real time event publishing to the client
- Support for a new GraphQL API for more efficient data queries
- More flexibility in configuring server logging
- Add persistent storage for server plugin data
- Add a Jinja function to check if a password is complex
- Add client
- King Phisher now starts with Python3 by default
tools/install.shnow creates a backup of server_config.yml when present
- Minor bug fixes
- Minor CSS fixes
- Special characters now display in the UI correctly
We hope you enjoy it as much as we’ve enjoyed working on it. Happy Phishing!
King Phisher version 1.6.0 can be found under the releases page here: https://github.com/securestate/king-phisher/releases/tag/v1.6.0