What's new in King Phisher 1.14.0
Aug 2, 2019
- Added the Message-ID MIME header to outgoing messages
- Attempt SSH authentication with all agent-provided SSH keys
- Deleted Pipfile.lock from repository to prevent hash issues between python interpreter versions
- Add --three to pipenv install and pipenv --update startup procedures to force use of Python 3
- Added server support for installing missing plugin requirements during initialization
- Added asynchronous RPC methods to the client
- Added GraphQL and database schema documentation
- Changed Target URL to Web Server URL in Campaign Editor
- Added the ability issue SSL Certificates through certbot
New in King Phisher 1.13.1 (Apr 20, 2019)
- Fixed broken references to start_process
- Fixed a KeyError when creating a campaign for the first time
- Updated SQLAlchemy and Jinja2 libraries for security patches
New in King Phisher 1.13.0 (Apr 5, 2019)
- Added support for logging MFA tokens with credentials
- Added support for using regular expressions to validate credentials
- Automatically try to install plugin dependencies with pip from PyPi
- Added advanced, rule-based filtering support to the Campaign tabs
- Added site template metadata
- Site templates can now include a metadata file for describing their content
- The Campaign Assistant will help select a target URL based on available templates
New in King Phisher 1.12.0 (Nov 8, 2018)
- Added support for users to set their email address for campaign alerts via email
- Added additional plugin metadata fields for reference URLs and category classifiers
- Added additional documentation including an architecture overview for reference
- Multiple improvements to the client plugin manager
- There is now an option to update plugins in the menu
- Plugins can ship with dedicated documentation in markdown files that will be displayed
- The GUI no longer locks up while tasks like downloading plugins are taking place
- Added the new fetch Jinja function and fromjson Jinja filter
- Added campaign-alert-expired and campaign-expired server signals
- Switched to using Pipenv to manage the environment and dependencies
- MSI Build Hashes:
New in King Phisher 1.11.0 (Apr 13, 2018)
- Updated to support matplotlib version 2.2.0
- Removed docker server support
- Multiple improvements to the installation script
- Users can now specify a supported Linux distro when it is not automatically detected
- The database connection string is kept to avoid PostgreSQL password resets
- Added support for setting message UID character set options
- Bumped the required minimum version of Python to 3.4 and GTK to 3.14
- Update Windows build to use pygi-aio-3.24.1_rev1 PyGObjects
- Multiple bug fixes.
New in King Phisher 1.10.0 (Mar 17, 2018)
- Added a campaign-alert server signal for custom alert delivery mechanisms
- Use GraphQL for loading data instead of the legacy table-based API
- Support fault-tolerance when dispatching server signals
- Allow a country code to be set in users' phone numbers
- Visits will now be tracked if the landing page is any existing type
- Multiple RPC Terminal improvements
- Fix a bug regarding line wrapping due to the TERM environment variable
- Use ipython when it's installed
- Added %graphql and %graphql_file magic commands
- Tweaks to the default MIME-encoded HTML message to reduce it's SpamAssassin score
- Modified client signals to allow better API control
- Added message-create and target-create for modifying the respective objects
- Added message-send and target-send to allow skipping the message and target
- Removed the send-message and send-target signals in favor of the new ones
New in King Phisher 1.9.0 (Nov 23, 2017)
- Support resetting plugins options to their respective defaults
- Moved Office 2007+ metadata removal to a new plugin
- Added support for installing plugins from remote sources through the UI
- Added timeout support for SPF DNS queries
- Support for installing on Arch Linux
- Multiple server improvements
- Upgrade AdvancedHTTPServer to v2.0.11 to support async SSL handshakes
- Support using an include directive in the server configuration file
- Added a request-handle signal for custom HTTP request handlers
- Removed address support from the server config in favor of addresses
- Support login as an alias of the username parameter for credentials
New in King Phisher 1.8.0 (Jun 7, 2017)
- Warn Python 2.7 user that this is the last release Python 2.7 will be supported
- The Windows MSI Build is now in Python 3.4
- Install script now supports Red Hat Server 7
- Support the client on OS X by using Docker
- Support for issuing certificates with acme while the server is running
- Add a wrapping tool for certbot to make the process easier
- Updated tools/cx_freeze.py to build the King Phisher client in Python 3.4
- Updated documentation for the Windows build
- Multiple Bug Fixes, and tweaks to make things run smoothe
New in King Phisher 1.7.1 (Apr 18, 2017)
- Bug fix in the Windows build for HTTPS connections from the requests package
New in King Phisher 1.7.0 (Apr 5, 2017)
- Better error messages for malformed server configuration files
- Support for sending to targets via To / CC / BCC fields
- New features for client and server plugins
- Add comparison of "trained" statistics to the campaign comparison
- Support for including and importing Jinja templates from relative paths
- Support for including custom HTTP headers in server responses
- New feature to import Campaigns from XML files
- Support for emails address with longer top level domain names
New in King Phisher 1.6.0 (Feb 2, 2017)
- Support negotiating STARTTLS with SMTP servers that support it
- Support for real time event publishing to the client
- Support for a new GraphQL API for more efficient data queries
- More flexibility in configuring server logging
- Add persistent storage for server plugin data
- Add a Jinja function to check if a password is complex
- Add client message-data-export and message-data-import signals
- King Phisher now starts with Python3 by default
- tools/install.sh now creates a backup of server_config.yml when present
- MINOR BUG FIXES:
- Minor CSS fixes
- Special characters now display in the UI correctly
New in King Phisher 1.5.2 (Jan 26, 2017)
- Minor bug fixes
- Use Default SMS sender to fix SMS subscription with T-Mobile
- Upgrade AHS to v2.0.6 to fix select polling
- Corrected issue when attachment file is inaccessible
- Fixed issue when message file directory is gone
- Fixed server side encoding error with basic auth
- Fixed TypeError handling while rendering templates
- Fixed a unicode bug when processing targets csv
- Fixed install.sh script for CentOS7 and python3
- Fixed show exception dialog with Glib idle_add
- Fixed a logic bug causing premature SMTP reconnects
- Fixed Webkit-1 load_string Null error
New in King Phisher 1.5.1 (Jan 26, 2017)
- Automated installation script improvements
- Backup an existing server configuration file
- Log warnings when the PostgreSQL user exists
- Improve the Metasploit plugin for session notifications via SMS
- Support exporting credentials for use with Metasploit's USERPASS_FILE option.
New in King Phisher 1.5.0 (Sep 23, 2016)
- SPF button on GUI, for on demand SPF record checking
- Additional packages included in Windows build for plugin support
- Bug fixes:
- Windows time zone issues fixed
- dnspython support updated
New in King Phisher 1.4.0 (Aug 9, 2016)
- Added additional Jinja variables for server pages
- Upgraded to AdvancedHTTPServer version 2
- Added support for binding to multiple interfaces
- Added support for multiple SSL hostnames via SNI
- Support for plugins in the server application
- Campaign Comparison Tools
- Added server signals for event subscriptions in plugins
- Updated the style for GTK 3.20
- Start to warn users about the impending Python 2.7 deprecation
- Change to installing for Python 3
- Added an uninstallation script
New in King Phisher 1.3.0 (Jun 14, 2016)
- Added automatic setup of PostgreSQL database for the server
- Server bug fixes when running on non-standard HTTP ports
- Added completion to the messaged editor
- Support for plugins in the client application
- Added a client plugin to automatically check for updates
- Added a client plugin to generate anonmous statistics
- Added debug logging of parameters for key RPC methods
- Lots of Python 3.x compatiblity fixes
New in King Phisher 1.2.0 (Jun 14, 2016)
- SSH host key validation
- Install script command line flags
- Support for authenticating to SMTP servers
- Style and compatibility changes for Kali
New in King Phisher 1.1.0 (Jun 14, 2016)
- Added an option to send a message to a single target
- Support for sending calendar invite messages
- Added PostgreSQL setup to the installer
- Support for exporting to Excel
- Added a Jupyter notebook for interactive data analysis
- Added additional campaign filtering options
- Support for removal of metadata from Microsoft Office 2007+ documents
New in King Phisher 1.0.0 (Jun 14, 2016)
- Moved templates to a dedicated separate repository
- Added a custom theme for the client
- Added support for two factor authentication with TOTP
- Support for specifying an img style attribute for inline images in messages
New in King Phisher 0.3.0 (Jun 14, 2016)
- Added a new campaign creation assistant
- Support for expiring campaigns at a specified time
- Track more details when messages are opened such as the IP address and User Agent
- Support for tagging campaign types
- Support for organizing campaigns by companies
- Support for storing email recipients department name
New in King Phisher 0.2.1 (Jun 14, 2016)
- Added syntax highlighting to the message edit tab
- Technical documentation improvements, including documenting the REST API
- Support reloading message templates when they change from an external editor
- Support for pulling the client IP from a cookie set by an upstream proxy
- Support for embedding training videos from YouTubeAdded a Metasploit plugin for using the REST API to send SMS messages
- Support for exporting visit information to GeoJSON
New in King Phisher 0.2.0 (Jun 14, 2016)
- Added additional graphs including maps when basemap is available
- Added geolocation support
- Made dashboard layout configurable
- Support for cloning web pages
- Support for installing on Fedora
- Support for running the server with Docker
New in King Phisher 0.1.7 (Jun 14, 2016)
- Added make_csrf_page function
- Added server support for SSL
- Support verifying the server configuration file
- dded a desktop file and icon for the client GUI
- Added support for operating on multiple rows in the client's campaign tables
- Support starting an external SFTP application from the client
- Tweaked miscellaneous features to scale for larger campaigns (35k+ messages)
- Updated AdvancedHTTPServer to version 0.4.2 which supports Python 3
- Added integration for checking Sender Policy Framework (SPF) records
New in King Phisher 0.1.6 (Jun 14, 2016)
- Migrated to SQLAlchemy backend (SQLite will no longer be supported for database upgrades) ◦Added support for PostgreSQL as a DBMS backend
- Added additional documentation to the wiki
- Enhanced error handling and UI documentation for a better user experience
- Support for quickly adding common dates and times in the message editor
New in King Phisher 0.1.5 (Jun 14, 2016)
- Added support for inline images in emails
- Import and export support for message configurations
- Highlight the current campaign in the selection dialog