FiercePhish: Full-fledged Phishing Framework

Last Release: 06/13/2017     Last Commit: 07/18/2019

FiercePhish: Full-fledged Phishing Framework

Introduction

FiercePhish is a powerful open-source tool that is used in the management of various phishing operations, which allows you to effectively perform a number of phishing engagements. This tool has extensive features which makes it to be very good at what it does. The tool was originally called FirePhish but the name was changed to FiercePhish in 2017.

FiercePhish: Advanced Phishing Framework

As an advanced phishing framework, FiercePhish enables to carry out operations like scheduling when to process or send emails and also be able to track phishing campaigns that are separate. Even though the project is still under development and more features are yet to be included, you can still use FiercePhish to execute various phishing operations.

Features:

  • Phishing Campaigns
  • Activity Logs
  • URL Prefix
  • User Management
  • 2-Factor Authentication
  • Fast Replacement
  • Email Configuration Check
  • Activity Logs
Prefix establishment: allows you to create custom URL’s which can be used to hide the original source of a given activity. FiercePhish also has a feature which enables you to send individual emails to potential targets.

Since the tool has a good user management interface, all the operations carried out within it tend to be organized. To make it even better, the platform offers the use of multiple accounts.

Activity logs: you’ll have detailed information concerning when certain emails were sent and also the type of interaction that was involved.

The tool can also be useful when issuing new servers each time emails are sent through the export/import feature. With this, you can easily transfer all your data from one server to the next without losing any of the information.

By using FiercePhishh attackers can parse SPF records, MX records, and A records to confirm that good configuration has been done before the emails are processed.

Supported Platforms

  • Ubuntu [16.04, 16.10, 18.04]

Dependencies:

  • Linux, PDO PHP Extension, Rewrite PHP Extension, PHP 7.0+, PDO PHP Extension, OpenSSL PHP Extension, Tokenizer PHP Extension
Recommended: You need to have a domain. In order to carry out phishing campaigns that are effective ensure that you have a generic domain which can easily be used to trick the target.

Install FiercePhish

There are two ways through which you can install FiercePhish.

Installations using remote curl download:

Make sure to run the installer as root:

$ sudo su 

To generate a configuration file run:

curl https://raw.githubusercontent.com/Raikia/FiercePhish/master/install.sh | bash

This operation will create a configuration file in the ~/fiercephish.config, the contents of this file must be properly edited to ensure that the variables are well configured. Ensure that CONFIGURED=true has been set inside the configuration file.

Then re-run the installation script again:

curl https://raw.githubusercontent.com/Raikia/FiercePhish/master/install.sh | bash

Depending on the speed at which your server is downloading the process may take five to fifteen minutes.

Installation using local installation run:

This install option is somehow similar to the first one the only difference is that in this case, the installer will make the necessary prompts as it is running.

Begin by running the installer as root:

$ sudo su 

Download/clone the required configuration file:

$ wget https://raw.githubusercontent.com/Raikia/FiercePhish/master/install.sh 

To make the installer executable run:

$ chmod +x install.sh 

Launch the installer:

$ ./install.sh 

After this follow the same configuration procedure described in the first installation method, wait for the process to complete.

Documentation Box
Download Box