In this part we will go through how to install phishing frenzy. its official website covers this aspect really well. this page explains how to install this tool in various platforms like Kali, Ubuntu, please refer to
Just follow line to line and you should have no problems, once you install it, then you can configure templates, you will need to put application in production mode before you try to launch phishing campaign. following guide will show you how to use production mode.
once application is in production mode you can download templates for testing or using using following URL
If you face any problems with phishing frenzy use following link to troubleshoot before you raising any ticket in GITHUB, believe me it took me a good week to completely understand how it works. its got load of moving parts like sidekiq, configuring email, campaigns, making campaigns active, and much more, following will come in real handy.
once you install template customizing is easy go to campaign section it is pretty much self explanatory, next email setting following is my email settings.
Subject : Office 365 update
Display from: IT Services
Reply to : firstname.lastname@example.org
Phishing URL: subdomain.fakedomain.com/deployed/campaigns/1/index.php
Please note in above you must have valid reply to email address, your campaign number might be different. never host your phishing website on same domain, it will cause your phishing frenzy admin portal to go down. also your FQDN must be specified correctly.
This is where is struggled alot, i choose to use gmail first then, clearly it does not work anymore because emails coming from gmail will be ignored in companies, next option is to use sendgrid, it work perfect, but only problem is lot of firewalls will block these because of advertisement spam, that leaves us with either buying domain from godaddy or register free email account for work from google and finally setting my own email server. last option looks good to me. i am a bit of control freak you can say i would like all things in my control, so i can create any number of email accounts i i want i choose to go with custom email server. following are our setting. for setting up custom mail server follow post one create mail server record, go to iredmail, install it in new droplet, simple.
following are our SMTP settings.
pre poulate : select or none
SMTP outbound server : mail.domain.com
SNOT domain : mail.domain.com
SMTP Authentication : login
SMTP username: email@example.com
SMTP password: yourpassword
openssl verify mode: VERIFY_NONE
enable ssl tls authomatically : yes (or check box)
SMTP port : 587
when you install SMTP server in mail.yourdomain.com subdomain using iredmail everything will be installed default. just make sure you have this one following setting.
go to /etc/postfix/main.cf file and add your phishing frenzy ip address to mynetworks as following
These are the only important steps you need to perform, rest all is very gerneric, if you want to deploy your campaing on ssl then make sure to generate certificate and submit to your favourite CA, it will give you vrt files which you then in return will upload it to phishing frenszy, it works spot on and doesnt require much effort. let me know how does it work for you.