King Phisher is Open Source software that simulates real-world phishing attacks for testing purposes and to promote user awareness.

Phishing is an attempt to get your information, including your usernames, passwords, and credit card details with the end goal of getting your money or identity. Phishing is usually done by messages, Facebook but more often than not, email. King Phisher is here to simulate that.

Installation is simple. And once you're up and running, you will need to know your email server address, username, password, HTTP SSL on or off and your HTTP port.

King Phisher can run campaigns from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials. As mentioned, you can be up and running in minutes, or you can delve into a wealth of different ways to run your campaign.

King Phisher lets you send the email with embedded images. You can also use two-factor authentication, credential harvesting from landing pages, campaign SMS alerts, web page cloning, Integrated Sender Policy Framework (SPF) checks, Geolocation of phishing visitors, sSend email with calendar invites, and more.

If you don't want to spend time creating new campaigns - no problem. You can find numerous plug-ins to suit your needs and even templates for message and server pages.

Step by step documentation for new users is available as well as the source code.

King Phisher should be used only for testing and knowledge.