1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Free phishing software - preferably web based

Discussion in 'Linux & Open Source' started by Domo, Feb 1, 2018.

  1. Domo

    Mobster

    Joined: Feb 11, 2004

    Posts: 4,234

    Location: Surrey, UK

    We're a small organisation and want to raise awareness amongst users with regards to InfoSec.
    Looking for a free phishing tool we can link to a campaign, has to be easy to use. A colleague has tried Gophish but is struggling to get it off the ground - looks complicated not helped by the fact he's running it off a Linux VM.

    Is there anything out there which is web based and easy to use?
     
  2. AHarvey

    Sgarrista

    Joined: Mar 6, 2008

    Posts: 8,929

    Location: Stoke area

    Think you may need to clarify some points here regarding who the business is/does, what users you are targetting etc as you've basically come asking how to get others personal info illegally, which would go against the rules here.

    Are you wanting to send out emails to see what info you could potentially get or are you looking at scanning incoming mail?

    Gophish runs off Linux, Windows and Mac so I'm not sure why using a Linux VM would be an issue. I've not used GoPhish but looking through the documents it looks incredibly easy to use and I doubt you're going to get anything easier.
     
  3. Domo

    Mobster

    Joined: Feb 11, 2004

    Posts: 4,234

    Location: Surrey, UK

    Yes, because coming to a public forum asking how to commit fraud was exactly my aim. What a joke!
    Phishing campaigns are completely legitimate and FYI we are a GRC/InfoSec consultancy firm attempting to raise awareness amongst our own staff (especially the grads who are a little less tech/business savvy). I would have thought the aim of a phishing campaign would be quite obvious to people on here.
     
  4. AHarvey

    Sgarrista

    Joined: Mar 6, 2008

    Posts: 8,929

    Location: Stoke area

    You do realize that people constantly ask how to hack/commit fraud/social engineer etc etc on public forums and social media every hour of the day?

    I took me less than 15 minutes to download, run, setup GoPhish and launch a basic Phishing email campaign against my test email addresses. If you want to hear a joke, imagine and infosec consultancy firm that can't use software as simple as GoPhish :D:D Ideally you should be using the infosec community forums and social media groups as there a lot of knowledge there, sure you could learn a lot from them.

    I could and would have helped, but your response is so arsey that I am just not going to bother.

    Although I'd advise your colleague to RTFM and if that's too complicated, look for another job.
     
  5. Sp00n

    Capodecina

    Joined: Oct 18, 2002

    Posts: 17,999

    Location: Brighton

    ^what he said.

    I would have thought a GRC/InfoSec consultancy firm would be able to do this without any assistance, you're supposed to be the experts.
     
  6. Ergates

    Gangster

    Joined: Jun 24, 2005

    Posts: 137

    Phishing campaigns are, by definition, not legitimate.
     
  7. craaaaaig

    Hitman

    Joined: Sep 1, 2004

    Posts: 590

    Location: Kent