Introduction
FiercePhish is a powerful open-source tool that is used in the management of various phishing operations, which allows you to effectively perform a number of phishing engagements. This tool has extensive features which makes it to be very good at what it does. The tool was originally called FirePhish but the name was changed to FiercePhish in 2017.
FiercePhish: Advanced Phishing Framework
As an advanced phishing framework, FiercePhish enables to carry out operations like scheduling when to process or send emails and also be able to track phishing campaigns that are separate. Even though the project is still under development and more features are yet to be included, you can still use FiercePhish to execute various phishing operations.
Features:
- Phishing Campaigns
- Activity Logs
- URL Prefix
- User Management
- 2-Factor Authentication
- Fast Replacement
- Email Configuration Check
- Activity Logs
Since the tool has a good user management interface, all the operations carried out within it tend to be organized. To make it even better, the platform offers the use of multiple accounts.
Activity logs: you’ll have detailed information concerning when certain emails were sent and also the type of interaction that was involved.
The tool can also be useful when issuing new servers each time emails are sent through the export/import feature. With this, you can easily transfer all your data from one server to the next without losing any of the information.
By using FiercePhishh attackers can parse SPF records, MX records, and A records to confirm that good configuration has been done before the emails are processed.
Supported Platforms
- Ubuntu [16.04, 16.10, 18.04]
Dependencies:
- Linux, PDO PHP Extension, Rewrite PHP Extension, PHP 7.0+, PDO PHP Extension, OpenSSL PHP Extension, Tokenizer PHP Extension
Install FiercePhish
There are two ways through which you can install FiercePhish.
Installations using remote curl download:
Make sure to run the installer as root:
$ sudo su
To generate a configuration file run:
curl https://raw.githubusercontent.com/Raikia/FiercePhish/master/install.sh | bash
This operation will create a configuration file in the ~/fiercephish.config
, the contents of this file must be properly edited to ensure that the variables are well configured. Ensure that CONFIGURED=true
has been set inside the configuration file.
Then re-run the installation script again:
curl https://raw.githubusercontent.com/Raikia/FiercePhish/master/install.sh | bash
Depending on the speed at which your server is downloading the process may take five to fifteen minutes.
Installation using local installation run:
This install option is somehow similar to the first one the only difference is that in this case, the installer will make the necessary prompts as it is running.
Begin by running the installer as root:
$ sudo su
Download/clone the required configuration file:
$ wget https://raw.githubusercontent.com/Raikia/FiercePhish/master/install.sh
To make the installer executable run:
$ chmod +x install.sh
Launch the installer:
$ ./install.sh
After this follow the same configuration procedure described in the first installation method, wait for the process to complete.