Phish for All

Project status:

Client: Alpha

Server: Planning

Phish for All makes it easy to test and train users on phishing. It generates files that look like documents, but are actually executables. When the file is "opened", a customizable training document or decoy document opens. At the same time, basic system and user information is sent to a tracking server, to provide analytics.

The training document is generated at runtime, and includes a list of the user's most recently modified files, to emphasize how quickly such a lure could identify, steal, destroy, or hold important files for ransom. For privacy reasons this list never leaves the user's system.

It looks and acts like a real malware dropper, which makes it an excellent pentesting and training tool. As an open source project, it is highly customisable, but it could also be easily modified to drop real malware or steal data. <CYA> Don't do that! </CYA>

Supported target platforms

• Windows XP-10
• Mac OS 10.6+
• Debian/Ubuntu linux with a GUI

It may work on other Linux/UNIX/BSD distributions as well.