BIG-PHISH is a revolutionary cybersecurity orchestration platform that consolidates 50+ security frameworks and penetration testing tools into a single, unified command center. Unlike traditional security tools that require complex setups and multiple interfaces, BIG-PHISH enables security professionals to execute powerful cybersecurity commands directly from their preferred messaging platforms—Telegram, Discord, WhatsApp, Slack, iMessage, and Google Chat.
Multi-Platform Command & Control Security teams no longer need to be tethered to a specific workstation. BIG-PHISH transforms any messaging app into a powerful security operations center. Whether you're conducting a cyber drill, responding to an incident, or teaching security concepts, you can fire commands from your phone, tablet, or computer—from anywhere in the world.
Unified Security Framework Integration The platform seamlessly integrates industry-standard tools including Nmap for network discovery, Nikto for web vulnerability scanning, CRUNCH for password generation, custom traffic generators for ICMP/TCP/UDP/HTTP/DNS/ARP packets, SSH remote execution, IP threat intelligence, and a comprehensive social engineering simulation suite with 50+ phishing templates.
Educational Institutions & Cyber Drill Organizers Security educators use BIG-PHISH to run realistic cyber defense exercises. Students can execute commands via familiar chat interfaces while instructors monitor activity through the centralized dashboard. The tool supports both Red Team (offensive) and Blue Team (defensive) training scenarios.
Agencies utilize BIG-PHISH for continuous security assessments, threat monitoring, and rapid incident response. The ability to deploy commands across multiple platforms simultaneously makes it invaluable for coordinated security operations.
Corporate Security Teams Enterprises leverage BIG-PHISH to automate routine security tasks, monitor infrastructure, and respond to threats in real-time. The platform's logging and reporting capabilities provide audit trails for compliance requirements.
-
Remote Command Execution – Run system commands, network scans, and vulnerability assessments remotely via any integrated messaging platform.
-
Real Traffic Generation – Test network defenses with legitimate ICMP, TCP, UDP, HTTP, DNS, and ARP traffic patterns.
-
Phishing Simulation – Deploy realistic phishing campaigns using 50+ templates (Facebook, Instagram, Gmail, LinkedIn, Twitter, custom) to test user awareness.
-
Password Intelligence – Generate custom wordlists with the integrated CRUNCH engine for penetration testing.
-
Web Vulnerability Scanning – Leverage Nikto to identify security weaknesses in web applications.
-
IP Threat Management – Monitor, block, and analyze suspicious IP addresses with automated firewall integration.
-
Comprehensive Logging – Every command, threat detection, and captured credential is logged with timestamps and source information.
BIG-PHISH runs on Linux, macOS, and Windows, with full Docker support for containerized deployment. The platform includes a real-time metrics dashboard, Prometheus integration, and Grafana visualization for enterprise monitoring.
Built with security professionals in mind, BIG-PHISH includes encryption for sensitive data, user authorization controls, audit logging, and the ability to operate in isolated environments. All captured credentials and sensitive outputs are stored securely with optional encryption.
In an era where cyber threats evolve daily, organizations need tools that adapt quickly. BIG-PHISH represents a paradigm shift—moving from siloed security tools to an integrated, chat-driven command center. Whether you're teaching the next generation of cybersecurity professionals, protecting national infrastructure, or securing corporate assets, BIG-PHISH puts powerful security capabilities at your fingertips, wherever you are, whatever device you're using.
git clone https://github.com/Iankulani/bigphish.git
cd bigphishpython3 bigphish.py