-
Notifications
You must be signed in to change notification settings - Fork 531
Templates
King Phisher uses the Jinja2 templating language for generating dynamic content from both email and web page templates. Jinja2 provides a number of powerful features to create dynamic content. For a definitive reference, please see the Jinja2 Template Designer Documentation.
It is important to note that both email and web page templates must be encoded with UTF-8 to be compatible with King Phisher. Sometimes when manually cloning content non-UTF-8 can be copied over from the source into the template file. This will often cause King Phisher to throw an error and the content will not render correctly. Many text editors can be used to fix this content by opening it, changing the encoding to UTF-8 and re-saving the file. Among others, Linux users can use the gedit application while Windows users can use notepad++.
These variables and filters are available in both email templates and web page templates.
| Variable Name | Variable Value |
|---|---|
| time.local | The current local server time |
| time.utc | UTC time |
| version | The current version of King Phisher |
| Filters | Description |
|---|---|
| Date / Time | Filters useful for manipulating date and time strings |
| strftime | Format a datetime instance such as time.local |
| timedelta | Adjust a datetime instance using Python's datetime.timedelta |
| tomorrow | Adjust a datetime instance to reflect tomorrow's date |
| next_week | Adjust a datetime instance to reflect next week's date |
| next_month | Adjust a datetime instance to reflect next months's date |
| next_year | Adjust a datetime instance to reflect next year's date |
| yesterday | Adjust a datetime instance to reflect yesterday's date |
| last_week | Adjust a datetime instance to reflect last week's date |
| last_month | Adjust a datetime instance to reflect last months's date |
| last_year | Adjust a datetime instance to reflect last year's date |
| Misc String | Filters useful for miscellaneous string operations |
| cardinalize | Conditionally change a number to be plural based on the argument |
| ordinalize | Adjust a number to a human readable ordinal such as 1 to 1st |
| pluralize | Adjust a singular word to be plural |
| singularize | Adjust a plural word to be singular |
| possessive | Adjust a word to imply possession |
| Functions | Parameters | Description |
|---|---|---|
| random_integer | lower, upper | Generate a pseudo-random number within the specified range |
| parse_user_agent | user_agent | Parse a user agent and return a named tuple describing the host |
Print tomorrow's date:
Jinja Code: {{ time.local|tomorrow|strftime('%A %B %d, %Y') }}
Output: Sunday May 25, 2014
strftime.org is an excellent reference for directives of the strftime function.
The following variables are available for creating emails using the King Phisher client.
| Variable Name | Variable Value |
|---|---|
| calendar_invite.all_day* | Whether or not the event is scheduled to take all day |
| calendar_invite.location* | The location for the event |
| calendar_invite.start* | A datetime instance representing the event's start time |
| calendar_invite.summary* | The summary for the calendar invite event |
| client.company_name | The target's company name |
| client.email_address | The target's email address |
| client.first_name | The target's first name |
| client.last_name | The target's last name |
| client.message_id | The unique tracking identifier (this is the same as uid) |
| message_type | The type of the message being sent, either 'email' or 'calendar_invite' |
| sender.email | The email address in the "Source Email (MIME)" field |
| sender.friendly_alias | The value of the "Friendly Alias" field |
| sender.reply_to | The value of the "Reply To" field |
| url.tracking_dot | URL of an image used for message tracking |
| url.webserver | Phishing server URL with the uid parameter |
| url.webserver_raw | Phishing server URL without any parameters |
| tracking_dot_image_tag | The tracking image in a preformatted <img /> tag |
| uid | The unique tracking identifier (this is the same as client.message_id) |
* calendar_invite.* variables are only defined when the message type is set to Calendar Invite. This can be checked with the Jinja directive {% if calendar_invite is defined %}.
The following functions are available for creating emails using the King Phisher client.
| Functions | Parameters | Description |
|---|---|---|
| inline_image | image_path, style=None | Embed an image into the message. |
The following variables are available for writing web pages hosted on the King Phisher server.
| Variable Name | Variable Value |
|---|---|
| client.address | The clients IP address |
| client.company.name* | The name of the company associated with the campaign |
| client.company.url_email* | The name of the company associated with the campaign |
| client.company.url_main* | The name of the company associated with the campaign |
| client.company.url_remote_access* | The name of the company associated with the campaign |
| client.email_address* | The email address that was targeted |
| client.first_name* | The first name of the user that the message was sent to |
| client.last_name* | The last name of the user that the message was sent to |
| client.is_trained* | Whether or not the user has been trained |
| client.message_id* | The message_id of the visitor |
| client.visit_count* | The number of landing page visits for the current browser session |
| client.visit_id* | The unique visit_id of the current visitor |
| request.command | The HTTP verb of the current request |
| request.cookies | A dictionary containing the contents of the requests cookies |
| request.parameters | A dictionary containing the requests combined GET & POST parameters |
| request.user_agent | The User-Agent header provided in the request |
| server.address | The servers IP address |
| server.hostname | The requested VHOST name |
* Most client variables require a valid identifier. To check if these variables are available, check that client.message_id is defined with {% if client.message_id is defined %}.
Pages can also determine if the client is visiting the page for the first time by checking that client.visit_count is 1.
The King Phisher server will also load all variables from the server.page_variables section of the configuration into the global name space. This allows custom templates to use variables that can be set in the server configuration file.
The following functions are available for creating web pages using the King Phisher server. Additional information and examples can be found on the creating Server Pages With Jinja page.
| Functions | Parameters | Description |
|---|---|---|
| embed_youtube_video | video_id | Embed a youtube video using the iframe API |
| make_csrf_page | url, params, method='Post' | Create a page to perform a CSRF attack |
| make_redirect_page | url, title='Automatic Redirect' | Create a page that redirects to another URL |
King Phisher enables the Jinja autoescape extension. This will escape characters that are placed in html templates in server pages.
To disable the autoescape extension, place the desired code in a {% autoescape false %} {% endautoescape %} block.
Create a random order number Print random integer as a order number:
Jinja Code: Order number: #{{ random_integer(100,999) }}-{{ random_integer(100,999) }}-{{ random_integer(100000,999999) }}
Example Output: Order number: #123-123456-123456
Change the domain in an email address
Jinja Recipe: {{ client.email | replace("gmail.com", "yahoo.com") }}
Example changes Alice.Liddle@gmail.com to Alice.Liddle@yahoo.com
Create a formatted username
Jinja Recipe: DOMAIN\{{ client.first_name | truncate(1, True, '') | lower }}{{ client.last_name | lower }}
Example Output: DOMAIN\aliddle
Redirect a returning user to a different URL
Jinja Recipe:
{% if client.visit_count > 1 %}
<meta http-equiv="refresh" content="0;url=http://google.com">
{% else %}
<meta http-equiv="refresh" content="0;url=./phishing-website.html">
{% endif %}