Project status:
Client: Alpha
Server: Planning
Phish for All makes it easy to test and train users on phishing. It generates files that look like documents, but are actually executables. When the file is "opened", a customizable training document or decoy document opens. At the same time, basic system and user information is sent to a tracking server, to provide analytics.
The training document is generated at runtime, and includes a list of the user's most recently modified files, to emphasize how quickly such a lure could identify, steal, destroy, or hold important files for ransom. For privacy reasons this list never leaves the user's system.
It looks and acts like a real malware dropper, which makes it an excellent pentesting and training tool. As an open source project, it is highly customisable, but it could also be easily modified to drop real malware or steal data. <CYA> Don't do that! </CYA>
- Windows XP-10
- Mac OS 10.6+
- Debian/Ubuntu linux with a GUI
It may work on other Linux/UNIX/BSD distributions as well.