-
Notifications
You must be signed in to change notification settings - Fork 530
Templates
King Phisher uses the Jinja2 templating language for generating dynamic content from both email and web page templates. Jinja2 provides a number of powerful features to create dynamic content. For a definitive reference, please see the Jinja2 Template Designer Documentation.
It is important to note that both email and web page templates must be encoded with UTF-8 to be compatible with King Phisher. Sometimes when manually cloning content non-UTF-8 can be copied over from the source into the template file. This will often cause King Phisher to throw an error and the content will not render correctly. Many text editors can be used to fix this content by opening it, changing the encoding to UTF-8 and re-saving the file. Among others, Linux users can use the gedit application while Windows users can use notepad++.
These variables and filters are available in both email templates and web page templates.
| Variable Name | Variable Value |
|---|---|
| time.local | The current local server time |
| time.utc | UTC time |
| version | The current version of King Phisher |
| Filters | Description |
|---|---|
| Date / Time | Filters useful for manipulating date and time strings |
| strftime | Format a datetime instance such as time.local |
| timedelta | Adjust a datetime instance using Python's datetime.timedelta |
| tomorrow | Adjust a datetime instance to reflect tomorrow's date |
| next_week | Adjust a datetime instance to reflect next week's date |
| next_month | Adjust a datetime instance to reflect next months's date |
| next_year | Adjust a datetime instance to reflect next year's date |
| yesterday | Adjust a datetime instance to reflect yesterday's date |
| last_week | Adjust a datetime instance to reflect last week's date |
| last_month | Adjust a datetime instance to reflect last months's date |
| last_year | Adjust a datetime instance to reflect last year's date |
| Misc String | Filters useful for miscellaneous string operations |
| cardinalize | Conditionally change a number to be plural based on the argument |
| decode | Decode a string from one of the supported encodings |
| encode | Encode a string into one of the supported encodings |
| hash | Calculate the hash of a string using the specified algorithm |
| ordinalize | Adjust a number to a human readable ordinal such as 1 to 1st |
| pluralize | Adjust a singular word to be plural |
| singularize | Adjust a plural word to be singular |
| possessive | Adjust a word to imply possession |
| Function | Description |
|---|---|
fetch(url, allow_file=False |
Fetch text data from the specified URL |
parse_user_agent(user_agent) |
Parse a user agent and return a named tuple describing the host |
password_is_complex(password, min_len=12) |
Check if the specified password meets complexity requirements |
random_integer(lower, upper) |
Generate a pseudo-random number within the specified range |
Print tomorrow's date:
Jinja Code: {{ time.local|tomorrow|strftime('%A %B %d, %Y') }}
Output: Sunday May 25, 2014
strftime.org is an excellent reference for directives of the strftime function.
The following are the supported encoding formats for the encode and decode
template filters.
- base16
- base32
- base64
- hex
- rot-13
The following variables are available for creating emails using the King Phisher client.
| Variable Name | Variable Value |
|---|---|
| calendar_invite.all_day* | Whether or not the event is scheduled to take all day |
| calendar_invite.location* | The location for the event |
| calendar_invite.start* | A datetime instance representing the event's start time |
| calendar_invite.summary* | The summary for the calendar invite event |
| campaign.id | The current campaign's unique identifier |
| campaign.name | The current campaign's name |
| client.company_name | The target's company name |
| client.email_address | The target's email address |
| client.first_name | The target's first name |
| client.last_name | The target's last name |
| client.message_id | The unique tracking identifier (this is the same as uid) |
| message.attachment | The path to the attachment file if configured |
| message.importance | The importance level of the message |
| message.recipient.bcc | The target's email address if message.recipient.field is bcc
|
| message.recipient.cc | The optional email address in the CC field |
| message.recipient.field | The field that the target email address is in, either to, cc or bcc
|
| message.recipient.to | The email address in the To field |
| message.sensitivity | The sensitivity level of the message |
| message.subject | The subject of the message |
| message.template | The path to the message template file |
| message.type | The type of the message being sent, either 'email' or 'calendar_invite' |
| sender.email | The email address in the "Source Email (MIME)" field |
| sender.friendly_alias | The value of the "Friendly Alias" field |
| sender.reply_to | The value of the "Reply To" field |
| url.tracking_dot | URL of an image used for message tracking |
| url.webserver | Phishing server URL with the uid parameter |
| url.webserver_raw | Phishing server URL without any parameters |
| tracking_dot_image_tag | The tracking image in a preformatted <img /> tag |
| uid | The unique tracking identifier (this is the same as client.message_id) |
* calendar_invite.* variables are only defined when the message type is set to Calendar Invite. This can be checked with the Jinja directive {% if calendar_invite is defined %}.
The following functions are available for creating emails using the King Phisher client.
| Function | Description |
|---|---|
inline_image(image_path, *style=None*, *alt=None*) |
Embed an image into the message. |
The following variables are available for writing web pages hosted on the King Phisher server.
| Variable Name | Variable Value |
|---|---|
| client.address | The clients IP address |
| client.campaign.created* | The client's campaign's created time stamp |
| client.campaign.credential_count* | How many credentials have been received as part of this client's campaign |
| client.campaign.expiration* | The client's campaign's expiration time stamp |
| client.campaign.has_expired* | Whether or not the client's campaign has expired |
| client.campaign.id* | The unique identifier of this client's campaign |
| client.campaign.message_count* | How many messages have been sent as part of this client's campaign |
| client.campaign.name* | The name of the campaign that this client is associated with |
| client.campaign.visit_count* | How many visits have been received as part of this client's campaign |
| client.company.name* | The name of the company associated with the campaign |
| client.company.url_email* | A URL to the company's webmail |
| client.company.url_main* | A URL to the company's main website |
| client.company.url_remote_access* | A URL to the company's remote access solution |
| client.credential_count* | The number of credentials this client has submitted |
| client.email_address* | The email address that was targeted |
| client.first_name* | The first name of the user that the message was sent to |
| client.last_name* | The last name of the user that the message was sent to |
| client.is_trained* | Whether or not the user has been trained |
| client.message_id* | The message_id of the visitor |
| client.visit_count* | The number of landing page visits for the current browser session |
| client.visit_id* | The unique visit_id of the current visitor |
| request.credentials.username** | The username associated with the credential set this request submitted |
| request.credentials.password** | The password associated with the credential set this request submitted |
| request.credentials.mfa_token** | The mfa_token associated with the credential set this request submitted |
| request.credentials.regex_validated** | An indicator of the validation status of the credential set |
| request.command | The HTTP verb of the current request |
| request.cookies | A dictionary containing the contents of the requests cookies |
| request.headers | A dictionary containing the request headers |
| request.parameters | A dictionary containing the requests combined GET & POST parameters |
| request.user_agent | The User-Agent header provided in the request |
| server.address | The server's IP address that the request was sent to |
| server.hostname | The requested VHOST name |
| server.port | The server's port number that the request was sent to |
* Most client variables require a valid identifier. To check if these variables are available, check that client.message_id is defined with {% if client.message_id is defined %}.
** request.credentials is only defined when a username parameter is passed
in the request as would be the case for pages which harvest credentials.
Pages can also determine if the client is visiting the page for the first time by checking that client.visit_count is 1.
The King Phisher server will also load all variables from the server.page_variables section of the configuration into the global name space. This allows custom templates to use variables that can be set in the server configuration file.
The following functions are available for creating web pages using the King Phisher server. Additional information and examples can be found on the creating Server Pages With Jinja page.
| Function | Description |
|---|---|
embed_youtube_video(video_id) |
Embed a youtube video using the iframe API |
make_csrf_page(url, params, method='Post') |
Create a page to perform a CSRF attack |
make_redirect_page(url, title='Automatic Redirect') |
Create a page that redirects to another URL |
King Phisher enables the Jinja autoescape extension. This will escape characters that are placed in html templates in server pages.
To disable the autoescape extension, place the desired code in a {% autoescape false %} {% endautoescape %} block.
Create a random order number
Jinja Code: Order number: #{{ random_integer(100,999) }}-{{ random_integer(100,999) }}-{{ random_integer(100000,999999) }}
Example Output: Order number: #123-123456-123456
Change the domain in an email address
Jinja Recipe: {{ client.email | replace("gmail.com", "yahoo.com") }}
Example changes Alice.Liddle@gmail.com to Alice.Liddle@yahoo.com
Create a formatted username
Jinja Recipe: DOMAIN\{{ client.first_name | truncate(1, True, '') | lower }}{{ client.last_name | lower }}
Example Output: DOMAIN\aliddle
Redirect a returning user to a different URL
Jinja Recipe:
{% if client.visit_count > 1 %}
<meta http-equiv="refresh" content="0;url=http://google.com">
{% else %}
<meta http-equiv="refresh" content="0;url=./phishing-website.html">
{% endif %}
Link to a user's Gravatar
Jinja Recipe: https://gravatar.com/avatar/{{ sender.email | lower | hash('md5') | encode('hex') | lower }}?s=320