SpeedPhishing Framework
Python CSS JavaScript
Switch branches/tags
Nothing to show
Clone or download
Latest commit 3f21973 Jul 3, 2018
Failed to load latest commit information.
spf removed ssl cert support for now Oct 26, 2017
.gitignore initial Sep 16, 2015
.gitmodules smb cerd cap Sep 20, 2017
Install.txt Update Install.txt Mar 7, 2016
LICENSE initial release May 15, 2015
README.md Update README.md Jul 3, 2018
Requirements.txt updated to include missing requirements Sep 21, 2017


Python 2.6-2.7 GitHub license

DEFCON 23 Demolabs

Black Hat USA Arsenal

SPF (SpeedPhish Framework) is a python tool designed to allow for quick recon and deployment of simple social engineering phishing exercises.


  • dnspython
  • twisted
  • PhantomJS


pip install dnspython
pip install pycrypto

apt-get install python-twisted-web
apt-get install phantomjs

git clone --recursive https://github.com/tatanus/SPF.git


usage: spf.py [-h] [-f <list.txt>] [-C <config.txt>] [--all] [--test] [-e]
              [-g] [-s] [--simulate] [-w] [-W] [-d <domain>]
              [-c <company's name>] [--ip <IP address>] [-v] [-y]

optional arguments:
  -h, --help           show this help message and exit
  -d <domain>          domain name to phish
  -c <company's name>  name of company to phish
  --ip <IP address>    IP of webserver defaults to []
  -v, --verbosity      increase output verbosity

input files:
  -f <list.txt>        file containing list of email addresses
  -C <config.txt>      config file

enable flags:
  --all                enable ALL flags... same as (-e -g -s -w)
  --test               enable all flags EXCEPT sending of emails... same as
                       (-e -g --simulate -w -y -v -v)
  -e                   enable external tool utilization
  -g                   enable automated gathering of email targets
  -s                   enable automated sending of phishing emails to targets
  --simulate           simulate the sending of phishing emails to targets
  -w                   enable generation of phishing web sites
  -W                   leave web server running after termination of spf.py

  -y                   automatically answer yes to all questions


cd spf
python spf.py --test -d example.com

or to just test the websites:

cd spf
python web.py default.cfg


DerbyCon 2015 Video

DerbyCon 2015 Video

BsidesLV 2015 Video

BSidesLV 2015 Video

BsidesKnox 2015 Video

BsidesKnox 2015 Viedo

Video of sample usage

Video of simple usage