Phish-Me-Not : Employee Phishing Simulator

This project aims at training/educating employees about real-life phishing attack scenarios by carrying out simulated spear-phishing attack.

Installation Instructions

1. Clone this repository: git clone https://github.com/th3hack3rwiz/Phish-Me-Not.git
2. Install and configure NGROK and check if it works normally.
3. Install Golang and configure GOPATH.
4. Install python3 and pip3.
5. Once the aforementioned work is done, now run the command: chmod +x install.sh ; ./install.sh
6. Note: If you wish to use a gmail account to send phishing emails, then go to this link while you're logged in to your google account, and allow the access: https://www.google.com/settings/security/lesssecureapps

Usage

python3 phish-me-not.py

Implementation

Press 'n' to select an employee-table:

OR Press 'y' to create a new employee table:

Fill the details of each employee:

The "employee-specific" phishing emails are sent to all employees:

Behold, the phishing mail:

Employees who falls prey to the spear-phishing attack are redirected from a malicious page to the following image:

We refresh the logs to check for any new victim employee's entry and fetch their private information:

The victim-employees are then sent a "phishing awareness email":

The Awareness Email:

Results:

Pie-Chart:

Result-Table:

A mandatory assessment quiz link (a google form in this case) is then embedded in all the assessment emails:

Assessment emails are then sent to those employees who did not fall prey to the simulated spear-phishing attack:

Non-phished employees are required to take a mandatory quiz:

The mandatory quiz:

Responses of employees are then extracted in a .csv file:

Step 1:

Step 2:

Step 3:

Step 4:

The .csv file is then fed to Phish-Me-Not for evaluation of employees:

Scores are evaluated:

Appreciation and awareness emails are then sent respectively to the employees based on their performance in the assessment quiz:

Appreciation email:

Awareness email: