.webp "Arena-Hard-Auto : Advancing LLM Evaluation With Style Control Integration")
.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
Phishing Frenzy is an Open Source Ruby on Rails application that is leveraged by penetration testers to manage email phishing campaigns.
The goal of the project is to streamline the phishing process while still providing clients the best realistic phishing campaign possible.
Also ReadCangibrina – A Fast & Powerfull Dashboard (admin) Finder
Installing Phishing Frenzy on Kali Linux
Clone Repo
Clone the Phishing Frenzy repository using git
# git clone https://github.com/pentestgeek/phishing-frenzy.git /var/www/phishing-frenzy
Install RVM, Ruby and Packages
$ \curl -sSL https://get.rvm.io | bash
At the end of the installation listen to any post install instructions for RVM
Install Ruby 2.1 with RVM
$ rvm install 2.1.5
Install rails
# rvm all do gem install --no-rdoc --no-ri rails
Install mod_passenger for Apache
# rvm all do gem install --no-rdoc --no-ri passenger
Install Passenger
Invoke the passenger installation script
# passenger-install-apache2-module
Installer stated that I was missing a few apache dependencies
# apt-get install apache2-threaded-dev libapr1-dev libaprutil1-dev libcurl4-openssl-dev
Invoke passenger installation script again now that dependencies are installed. Once the Passenger install has completed, ensure you pay attention to the notes and the end. You will need to add 3 lines of text to your /etc/apache2/apache.conf file.
# passenger-install-apache2-module
Install packages we need for MySQL to bundle properly
# apt-get install libmysqlclient-dev
Apache VHOST Configuration
Add Include Statement to apache2.conf and create the file /etc/apache2/pf.conf
Include pf.conf
Add content to pf.conf file
<IfModule mod_passenger.c> PassengerRoot %ROOT PassengerRuby %RUBY </IfModule> <VirtualHost *:80> ServerName phishing-frenzy.com # !!! Be sure to point DocumentRoot to 'public'! DocumentRoot /var/www/phishing-frenzy/public RailsEnv development <Directory /var/www/phishing-frenzy/public> # This relaxes Apache security settings. AllowOverride all # MultiViews must be turned off. Options -MultiViews </Directory> </VirtualHost>
Uncomment out the line # NameVirtualHost *:443 inside of /etc/apache2/ports.conf to allow SSL Phishing sites to render properly
MySQL
Ensure mysql is running
# service mysql start
Login and create tables and permissions for phishing frenzy development mode
# mysql -u root -p mysql> create database pf_dev; mysql> grant all privileges on pf_dev.* to 'pf_dev'@'localhost' identified by 'password';
Install Required Gems
# cd /var/www/phishing-frenzy/ # bundle install
If your web application fails to run because it states your missing a gem, you may need to run
# bundle install --deployment # rake db:migrate # rake db:seed
Install Redis
# wget http://download.redis.io/releases/redis-stable.tar.gz # tar xzf redis-stable.tar.gz # cd redis-x.x.x/ # make # make install # cd utils/ # ./install_server.sh
If you would like to bind redis to the loopback interface checkout redis documentation for more details
Sidekiq Configuration
Create a tmp directory for sidekiq pid
# mkdir -p /var/www/phishing-frenzy/tmp/pids
Start the sidekiq server to interact with redis
# bundle exec sidekiq -C config/sidekiq.yml
System Configuration
Edit the sudoers file to ensure the www-data account can reload apache
www-data ALL=(ALL) NOPASSWD: /etc/init.d/apache2 reload
Load the Efax and Intel default templates for PF using the rake helper
# rake templates:load
Change ownership of phishing-frenzy directory so apache has proper access
# chown -R www-data:www-data /var/www/phishing-frenzy/
Change permissions on the upload directory
# chmod -R 755 /var/www/phishing-frenzy/public/uploads/
Change ownership of sites-enabled directory to allow Phishing Frenzy to manage virtual hosts with Apache
# chown -R www-data:www-data /etc/apache2/sites-enabled/ # chmod -R 755 /etc/apache2/sites-enabled/
Start Apache web server
# apachectl start
Phishing Frenzy is configured with a default login of:
username: admin
password: Funt1me!
Configure HTTPS / SSL
If you would like to run your Phishing Frenzy web UI over HTTPS you can do that with a few additional changes.
Run a few commands to enable the SSL module in apache and create a directory to store the cert and key.
$ sudo a2enmod ssl $ sudo service apache2 restart $ sudo mkdir /etc/apache2/ssl
Create our self signed cert using openssl
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/pf.key -out /etc/apache2/ssl/pf.crt <IfModule mod_passenger.c> PassengerRoot %ROOT PassengerRuby %RUBY </IfModule> <VirtualHost *:443> ServerName phishing-frenzy.com SSLEngine on SSLCertificateFile /etc/apache2/ssl/pf.crt SSLCertificateKeyFile /etc/apache2/ssl/pf.key # !!! Be sure to point DocumentRoot to 'public'! DocumentRoot /var/www/phishing-frenzy/public RailsEnv development <Directory /var/www/phishing-frenzy/public> # This relaxes Apache security settings. AllowOverride all # MultiViews must be turned off. Options -MultiViews </Directory> </VirtualHost>
Update the Application Site URL within Global Settings menu to the appropriate FQDN with the HTTPS address with SSL enabled.
Credit: Brandon zeknox McCann
.webp "Bomber : Navigating Security Vulnerabilities In SBOMs")
