Cyber security

Flyphish : Mastering Cloud-Based Phishing Simulations For Security Assessments

Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in the cloud for security assessments.

The playbook installs and configures Gophish, Postfix and OpenDKIM on a virtual machine in the cloud. Additionally, for OPSEC purposes, the playbook removes default IOCs (SMTP headers) from Gophish and Postfix servers configurations.

Install

Requirements

  • Make sure you have a Linux (Debian, Ubuntu or Kali) instance in the cloud (Amazon EC2, Azure VM, Google GCE…) with a public IPv4 address. Install OpenSSH and enable root access with SSH key-based authentication only.
  • Purchase a domain and set it’s DNS records accordingly (A, MX and SPF records must point to your cloud instance’s public IP address).
  • Install Ansible on your own machine :
sudo apt install ansible

Installation Steps

  • Clone the repository
git clone --recursively https://github.com/VirtualSamuraii/flyphish.git
  • Put your cloud instance public IP address in the hosts file.
  • Put your phishing domain in the group_vars/all.yml file.

You’re ready to go !

Usage

  • Run the playbook and wait for your phishing server to be deployed :
ansible-playbook -i hosts playbook.yml
  • Once finished, the playbook displays your DKIM public key. Add this key to your DKIM record in your domain’s DNS zone.

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

WhatsMyName App – Find Anyone Across 640+ Platforms

Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…

1 week ago

Analyzing Directory Size Linux Tools Explained

Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…

1 week ago

Understanding Disk Usage with du Command

Efficient disk space management is vital in Linux, especially for system administrators who manage servers…

1 week ago

How to Check Directory Size in Linux

Knowing how to check directory sizes in Linux is essential for managing disk space and…

1 week ago

Essential Commands for Linux User Listing

Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…

1 week ago

Command-Line Techniques for Listing Linux Users

Linux offers powerful command-line tools for system administrators to view and manage user accounts. Knowing…

2 weeks ago