Categories: Kali Linux

SPF – SpeedPhish Framework For Phishing Exercises

SPF is nothing but a SpeedPhish Framework tool designed using a python to allow for quick recon and deployment of simple social engineering phishing exercises.

Requirements For SPF

  1. dnspython
  2. twisted
  3. PhantomJS

Also Read Ghost Phisher – Wireless & Ethernet Attack Software Application

How to install SPF ?

Run the below command to install the SPF tool;

pip install dnspython
pip install pycrypto

apt-get install python-twisted-web
apt-get install phantomjs

git clone --recursive https://github.com/tatanus/SPF.git

Running SPF 

usage: spf.py [-h] [-f <list.txt>] [-C <config.txt>] [--all] [--test] [-e]
              [-g] [-s] [--simulate] [-w] [-W] [-d <domain>]
              [-c <company's name>] [--ip <IP address>] [-v] [-y]

optional arguments:
  -h, --help           show this help message and exit
  -d <domain>          domain name to phish
  -c <company's name>  name of company to phish
  --ip <IP address>    IP of webserver defaults to [192.168.1.124]
  -v, --verbosity      increase output verbosity

input files:
  -f <list.txt>        file containing list of email addresses
  -C <config.txt>      config file

enable flags:
  --all                enable ALL flags... same as (-e -g -s -w)
  --test               enable all flags EXCEPT sending of emails... same as
                       (-e -g --simulate -w -y -v -v)
  -e                   enable external tool utilization
  -g                   enable automated gathering of email targets
  -s                   enable automated sending of phishing emails to targets
  --simulate           simulate the sending of phishing emails to targets
  -w                   enable generation of phishing web sites
  -W                   leave web server running after termination of spf.py

misc:
  -y                   automatically answer yes to all questions

Execution:

cd spf
python spf.py --test -d example.com

or to just test the websites:

cd spf
python web.py default.cfg

Sample Video

DerbyCon 2015 Video

BsidesLV 2015 Video

BsidesKnox 2015 Video

Video of sample usage

R K

Share
Published by
R K
Tags: FrameworkPhishingSpeedPhishSPF
7 years ago

Recent Posts

100 Days Of Rust 2025 : From Incident Response To Linux System Programming

In 2025 I wanted to try something new. In addition to a traditional 100 days…

4 hours ago

Presenterm : Revolutionizing Terminal-Based Presentations With Markdown

presenterm lets you create presentations in markdown format and run them from your terminal, with…

4 hours ago

JailbreakEval : Automating the Evaluation Of Language Model Security

Jailbreak is an attack that prompts a language model to give actionable responses to harmful…

5 hours ago

HASH : Harnessing HTTP Agnostic Software Honeypots For Enhanced Cybersecurity

The main philosophy of HASH is to be easy to configure and flexible to mimic…

5 hours ago

SECurityTr8Ker : SEC Cybersecurity Disclosure Monitor

SECurityTr8Ker is a Python application designed to monitor the U.S. Securities and Exchange Commission's (SEC)…

4 days ago

ripgrep : The Fast, Flexible Search Tool

ripgrep is a line-oriented search tool that recursively searches the current directory for a regex…

4 days ago