King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials. It is only to be used for legal applications with explicit permission. Features include running multiple phishing campaigns simultaneously, sending emails with embedded images, optional Two-Factor authentication, credential harvesting, SMS alerts, web page cloning, and integrated Sender Policy Framework.
FEATURES
SIMILAR TOOLS
A hardware security validation toolkit for x86 platforms that provides bootable tools for checking platform configuration registers and managing SecureBoot keys.
An open-source phishing toolkit for businesses and penetration testers.
A command line steganography tool that uses LSB technique to hide files within images without visible alteration.
Semi-tethered jailbreak for iPhone 5s to iPhone X, running iOS 12.0 and up, using the 'checkm8' bootrom exploit.
Phish Report is inaccessible without JavaScript and cookies enabled.
PLCinject is a tool for injecting and patching blocks on PLCs with a call instruction.
A comprehensive collection of wordlists for bruteforcing and password cracking, covering various hashing algorithms and sizes.
A search engine for the Internet of Things (IoT) that discovers and monitors devices connected to the internet.
An Active Defense framework for detecting and responding to phishing attacks in Office 365 Message Trace logs.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.