Resurrecting SpearPhisher

A couple of years ago I was looking for something that could generate some spear phishing emails I could use to test some of our network defenses and later could be used as part of a Red Team exercise.

At the time I couldn’t find anything I really liked that balanced features, cost and ease of setup and configuration. I was also learning a lot about python and creating web apps at the time so I decided to try to build my own. And so spearphisher was born.

It took a couple of weeks or so to get the core built but I soon had a web app that was capable of creating and tracking Spear Phishing campaigns. It also had a portal that could be used to track users that clicked links and fingerprint browsers, it was also capable of generating documents that could be tracked.

Here are a couple of the old screens.


Campaign Details

Campaign Tracking

Campaign Stats

Email Template

Document Template

Portal Template

And if your really interested a short video of creating, launching and viewing a campaign.


Now before anyone goes running to the github repo and trying it, its old and probably doesn’t work so well any more. Fortunately the last several months creating VolUtility have taught me a lot about building this kind of application, so I’m going to revisit it. Spend some time rewriting a large chunk of it to make it, well, not awful.

I appreciate there are now several other products that do all this now but I hate the idea of having old code out there. And if I ever need anything like this again in the future I know where to look :)

If anyone wants to suggest some features I’m always happy to listen. That’s all for this one I look forward to posting some updates on this app in the future.

Resurrecting SpearPhisherAs usual Questions, Queries, Comments below.