Skip to content

Features Overview

Chris King edited this page Feb 8, 2017 · 7 revisions

FiercePhish Wiki

A simple outline of current functionality and features can be found below. The linked pages for each feature will contain more information about that feature, including screenshots.

FiercePhish URL Prefix - Link to more information

This is the most important feature to use after you install FiercePhish. This changes the URL of FiercePhish from something like "http://domain.com/" to "http://domain.com/cant/guess/this/"

Phishing Campaigns - Link to more information

FiercePhish allows you to create large phishing campaigns that send emails over whatever length of time you would like. You simply give it an "Email Template", "Target User List", and sending schedule and it will take care of the rest.

Email Simple Sending - Link to more information

Sometimes all you want to do is send one simple phishing email without the hassle of creating everything needed for a campaign. FiercePhish allows you to do this too!

Catch-all Inbox - Link to more information

FiercePhish allows you to receive emails to the domain you have setup for FiercePhish to use. This is incredibly useful if a phishing target replies to an email or you get a "vacation" message.

Email Configuration Check - Link to more information

It can be a hassle to check if all DNS entries are properly configured to bypass spam filters. Luckily, FiercePhish has you covered with the configuration check. It will parse A records, MX records, and SPF records to ensure they are properly configured for you to begin sending emails.

Activity Logs - Link to more information

Keeping track of all activity is extremely important for penetration tests and especially phishing exercises. FiercePhish has extensive logging throughout the application. You can track other users and see specifically what time emails were sent and when all actions were performed.

Fast Replacement - Link to more information

Sometimes you will want to kill a server that has been burned by a phishing campaign and stand up a new server. The worst part about that is losing all the data associated with that first server! FiercePhish has an easy Import/Export feature which allows you to quickly export all the data from one FiercePhish server and import it into the new FiercePhish server. It makes standing up new systems and tearing down old systems a breeze. All information is transferred, including Activity Logs

User Management - Link to more information

FiercePhish allows you to make new user accounts for all the people who are working on the phishing engagement with you. You will be able to track each of their actions through the Activity Logs. All users have the same level of permissions. There is no user access control.

2-Factor Authentication - Link to more information

You can further secure your FiercePhish install with Google 2-FA authentication.

Clone this wiki locally