Phishing Frenzy – Ruby on Rails Phishing Framework

Phishing Frenzy is an Open Source Ruby on Rails application that is leveraged by penetration testers to manage email phishing campaigns.

The goal of the project is to streamline the phishing process while still providing clients the best realistic phishing campaign possible. This goal is obtainable through campaign management, template reuse, statistical generation, and other features the Frenzy has to offer.

Phishing Frenzy - Ruby on Rails Phishing Framework
Phishing Frenzy – Ruby on Rails Phishing Framework

Some of the supported features with this framework are:

  • Create phishing website over SSL – the framework supports ability to run phishing websites over SSL. This means that the phishing campaigns can run over HTTPS.
  • Credential Harvesting – No need to write arbitrary PHP or server side code to grab the credentials. the framework has a robust database that can be leveraged through an accessible API to store harvested credentials. There is a public API service which is available solely to capture Phishing credentials.
  • Website Cloning – The website cloner allow user to pull down all of the HTML contents from a 200 response code and store that into a database. Any relative URL within the HTML will be converted to an absolute URL. This allows the phishing site to be a single file while still pulling in all of the CSS, JS, and other resources via absolute URLs.
  • Email Harvesting – Email Harvester help to enumerate specific emails across the internet. The harvester requires a Bing API key to function properly. Bing provides everyone a free API key for the first 5000 transactions.

You can read more and download this tool over here: https://github.com/pentestgeek/phishing-frenzy

Share