PhishLulz is a Ruby toolset aimed at automating Phishing activities
When you start a phishing campaign, a dedicated Amazon EC2 (Debian 7) instance is spawned. The VM comes with various open source tools that have been glued together. The two main components are:
PhishLulz comes with its own self-signed CA: this is needed to generate self-signed certs for the PhishingFrenzy admin UI. You will also find a bunch of cool phishing templates (which are not in PF) that you can quickly re-use in your scenarios.
The public AMI id is: ami-141bb974 You want to clone that, add your SSH keys, and use your nre clone.
The following are default passwords for various services, change them.
To change the default admin user password/email for PhishingFrenzy use the Rails console: cd /var/www/phishing-frenzy && RAILS_ENV=production rails console admin = Admin.first admin.password = “newpasswd” admin.email = “newemail” admin.save! exit
To instrument Firefox you need to have the geckodriver binary in your PATH. Download it from https://github.com/mozilla/geckodriver/releases Same thing applies if you prefer instrumenting Chrome, you need the chromedriver.
Once you have the binary, make sure it’s in the PATH: export PATH=$PATH:path_to_driver_dir
Finally, make sure the MailBoxBug data extrusion domain has a valid HTTPS certificate (Mixed content…)