6. Change Log¶
This document contains notes on the major changes for each version of King Phisher. In comparison to the git log, this list is curated by the development team for note worthy changes.
6.1. Version 1.x.x¶
6.1.1. Version 1.15.0¶
Released v1.15.0 on September 24th, 2019
- Add support to select visible columns for tables in the Campaign tab
- Add support for printing pipenv running output in real time
- Windows build will now install PyPI requirements for plugins during installation
- Multiple bug fixes
6.1.2. Version 1.14.1¶
- Fixed the return value when loading already loaded SNI certificates
6.1.3. Version 1.14.0¶
Released v1.14.0 on August 1st, 2019
- Added the
Message-ID
MIME header to outgoing messages - Attempt SSH authentication with all agent-provided SSH keys
- Deleted
Pipfile.lock
from repository to prevent hash issues between python interpreter versions - Add
--three
topipenv install
andpipenv --update
startup procedures to force use of Python 3 - Added server support for installing missing plugin requirements during initialization
- Added asynchronous RPC methods to the client
- Added GraphQL and database schema documentation
- Changed Target URL to Web Server URL in Campaign Editor
- Added the ability issue SSL Certificates through certbot
6.1.4. Version 1.13.1¶
Released v1.13.1 on April 19th, 2019
- Fixed broken references to
start_process()
- Fixed a
KeyError
when creating a campaign for the first time (see: #365) - Updated SQLAlchemy and Jinja2 libraries for security patches
6.1.5. Version 1.13.0¶
Released v1.13.0 on April 4th, 2019
Added support for logging MFA tokens with credentials
Added support for using regular expressions to validate credentials
Automatically try to install plugin dependencies with pip from PyPi
Added advanced, rule-based filtering support to the Campaign tabs
Added site template metadata
- Site templates can now include a metadata file for describing their content
- The Campaign Assistant will help select a target URL based on available templates
6.1.6. Version 1.12.0¶
Released v1.12.0 on November 7th, 2018
Added support for users to set their email address for campaign alerts via email
Added additional plugin metadata fields for reference URLs and category classifiers
Added additional documentation including an architecture overview for reference
Multiple improvements to the client plugin manager
- There is now an option to update plugins in the menu
- Plugins can ship with dedicated documentation in markdown files that will be displayed
- The GUI no longer locks up while tasks like downloading plugins are taking place
Added the new
fetch
Jinja function andfromjson
Jinja filterAdded
campaign-alert-expired
andcampaign-expired
server signalsSwitched to using Pipenv to manage the environment and dependencies
6.1.7. Version 1.11.0¶
Released v1.11.0 on April 12th, 2018
Updated to support matplotlib version 2.2.0
Removed docker server support
Multiple improvements to the installation script
- Users can now specify a supported Linux distro when it is not automatically detected
- The database connection string is kept to avoid PostgreSQL password resets
Added support for setting message UID character set options
Bumped the required minimum version of Python to 3.4 and GTK to 3.14
Update Windows build to use pygi-aio-3.24.1_rev1 PyGObjects
Multiple bug fixes
6.1.8. Version 1.10.0¶
Released v1.10.0 on March 16th, 2018
Added a
campaign-alert
server signal for custom alert delivery mechanismsUse GraphQL for loading data instead of the legacy table-based API
Support fault-tolerance when dispatching server signals
Allow a country code to be set in users’ phone numbers
Visits will now be tracked if the landing page is any existing type
Multiple RPC Terminal improvements
- Fix a bug regarding line wrapping due to the
TERM
environment variable - Use ipython when it’s installed
- Added
%graphql
and%graphql_file
magic commands
- Fix a bug regarding line wrapping due to the
Tweaks to the default MIME-encoded HTML message to reduce it’s SpamAssassin score
Modified client signals to allow better API control
- Added
message-create
andtarget-create
for modifying the respective objects - Added
message-send
andtarget-send
to allow skipping the message and target - Removed the
send-message
andsend-target
signals in favor of the new ones
- Added
6.1.9. Version 1.9.0¶
Released v1.9.0 on November 22nd, 2017
Support resetting plugins options to their respective defaults
Moved Office 2007+ metadata removal to a new plugin
Added support for installing plugins from remote sources through the UI
Added timeout support for SPF DNS queries
Support for installing on Arch Linux
Multiple server improvements
- Upgrade AdvancedHTTPServer to v2.0.11 to support async SSL handshakes
- Support using an include directive in the server configuration file
- Added a
request-handle
signal for custom HTTP request handlers - Removed
address
support from the server config in favor ofaddresses
- Support
login
as an alias of theusername
parameter for credentials
6.1.10. Version 1.8.0¶
Released v1.8.0 on June 6th, 2017
- Install script now supports Red Hat Server 7
- Support the client on OS X by using Docker
- Support for issuing certificates with acme while the server is running
- Add a wrapping tool for certbot to make the process easier
- Updated
tools/cx_freeze.py
to build the King Phisher client in Python 3.4 - Updated documentation for the Windows build
6.1.11. Version 1.7.1¶
Released v1.7.1 on April 14th, 2017
- Bug fix in the Windows build for HTTPS connections from the requests package
6.1.12. Version 1.7.0¶
Released v1.7.0 on April 4th, 2017
- Better error messages for malformed server configuration files
- Support for sending to targets via To / CC / BCC fields
- New features for client and server plugins
- Add comparison of “trained” statistics to the campaign comparison
- Support for including and importing Jinja templates from relative paths
- Support for including custom HTTP headers in server responses
- New feature to import Campaigns from XML files
- Support for emails address with longer top level domain names
6.1.13. Version 1.6.0¶
Released v1.6.0 on January 31st, 2017
Support negotiating STARTTLS with SMTP servers that support it
Support for real time event publishing to the client
Support for a new GraphQL API for more efficient data queries
More flexibility in configuring server logging
Add persistent storage for server plugin data
Add a Jinja function to check if a password is complex
Add client
message-data-export
andmessage-data-import
signalsKing Phisher now starts with Python3 by default
tools/install.sh
now creates a backup of server_config.yml when presentMinor bug fixes
- Minor CSS fixes
- Special characters now display in the UI correctly
6.1.14. Version 1.5.2¶
Released v1.5.2 on December 23rd, 2016
Minor bug fixes
- Use Default SMS sender to fix SMS subscription with T-Mobile
- Upgrade AdvancedHTTPServer to v2.0.6 to fix select polling
- Corrected issue when attachment file is inaccessible
- Fixed issue when message file directory is gone
- Fixed server side encoding error with basic auth
- Fixed TypeError handling while rendering templates
- Fixed a unicode bug when processing targets csv
- Fixed install.sh script for CentOS7 and python3
- Fixed show exception dialog with Glib idle_add
- Fixed a logic bug causing premature SMTP reconnects
- Fixed Webkit-1 load_string Null error
6.1.15. Version 1.5.1¶
Released v1.5.1 on October 3rd, 2016
Automated installation script improvements
- Backup an existing server configuration file
- Log warnings when the PostgreSQL user exists
Improve the Metasploit plugin for session notifications via SMS
Support exporting credentials for use with Metasploit’s
USERPASS_FILE
option
6.1.16. Version 1.5.0¶
Released v1.5.0 on September 22nd, 2016
- Added an SPF button to the client for on demand SPF record checking
- Fixed missing packages in the Windows build for timezone data
- Transitioned to the dnspython package for Python 2.x and 3.x
6.1.17. Version 1.4.0¶
Released v1.4.0 on August 5th, 2016
Added additional Jinja variables for server pages
Upgraded to AdvancedHTTPServer version 2
- Added support for binding to multiple interfaces
- Added support for multiple SSL hostnames via SNI
Support for plugins in the server application
Added server signals for event subscriptions in plugins
Updated the style for GTK 3.20
Start to warn users about the impending Python 2.7 deprecation
Change to installing for Python 3
Added an uninstallation script
6.1.18. Version 1.3.0¶
Released v1.3.0 on May 17th, 2016
- Added automatic setup of PostgreSQL database for the server
- Server bug fixes when running on non-standard HTTP ports
- Added completion to the messaged editor
- Support for plugins in the client application
- Added a client plugin to automatically check for updates
- Added a client plugin to generate anonmous statistics
- Added debug logging of parameters for key RPC methods
- Lots of Python 3.x compatiblity fixes
6.1.19. Version 1.2.0¶
Released v1.2.0 on March 18th, 2016
- SSH host key validation
- Install script command line flags
- Support for authenticating to SMTP servers
- Style and compatibility changes for Kali
6.1.20. Version 1.1.0¶
Released v1.1.0 on December 30th, 2015
- Added an option to send a message to a single target
- Support for sending calendar invite messages
- Added PostgreSQL setup to the installer
- Support for exporting to Excel
- Added a Jupyter notebook for interactive data analysis
- Added additional campaign filtering options
- Support for removal of metadata from Microsoft Office 2007+ documents
6.2. Version 0.x.x¶
6.2.1. Version 0.3.0¶
Released v0.3.0 on August 21st, 2015
- Added a new campaign creation assistant
- Support for expiring campaigns at a specified time
- Track more details when messages are opened such as the IP address and User Agent
- Support for tagging campaign types
- Support for organizing campaigns by companies
- Support for storing email recipients department name
- Support for collecting credentials via Basic Auth
6.2.2. Version 0.2.1¶
Released v0.2.1 on July 14th, 2015
- Added syntax highlighting to the message edit tab
- Technical documentation improvements, including documenting the REST API
- Support reloading message templates when they change from an external editor
- Support for pulling the client IP from a cookie set by an upstream proxy
- Support for embedding training videos from YouTube
- Added a Metasploit plugin for using the REST API to send SMS messages
- Support for exporting visit information to GeoJSON
6.2.3. Version 0.2.0¶
Released v0.2.0 on April 28th, 2015
- Added additional graphs including maps when basemap is available
- Added geolocation support
- Made dashboard layout configurable
- Support for cloning web pages
- Support for installing on Fedora
- Support for running the server with Docker
6.2.4. Version 0.1.7¶
Released v0.1.7 on February 19th, 2015
- Added make_csrf_page function
- Added server support for SSL
- Support verifying the server configuration file
- Added a desktop file and icon for the client GUI
- Added support for operating on multiple rows in the client’s campaign tables
- Support starting an external SFTP application from the client
- Tweaked miscellaneous features to scale for larger campaigns (35k+ messages)
- Updated AdvancedHTTPServer to version 0.4.2 which supports Python 3
- Added integration for checking Sender Policy Framework (SPF) records
6.2.5. Version 0.1.6¶
Released v0.1.6 on November 3rd, 2014
- Migrated to SQLAlchemy backend (SQLite will no longer be supported for database upgrades)
- Added additional documentation to the wiki
- Enhanced error handling and UI documentation for a better user experience
- Support for quickly adding common dates and times in the message editor
6.2.6. Version 0.1.5¶
Released v0.1.5 on September 29th, 2014
- Added support for inline images in emails
- Import and export support for message configurations
- Highlight the current campaign in the selection dialog