Adam Compton, Eric Gershman

Phishing is one of the few attack vectors that has become more prevalent over time. This presentation will explore common phishing attack tools and techniques. Additionally, we will be demoing a new tool which will assist penetration testers in quickly deploying phishing exercises in minimal time. The tool, when provided minimal input (just a domain name), can automatically search for potential targets, deploy multiple phishing websites, craft and send phishing emails to the targets, record the results, and generate a report. It will work in a stand alone fashion or make use of external tools (such as theHarvester, Recon-NG, SET, and Metasploit) if available.