Skip to content

Templates

Spencer McIntyre edited this page Apr 19, 2019 · 42 revisions

King Phisher uses the Jinja2 templating language for generating dynamic content from both email and web page templates. Jinja2 provides a number of powerful features to create dynamic content. For a definitive reference, please see the Jinja2 Template Designer Documentation.

File Encoding

It is important to note that both email and web page templates must be encoded with UTF-8 to be compatible with King Phisher. Sometimes when manually cloning content non-UTF-8 can be copied over from the source into the template file. This will often cause King Phisher to throw an error and the content will not render correctly. Many text editors can be used to fix this content by opening it, changing the encoding to UTF-8 and re-saving the file. Among others, Linux users can use the gedit application while Windows users can use notepad++.

Global Variables & Functions

These variables and filters are available in both email templates and web page templates.

Variable Name Variable Value
time.local The current local server time
time.utc UTC time
version The current version of King Phisher
Filters Description
Date / Time Filters useful for manipulating date and time strings
strftime Format a datetime instance such as time.local
timedelta Adjust a datetime instance using Python's datetime.timedelta
tomorrow Adjust a datetime instance to reflect tomorrow's date
next_week Adjust a datetime instance to reflect next week's date
next_month Adjust a datetime instance to reflect next months's date
next_year Adjust a datetime instance to reflect next year's date
yesterday Adjust a datetime instance to reflect yesterday's date
last_week Adjust a datetime instance to reflect last week's date
last_month Adjust a datetime instance to reflect last months's date
last_year Adjust a datetime instance to reflect last year's date
Misc String Filters useful for miscellaneous string operations
cardinalize Conditionally change a number to be plural based on the argument
decode Decode a string from one of the supported encodings
encode Encode a string into one of the supported encodings
hash Calculate the hash of a string using the specified algorithm
ordinalize Adjust a number to a human readable ordinal such as 1 to 1st
pluralize Adjust a singular word to be plural
singularize Adjust a plural word to be singular
possessive Adjust a word to imply possession
Function Description
fetch(url, allow_file=False Fetch text data from the specified URL
parse_user_agent(user_agent) Parse a user agent and return a named tuple describing the host
password_is_complex(password, min_len=12) Check if the specified password meets complexity requirements
random_integer(lower, upper) Generate a pseudo-random number within the specified range

Time Format Examples

Print tomorrow's date:

Jinja Code: {{ time.local|tomorrow|strftime('%A %B %d, %Y') }}

Output: Sunday May 25, 2014

strftime.org is an excellent reference for directives of the strftime function.

Supported Encodings

The following are the supported encoding formats for the encode and decode template filters.

  • base16
  • base32
  • base64
  • hex
  • rot-13

Message Templates

The following variables are available for creating emails using the King Phisher client.

Variable Name Variable Value
calendar_invite.all_day* Whether or not the event is scheduled to take all day
calendar_invite.location* The location for the event
calendar_invite.start* A datetime instance representing the event's start time
calendar_invite.summary* The summary for the calendar invite event
campaign.id The current campaign's unique identifier
campaign.name The current campaign's name
client.company_name The target's company name
client.email_address The target's email address
client.first_name The target's first name
client.last_name The target's last name
client.message_id The unique tracking identifier (this is the same as uid)
message.attachment The path to the attachment file if configured
message.importance The importance level of the message
message.recipient.bcc The target's email address if message.recipient.field is bcc
message.recipient.cc The optional email address in the CC field
message.recipient.field The field that the target email address is in, either to, cc or bcc
message.recipient.to The email address in the To field
message.sensitivity The sensitivity level of the message
message.subject The subject of the message
message.template The path to the message template file
message.type The type of the message being sent, either 'email' or 'calendar_invite'
sender.email The email address in the "Source Email (MIME)" field
sender.friendly_alias The value of the "Friendly Alias" field
sender.reply_to The value of the "Reply To" field
url.tracking_dot URL of an image used for message tracking
url.webserver Phishing server URL with the uid parameter
url.webserver_raw Phishing server URL without any parameters
tracking_dot_image_tag The tracking image in a preformatted <img /> tag
uid The unique tracking identifier (this is the same as client.message_id)

* calendar_invite.* variables are only defined when the message type is set to Calendar Invite. This can be checked with the Jinja directive {% if calendar_invite is defined %}.

The following functions are available for creating emails using the King Phisher client.

Function Description
inline_image(image_path, *style=None*, *alt=None*) Embed an image into the message.

Web Page Templates

The following variables are available for writing web pages hosted on the King Phisher server.

Variable Name Variable Value
client.address The clients IP address
client.campaign.created* The client's campaign's created time stamp
client.campaign.credential_count* How many credentials have been received as part of this client's campaign
client.campaign.expiration* The client's campaign's expiration time stamp
client.campaign.has_expired* Whether or not the client's campaign has expired
client.campaign.id* The unique identifier of this client's campaign
client.campaign.message_count* How many messages have been sent as part of this client's campaign
client.campaign.name* The name of the campaign that this client is associated with
client.campaign.visit_count* How many visits have been received as part of this client's campaign
client.company.name* The name of the company associated with the campaign
client.company.url_email* A URL to the company's webmail
client.company.url_main* A URL to the company's main website
client.company.url_remote_access* A URL to the company's remote access solution
client.credential_count* The number of credentials this client has submitted
client.email_address* The email address that was targeted
client.first_name* The first name of the user that the message was sent to
client.last_name* The last name of the user that the message was sent to
client.is_trained* Whether or not the user has been trained
client.message_id* The message_id of the visitor
client.visit_count* The number of landing page visits for the current browser session
client.visit_id* The unique visit_id of the current visitor
request.credentials.username** The username associated with the credential set this request submitted
request.credentials.password** The password associated with the credential set this request submitted
request.credentials.mfa_token** The mfa_token associated with the credential set this request submitted
request.credentials.regex_validated** An indicator of the validation status of the credential set
request.command The HTTP verb of the current request
request.cookies A dictionary containing the contents of the requests cookies
request.headers A dictionary containing the request headers
request.parameters A dictionary containing the requests combined GET & POST parameters
request.user_agent The User-Agent header provided in the request
server.address The server's IP address that the request was sent to
server.hostname The requested VHOST name
server.port The server's port number that the request was sent to

* Most client variables require a valid identifier. To check if these variables are available, check that client.message_id is defined with {% if client.message_id is defined %}.

** request.credentials is only defined when a username parameter is passed in the request as would be the case for pages which harvest credentials.

Pages can also determine if the client is visiting the page for the first time by checking that client.visit_count is 1.

The King Phisher server will also load all variables from the server.page_variables section of the configuration into the global name space. This allows custom templates to use variables that can be set in the server configuration file.

The following functions are available for creating web pages using the King Phisher server. Additional information and examples can be found on the creating Server Pages With Jinja page.

Function Description
embed_youtube_video(video_id) Embed a youtube video using the iframe API
make_csrf_page(url, params, method='Post') Create a page to perform a CSRF attack
make_redirect_page(url, title='Automatic Redirect') Create a page that redirects to another URL

Autoescape Extension

King Phisher enables the Jinja autoescape extension. This will escape characters that are placed in html templates in server pages.

To disable the autoescape extension, place the desired code in a {% autoescape false %} {% endautoescape %} block.

Advanced Template Recipes

Create a random order number

Jinja Code: Order number: #{{ random_integer(100,999) }}-{{ random_integer(100,999) }}-{{ random_integer(100000,999999) }}

Example Output: Order number: #123-123456-123456

Change the domain in an email address

Jinja Recipe: {{ client.email | replace("gmail.com", "yahoo.com") }}

Example changes Alice.Liddle@gmail.com to Alice.Liddle@yahoo.com

Create a formatted username

Jinja Recipe: DOMAIN\{{ client.first_name | truncate(1, True, '') | lower }}{{ client.last_name | lower }}

Example Output: DOMAIN\aliddle

Redirect a returning user to a different URL

Jinja Recipe:

{% if client.visit_count > 1 %}
    <meta http-equiv="refresh" content="0;url=http://google.com">
{% else %}
    <meta http-equiv="refresh" content="0;url=./phishing-website.html">
{% endif %}

Link to a user's Gravatar

Jinja Recipe: https://gravatar.com/avatar/{{ sender.email | lower | hash('md5') | encode('hex') | lower }}?s=320