Skip to content

Updating King Phisher

Jump to bottom
Spencer McIntyre edited this page Apr 25, 2019 · 17 revisions

How To Update From Git

King Phisher uses the git version control system which is also the preferred method for updating. The following example will update users in between stable releases.

Note: If everything is up to date, the git pull command will exit with the message "Already up-to-date." and no further action is required.

Version 1.12 and above

From the directory where King Phisher is installed:

[user@localhost king-phisher]$ git fetch origin
[user@localhost king-phisher]$ git pull
[user@localhost king-phisher]$ sudo tools/install.sh --update

Note that the tools/install.sh script is necessary to install any new dependencies (both OS and Python packages).

Ansible

The following is an excerpt from an Ansible playbook which can be used to update a King Phisher installation.

- name: Update king-phisher
  hosts: king_phisher_servers
  become: yes
  become_user: root
  vars:
    date_timestamp: "{{ lookup('pipe', 'date +%Y_%m_%d') }}"
    db_backup_filename: "kp-db-{{ date_timestamp }}.gz"
  tasks:
  # skip this if you don't have plugins installed
  - name: Update the king-phisher-plugins source files
    git: dest=/opt/king-phisher-plugins force=yes repo=https://github.com/securestate/king-phisher-plugins.git

  - name: Update the king-phisher source files
    git: dest=/opt/king-phisher force=yes repo=https://github.com/securestate/king-phisher.git version=dev
    register: git_clone

  - name: Synchronize king-phisher requirements
    command: /opt/king-phisher/tools/install.sh --update
    when: git_clone.changed

  - name: Restart the king-phisher service
    service: name=king-phisher state=restarted
    when: git_clone.changed

  - name: Backup the king-phisher database
    become: yes
    become_user: postgres
    shell: pg_dump -Fc king_phisher | gzip > /tmp/{{ db_backup_filename }}
    args:
      creates: /tmp/{{ db_backup_filename }}

Version 1.11 and below

From the directory where King Phisher is installed:

[user@localhost king-phisher]$ git fetch origin
[user@localhost king-phisher]$ git pull
[user@localhost king-phisher]$ sudo python3 -m pip install -r requirements.txt

Version Compatibility

For best results, both the client and server should be updated at the same time to ensure RPC API compatibility. If only one is updated, the client may display a dialog that the versions are incompatible if a major change has been introduced. Changes which break version compatibility exist but are not very common.

Server Configuration

After updating the server component, additional settings may be required in the configuration. The current configuration file can be validated using the command sudo ./KingPhisherServer --verify-config server_config.yml. Required options that are missing from the configuration will be listed in the output. Examples of the required options can be found in the template server configuration file. Edit the existing configuration file to add the missing settings.

The GeoIP Database

The server uses the MaxMind GeoIP database for location lookups. This database is not automatically updated and needs to be done manually to ensure that the server has the latest and most accurate information. It is recommended to use a GeoIP database that is no older than 4 to 8 weeks before running a new campaign.

To update the GeoIP database:

# stop the King Phisher server (if it is running)
[user@localhost king-phisher]$ sudo systemctl stop king-phisher.service
# run the server with the `--update-geoip-db` option
[user@localhost king-phisher]$ sudo ./KingPhisherServer --update-geoip-db server_config.yml
# restart the server with
[user@localhost king-phisher]$ sudo systemctl start king-phisher.service

Beta Testing

King Phisher releases it's latest stable versions to the master branch however this is done relatively infrequently to ensure stability. Public changes and updates are generally staged in the dev branch for a period of testing. Users that are interested in beta-testing the latest features, the dev branch should be checked out instead. Any issues found with the dev branch should be reported by opening an issue.

Due to the nature of the dev branch being used as a staging area for public testing, it is likely to have minor issues. Please be patient as they are addressed. Thoroughly testing King Phisher is an important part of releasing stable versions.

Thank you for beta testing!

The procedure to checkout the dev branch for the first time is:

[user@localhost king-phisher]$ git fetch origin
[user@localhost king-phisher]$ git checkout -b dev origin/dev
# go to steps from "How To Update From Git"

After the dev branch has been checked out, it can be updated using the same procedure described in the updating from git section.

The changes in the beta branch are generally merged into the master branch every 2 to 6 weeks.

Switching Back From Beta Testing

The procedure to switch back to the master branch is:

[user@localhost king-phisher]$ git checkout master
# at this point the master branch is in use but needs to be updated
[user@localhost king-phisher]$ git pull
# go to steps from "How To Update From Git"

Home | Blog | Install | Technical Docs | IRC | Slack | Copyright © 2013-2019 SecureState LLC

Wiki Home

Frequently Asked Questions

Jinja Variables

Want King Phisher Hosted For You?

Videos

Using King Phisher

  1. Getting Started
  2. Running A Campaign
  3. Creating Server Content
  4. Creating Message Content
  5. Updating King Phisher

Additional Resources

Clone this wiki locally