Introduction | Features | Requirements | Installation | Usage | Project Timeline | Contributors | Future Improvements | Disclaimer
Phish & Clicks is a web-based application built with FastAPI and Streamlit that enables security teams to:
- Launch targeted phishing simulation campaigns
- Track employee interactions with phishing emails
- Analyze campaign effectiveness through detailed metrics
- Provide instant security awareness training
- Phishing Email Simulation: Tools to create and send simulated phishing emails to target users.
- Campaign Analytics: Analyze the response rates, click-through rates, and other metrics from simulated campaigns (note that in order to track response rates, a tracking service was deployed from a separate repository. You can find more details here).
- Customizable Templates: Predefined email templates and options to create custom phishing templates.
- Educational Tools: Resources for educating users about phishing and how to recognize malicious emails.
- Data Visualization: Graphs and charts to visualize the impact and effectiveness of campaigns.
To run this toolkit, ensure you have the following installed:
- Python 3.8 or later
- Required Python libraries (listed in
requirements.txt)
- Clone this repository:
git clone https://github.com/pschchowah/phishing_campaign.git
cd phishing_campaign- Install the dependencies:
pip install -r requirements.txt- Collect your credentials from Google Cloud Console and add it to 'credentials' folder :
## add config.json : containing Gemini API_Key like this
{"GEMINI_API_KEY": "XXXXXXXXXXXXXXXXXXXXXXXXX"}
## add gmail_credentials.json : containing Gmail API gmail_credentials like this
{
"installed":{"client_id":"xxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com",
"project_id":"xxxxxxxxxxxxxxxxxxxxxx",
"auth_uri":"https://accounts.google.com/o/oauth2/auth",
"token_uri":"https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs",
"client_secret":"XXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"redirect_uris":["http://localhost"]
}
}- Create a secrets.toml file and add it to '.streamlit' folder:
["authentication"]
"username" = "yourusername"
"password" = "yourpassword"-
Run this command on local for testing : streamlit run app/app.py
-
Log in with the secrets.toml username and password you just defined
-
Campaign Launch :
- Campaign Name is mandatory
- Use the dataset template provided in the 'data' folder for upload
-
Navigate through pages for Overview :
- Data Overview
- Campaign Metrics
13 Jan 2025 - project phase initiated at BeCode Brussels AI & Data Science Bootcamp
24 Jan 2025 - project ended
Thérèse de Backer github LinkedIn
Nicole Pretorius github LinkedIn
Patrycja Schaefer github LinkedIn
Miro Fronhoffs github LinkedIn
- Scoring System
- Email scheduling system
- Add more phishing templates
- Add ability to input employee data from an external database
- Add user security permissions for accessibility to application
- Add customizable email templates with HTML/CSS support
- Template categorization and tagging system
- Preview functionality for templates
- Import/export template capabilities
- Implement API keys for frontend authentication
- Separate data access per front-end instance
- User authentication system with role-based access control
- Implement the following roles:
- Campaign Manager (full access)
- Campaign Viewer (read-only access)
- Template Editor (template management only)
- Report Analyst (analytics access only)
This tool is for educational purposes only. Misuse of this project for malicious activities is strictly prohibited.