Report Phishing
is the act of giving normal users the trust to identify and easily report phishing emails to the information security team. Typically, once a user thinks an email is suspecious, the user click a button to magically report that email.
and?
Many companies are selling "Report Phishing" plugins for 💰. Your brother, Abdulla, likes to find make alternatives; therefore, I had to learn and develop a new custom Outlook plugin to fulfill my needs.
and .. How much?
FREE. 🤩
I leeched on many open source projects in the past to learn and enhance my personal projects; but now I can say I am happily contributing to this amazing community.
Features:
Many. Give me a few seconds to review the code ... Ok, main features are:
- Auto-deletes suspecious emails once reported.
- Append [POTENTIAL PHISH] to subject for automatic Outlook rules.
- Extract and list the most important information in the report email such as email headers, URLs/Ips, domains, attachments hashes, sender details.
- Removes hyperlinks from suspecious links. (https:// becomes https[:]// and so on).
- Attaches original email to the report for further investigation.
- Full integration with the Open Source Phishing Framework, GoPhish. Now you can see who reported a simulated phishing email sent by your information security team.
- Two buttons for easy reporting. One in the "Home" menu. The second when you right-click an email.
- Reports any bugs to a seperate support email without annoying the users.
- Installer-ready: fast compile to EXE file, as all hassles were tackled already. Just follow the guide.
Screenshots:
Installation Wizard
After installing, you will notice these two buttons:
At top "Home" menu
When you right-click an email
When you report an email, a pop-up will appear for confirmation
A sample of the report email received by information security team
Before you start:
⚠️Verify that you have “Microsoft Visual Studio Installer Projects” component installed in Visual Studio. You can install it by going to “Tools” -> “Get Tools and Features”
⚠️Make sure you build the project’s installer with the right TargetPlatform for your Office. If you have Office 32-bit installed, then compile the project as 32-bit. If you have Office 64-bit, then compile the project as 64-bit. You can do so by choosing Installer -> (from "Properties" menu) TargetPlatform -> x86 or x64
How-to Guide:
- Download the project and extract it.
- Double click "PhishingReporter.sln" to open the project using Visual Studio.
- From the top menu, if it is on "Debug" mode, change configuration to "Release".
- In the right menu, Open "Settings.settings" and go to "Settings" Tab.
- From there, change:
- infosec_email: to your information security team.
- gophish_url: GoPhish instance IP/URL, if you didn't host any, you can leave the default value. The plugin will still work.
- gophish_listener_port: The port number of GoPhish listener.
- support_email: Support email to auto-report any bugs. Should be for a teammate who maintains the plugin code.
- Save the file.
- Build the project. From the top menu "Build" → "Build PhishingReporter".
- In the right menu, Click "Installer" and change what you prefer on "Properties" Menu, I recommend to change:
- Manufacturer, ManufacturerUrl, SupportPhone, SupportUrl
- Generate a new UpgradeCode by clicking the "..." button then "New Code".
- [Optional] If you want to change the installation wizard splash screen:
- Open "splash.psd" file using Photoshop, and design the splash screen you like.
- Export the design by overwriting "splash.jpg" file in the main project directory.
- At the end, right-click "Installer" and choose "Build".
- The installer file should be located in "PhishingReporter\Installer\Release" folder.
Installation:
- Manual:
- Run "Installer.msi" file as administrator, and follow the steps.
- Automatic
- Using your preferred systems management software (such as SCCM): push Installer.msi file with the following command:
- Installation: msiexec /i Installer.msi /qn /norestart
- Uninstallation: msiexec /uninstall Installer.msi /qn /norestart
Integration with GoPhish:
This was tested with GoPhish v0.12.1 Windows version (download link)
- Download GoPhish and modify phishing server listen_url in config.json file.
- Run GoPhish server.
- In the project source code, Open "Settings.settings" and go to "Settings" Tab.
- Modify gophish_url and gophish_listener_port to match the values in Step #1.
- Take note of gophish_custom_header
- Build the project and compile the installer.
- In GoPhish portal, while setting up the Sending Profile, add the custom header from Step #5 with the value {{.RId}} and click Save Profile.
- Create a campaign and test the plugin's report feature.
Final thoughts:
This project took me many nights to research, design, program, and test. If you like it, please give this project a ⭐ on Github. Also, follow my Github Account. I release many amazing tools.
If you plan to use the plugin, please fill the 3 Questions survey.
Credits:
Main developer: Abdulla Albreiki
I reused some code from NotifySecurity project by Nicolas Chaussard