Manual Installation Guide (FiercePhish)
This is the long, manual method of installing FiercePhish. This is useful if you are planning to develop for FiercePhish, or if you are running an Operating System that is not supported by the automated installer.
- Purchase a domain name to send emails from
This isn't required, but it is heavily suggested. Phishing campaigns where you spoof an active domain you don't own are extremely susceptible to being spam filtered (unless the domain's SPF record is improperly configured). The best way to perform a phishing campaign is by buying a generic domain that can fool someone ("yourfilehost.com") or a domain that is very similar to a real domain ("microsoft-secure.com").
This manual installation method assumes you are running Ubuntu 16.04. You will need to modify the instructions to your own distribution. Some packages may be different, some configuration settings may change, but the general idea should be the same.
-
Install Apache/PHP/MySQL, Composer, and Bower:
apt-get install apache2 php php-cli mysql-server php-mysql libapache2-mod-php php-mcrypt php-mbstring php-imap phpunit npm unzip git curl supervisor curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer npm install -g bower ln -s /usr/bin/nodejs /usr/bin/node # This solves an error with bower looking for the wrong Node binary
The mysql installation will prompt you to enter a root mysql password. Set something complex but remember it for later.
Note: Older versions of Ubuntu use different packages than the above. Basically change "php" to "php5" in the command (and drop "php-mbstring") and everything will install fine.
-
Download FiercePhish to "/var/www/fiercephish":
git clone https://github.com/Raikia/FiercePhish.git /var/www/fiercephish chown -R www-data:www-data /var/www/fiercephish
-
Configure Apache:
Create "/etc/apache2/sites-available/fiercephish.conf" with the following information:
<VirtualHost *:80> ServerName 127.0.0.1 ServerAdmin webmaster@localhost DocumentRoot /var/www/fiercephish/public <Directory /var/www/fiercephish> Options FollowSymLinks AllowOverride All Require all granted </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
You can change "ServerName 127.0.0.1" to use the domain you purchased (if you have one). It's not required though.
-
Enable the mod-rewrite PHP extension, disable the default site, and enable the FiercePhish site:
a2enmod rewrite a2dissite 000-default a2ensite fiercephish service apache2 restart
-
Install FiercePhish dependencies:
cd /var/www/fiercephish/ composer install bower install --allow-root -
Add a new database, and new database user (change "PASSWORD_HERE" with a different password):
mysql -u root -p -e 'create database fiercephish' mysql -u root -p -e "create user fiercephish@localhost identified by 'PASSWORD_HERE'" mysql -u root -p -e 'grant all privileges on fiercephish.* to fiercephish@localhost' mysql -u root -p -e 'flush privileges'
-
Configure FiercePhish:
cd /var/www/fiercephish/
cp .env.example .env
chown -R www-data:www-data /var/www/fiercephish/Edit "/var/www/fiercephish/.env" using your favorite text editor (vim/emacs/nano/etc)
Make sure you set the following variables before continuing: * APP_URL * DB_HOST * DB_DATABASE * DB_USERNAME * DB_PASSWORD
-
Install cron for the INBOX feature.
- Run
crontab -u www-data -e - Add the cron:
* * * * * /usr/bin/env php /var/www/fiercephish/artisan schedule:run >> /dev/null 2>&1 - Run
-
Finalize the FiercePhish install:
cd /var/www/fiercephish/ php artisan key:generate php artisan migrate php artisan config:cache php artisan fp:createuserThe last command will prompt you for a username, email, and password of a FiercePhish user account.
At this point, FiercePhish is successfully installed but it is missing the background worker to process background jobs, and is also missing the proper settings and configurations to actually send emails.
To configure Supervisord to run the background jobs (required to send email), click here.
To configure FiercePhish to be able to send email, click here.