Today I came across to a new tool which seems to be interesting - SP Toolkit (Simple Phishing Toolkit). Since phishing is one of the biggest problem in IT security it seems logical to build a toolkit to test people/customers/organizations for phising emails. Combined with some other tools, e.g. metasploit, this could be a very useful tool when performing a pentest. The authors of the toolkit are information security proffesionals who needed a tool for phishing attacks, so they wrote a toolkit. From the website:
spt is a simple concept with powerful possibilities. It is what it’s name implies: a simple phishing toolkit.
The basic idea we (the spt project) had was that wouldn’t it be cool if there were a simple, effective, easy to use and free (most importantly!) tool that information security professionals could use to evaluate and train what we all know is the weakest link in any security minded organization: the people. Since the founders of the spt project are themselves information security professionals by day (and possibly either LOL cats or zombies by night), they themselves faced the frustration of dealing with people within their own organizations that claimed to know better, but 9 times out of 10 fell for the most absurdly obvious phishing emails ever seen. A malware outbreak here, a stolen password and loss of critical organizational data there and the costs of dealing with the results of phishing can get to be astronomical pretty darn quickly!...
More information @: http://www.sptoolkit.com/
Watch the video: