001: The spt framework

One framework, many parts

Like any good tool, there are a few moving parts to spt.

Applies to

  • Version (all)
  • Last updated on March 20, 2012

The spt piece parts

The spt is composed of three basic parts, detailed here.

  • Web site front-end, or the net as we like to call it.  This is the phishing site that those foolish enough to fall for your phishing emails will find themselves at.  Will your front-end be a realistic looking webmail login page?  Maybe it will be a site that promises the respondent a free iPad2 for just completing a short survey.  What the front-end is is totally up to you.  Just select one of the already available templates created for use with spt or make your own.  You can make your own custom template easily enough and the limitation on what that template be is your imagination (well, and maybe your coding skills).   When the target clicks through on the link in the phishing email and winds up at the site, they’ll be given the opportunity to submit the form on the page.  The form might be requesting their webmail credentials or maybe it’s their email address for the win on that delicious iPad2.  Regardless, spt never collects any actual data entered–only a record of what fields where submitted.
  • Web site back-end, oddly enough we didn’t come up with a fun name for this one other than the administration dashboard.  But hey, dashboards are cool, so we’re going to stick with that.  The dashboard runs on a custom developed CMS that started its life under the name of JCMS a long time ago in a galaxy far away.  The sptCMS, as we like to call it now, was built from the ground up to be quick, lightweight and standards compliant (well, most of the time at least!).  From the dashboard you’ll do all those administrative tasks like upload templates, create or upload lists of targets, and create campaigns where you mix a template with some targets and get your phishing on.  The dashboard runs on PHP.
  • Database back-end, or the database as we like to call it.  Snazzy, yes?    Every good web application needs that obligatory database somewhere, so we felt compelled to include that feature with spt.  After all, spt is good and it definitely appears to be a web application, though the zombies aren’t so sure about that.  Anyhow, the database does what they typically do so well and that is to store all of your data.  The database needs to be MySQL.