executing-phishing-simulation-campaign

Featured

Executes authorized phishing simulation campaigns to assess an organization's susceptibility to email-based social engineering attacks. The tester designs realistic phishing scenarios, builds credential harvesting infrastructure, sends targeted phishing emails, and tracks open rates, click-through rates, and credential submission rates to measure human security awareness. Activates for requests involving phishing simulation, social engineering assessment, email security testing, or security awareness measurement.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Executing Phishing Simulation Campaign ## When to Use - Measuring employee susceptibility to phishing attacks as part of a security awareness program - Testing the effectiveness of email security controls (secure email gateway, DMARC, SPF, DKIM) - Conducting the social engineering component of a red team exercise to gain initial access - Establishing a baseline for phishing susceptibility before deploying security awareness training - Validating that incident response procedures work when employees report suspicious emails **Do not use** without explicit written authorization from the organization's leadership, for actual credential theft beyond the authorized scope, for targeting individuals personally rather than professionally, or for sending phishing emails that could cause psychological harm or legal liability. ## Prerequisites - Written authorization from executive leadership specifying the campaign scope, target groups, and escalation procedures - Coordination with the IT/security team to whitelist the sending infrastructure (or test whether it bypasses controls, depending on scope) - GoPhish or equivalent phishing platform configured with a sending domain, SMTP relay, and landing page infrastructure - Phishing domain registered and configured with SPF, DKIM, and DMARC records to maximize deliverability - Employee email list from HR, organized by department for targeted campaigns - Incident response team briefed on the campaign timeline and escalation procedures...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

phishing-simulation-skill

Phishing simulation campaign execution and analysis for security awareness assessment

1,034 Updated today
a5c-ai
AI & Automation Featured

conducting-spearphishing-simulation-campaign

Spearphishing simulation is a targeted social engineering attack vector used by red teams to gain initial access. Unlike broad phishing campaigns, spearphishing uses OSINT-derived intelligence to craf

12,642 Updated today
mukul975
DevOps & Infrastructure Listed

phishing-sim

Phishing-simulation campaign workflow — RoE and ethical-scope template, population segmentation, pretexting patterns (HR/IT/finance/vendor/calendar), infrastructure (sender domain, SPF/DKIM/DMARC, tracking), click-rate and credential-success metrics, opt-out and duty of care, NL/EU AVG context for employee monitoring.

4 Updated 1 weeks ago
roodlicht
AI & Automation Featured

performing-phishing-simulation-with-gophish

GoPhish is an open-source phishing simulation framework used by security teams to conduct authorized phishing awareness campaigns. It provides campaign management, email template creation, landing pag

12,642 Updated today
mukul975
AI & Automation Featured

conducting-social-engineering-penetration-test

Design and execute a social engineering penetration test including phishing, vishing, smishing, and physical pretexting campaigns to measure human security resilience and identify training gaps.

12,642 Updated today
mukul975