Introducing SpearPhisher – A Simple Phishing Email Generation Tool – PlanetCreator’s Security Team and Hackers Group

Home / Hacking, News, Security / Introducing SpearPhisher – A Simple Phishing Email Generation Tool

Introducing SpearPhisher – A Simple Phishing Email Generation Tool

September 24, 2013 PlanetCreator 0 Comments 0 tags

SpearPhisher is a simple point and click Windows GUI tool designed for (mostly) non-technical people who would like to supplement the education and awareness aspect of their information security program. Not only is it useful to non-technical folks, penetration testers may find it handy for sending quick and easy ad-hoc phishing emails. The tool supports specifying different sending names and email addresses, multiple recipients via TO, CC, BCC, and allows bulk loading with one recipient email address per line in a file. It allows customization of the subject, adding one attachment, and SSL support for SMTP enabled mail servers. One of the popular features with our client is the WYSIWYG HTML editor that allows virtually anyone to use the tool; previewing results as you point and click edit your malicious email body. If you want to add custom XSS exploits, client side attacks, or other payloads such as a Java Applet code generated by the Social Engineer Toolkit (SET), its split screen editor allows more advanced users to edit HTML directly.

An open relay is not necessarily required as many mail servers allow authenticated users to spoof email. This is the beta release of the tool and has been tested in limited environments.

The tool can be downloaded from the TrustedSec Tools page located:

https://www.trustedsec.com/files/SpearPhisherBETA.zip

Enjoy and use the tool responsibly!

Explore More

Prevent spam in your Gmail account

Are you worried about spam in your precious gmail account ? If yes, then you would like to consider making aliases of your gmail id to use when you’re not

Login Bypass vulnerability of Myanmar Sites (Fixed)

Last week PlanetCreator informed Security Weakness of Myanmar Uready http://www.myanmaruready.com/ and Su Aung Phyo Co., Ltd. http://www.suaungphyo.com to their webmaster and fixed as long as we reported. SQL injection is

Critical SQL Injection in People Magazine

PlanetCreator has reported another critical SQL Injection (vulnerability) onÂ People Magazine Online Website http://www.people.com.mm Powered by Inforithm-Maze. SQL injection is a code injection technique that exploits a security vulnerability occurring

[webapps] YAMCS yamcs-core 5.12.7 - LDAP Injection
on May 30, 2026 at 12:00 am
YAMCS yamcs-core 5.12.7 - LDAP Injection
[webapps] YAMCS yamcs-core 5.12.7 - No Rate Limiting
on May 30, 2026 at 12:00 am
YAMCS yamcs-core 5.12.7 - No Rate Limiting
[webapps] YAMCS yamcs-core 5.12.7 - User Enumeration
on May 30, 2026 at 12:00 am
YAMCS yamcs-core 5.12.7 - User Enumeration
[remote] Notepad++ 8.9.6 - Arbitrary Code Execution
on May 30, 2026 at 12:00 am
Notepad++ 8.9.6 - Arbitrary Code Execution
[remote] Wing FTP Server 8.1.3 - Authenticated Remote Code Execution
on May 29, 2026 at 12:00 am
Wing FTP Server 8.1.3 - Authenticated Remote Code Execution