“LUCY” is a easy to set up tool, with simple reporting designed specifically to measure and improve awareness towards phishing, malware, and drive-by attacks by launching realistic phishing attacks.


It comes with a simple web based user interface including pre-defined Mail and Web templates.  “LUCY” is also fully customizable, users can create campaigns and templates that can be used again.  Designed so that both technical and non technical persons can administrate the platform, configuring custom phishing attacks within minutes. Easy to read,  accurate reporting on user behavior (includes link clicks, form submits etc.)


“LUCY” is executed within a virtualized software (like Virtualbox, Vmware), which can be downloaded for free, emulating the attack from A-Z (creating landing webpages, sending mails, analyzing data etc.) in your own network or in the Cloud. Admins can upload their target recipient list from a simple text file or use the build in Email Target Identifier to search the Internet for possible mail addresses.

The creation of new attack scenarios can be done with just one mouse click with a website copy feature allowing the user to build a functional copy of any website automatically.

How it Works


“LUCY” customizable scenarios can all be edited and offer the possibility to run phishing campaigns such as:

  • Click-only: These scenarios involve a two-step process with an email that urges the recipient to click on the embedded link.
  • Data entry: Send emails with a link to a customized landing page that encourages users to enter sensitive information.
  • Attachment-based: Train users to recognize malicious attachments by sending emails with seemingly legitimate attachments or start webpages with customized tools that gather client data.
  • Double Barrel: technology that simulates conversational phishing techniques by sending two emails one at the beginning and one containing a malicious element used by APT.

Other Features include:

  • DynDNS  (run “LUCY” accessible from the Internet on a private IP)
  • Mail Engine (send & forward mails)
  • Out of the box 20+ professional designed, fully functional web- & mail templates
  • Reporting engine (create custom report templates), export data to pdf, HTML or CVS
  • Run Arwarness Campaigns from LUCY
  • Compile custom code (portable executable) on LUCY that can be executed on the windows target clients (runs behind FW, NAT, Proxy etc.)
  • Statistic engine (graphical analysis of each phishing campaign)
  • Create SSL secured scenarios (with custom certificate or import official certificate via web gui)
  • Easy linux configuration script for first use (Vmware Setup script helps you automatically configure LUCY in less than 5 minutes)
  • interactive help that guides you through 1st phishing campaign
  • Automatic software updates
  • Website Copy feature: copy existing webpages and integrate them in your campaign
  • Benchmark Analysis helps you compare different campaigns
  • Professional web based scenario editor (editing landing pages or mails)
  • Login filters (enable  filters to check for complex passwords or custom domains required within the login)
  • Real time access to graphical analysis of the phishing campaign
  • Multi user enabled, web based gui to configure and run phishing campaign against one or ten thousands of users simultanously

Outlook on next updates:

  • Add new Web/Mail Templates
  • Customizable attachments (Word Macro) that send user info to “LUCY” upon opening
  • Launch Website with signed/non signed applet that sends user info to “LUCY” upon executing
  • Add more statistical tools for more in depth analysis

More info and download: http://phishing-server.com/