Skip to content

Schillings SwordPhish empowers organisations and engages its employees to establish the key component of any cyber security strategy: the Human Firewall.

License

Notifications You must be signed in to change notification settings

Schillings/SwordPhish

Repository files navigation

SwordPhish

At some point technology will fail and your users will be the last line of defence. SwordPhish allows users to easily report suspicious e-mails to your IT and security teams.

SwordPhish

SwordPhish is a very simple but effective button that sits within the users Outlook toolbar. One click and the suspicious e-mail is instantly reported to your designated recipient (i.e your internal security team, or SoC) and contains all metadata required for investigation.

SwordPhish should be underpinned by a staff security awareness programme. Suspicious e-mails can't be reported if your users don't know what they are looking for or what is suspicious.

The recipient of a SwordPhish report receives the original e-mail as an attachment and every header to aid further investigation.

SwordPhish Report

Requirements

SwordPhish requires Microsoft Office 2007+, .NET Framework 4.0+ and VTSO 4.0+ to be installed, and works across all Windows platforms.

Installation

The easiest way to install SwordPhish is via the pre-compiled MSI installers under the Releases tab. If you are an End User just run Schillings SwordPhish.exe. If you are a SysAdmin then you can use the MSI installers for your platform and push out via GPO.

If you are so inclined you can build SwordPhish from source. Simply clone this repository and compile with Visual Studio 2010+.

Deployment

You can deploy SwordPhish as you would any other application: manually, Group Policy, batch file at logon, or your favourite systems management solution.

Options

SwordPhish just needs to know where to send reports to. If you run the GUI installer you will be asked to supply these at installation.

If you are installing via CMDLINE/GPO you can set other options via the MSI installer or property flags:

Flag Description
RECIPIENTPROPERTY E-mail address where to send SwordPhish reports
SUBJECTPROPERTY Subject of SwordPhish reports
ACTIONPROPERTY What to do after a user reports an e-mail. 0 = Just send the report, 1 = Report and move the e-mail to "Junk", 2 = Report and delete the e-mail from the user's Inbox.

For example: msiexec /i Schillings.SwordPhish.x86.msi RECIPIENTPROPERTY="reports@mysoc.com" ACTIONPROPERTY=2

To make your life easier for reporting it is recommended to set the recipient address to a ticketing system.

License and Disclaimer

SwordPhish is licensed under Apache 2.0.

In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.

About

Schillings SwordPhish empowers organisations and engages its employees to establish the key component of any cyber security strategy: the Human Firewall.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published