Installation

Requirements

Phishing Club works with most linux distros and has install and update functionallity for distros with systemd.

We recommend to deploying were it is possible to scale the hardware to accommodate for actual usage patterns.

Starting Requirements
Minimum Recommended
Operating System Linux distro Ubuntu 24.10
CPU 1 core (64-bit) 2 core (64-bit)
RAM 1 GB 2 GB

Downloading software

Download the newest version from the downloads page.

Phishing Club - Download
The download page.

License

A license key is required to use Phishing Club, it can be found and copied from the dashboard page.

Phishing Club - License
License information on the dashboard page.

Install

Running the binary with the --install flag will start a interactive installer, that helps by filling out a bit of configuration, install dependencies, creates a phishingclub user and group, sets up a system service and copies the binary to /opt/phishingclub.
This ensures that the binary runs with a unpriviliged user and automatically starts up on reboots.

If you want to manage the installation yourself, you can use --help command to get more information.


  1. Transfer the downloaded binary to the server you want to run Phishing Club.
    scp ./phishingclub [email protected]/tmp/

  2. Copy the file to the target and make it executable.

    scp ./phishingclub [email protected]/tmp
ssh [email protected]/tmp
cd /tmp
chmod +x /tmp/phishing.club

  3. Run the interactive installer and set the initial configuration.

    /tmp/phishingclub --install
    Phishing Club - interactive installer
    CLI interactive installer.

    The interactive installer has the following options:

    Interactive installer options
    Option Description Default value
    HTTP Port The HTTP (unencrypted port) for the phishing server. 80
    HTTPS Port The HTTPS (TLS) for the phishing server. 443
    Admin Port The HTTPS (TLS) port for the administration server. Random port
    Admin Host The hostname used for TLS certificate for the administration server.
    Example: the IP or your-domain.tld.    		 localhost
    Use Auto TLS If set to true gets TLS certificate from LetsEncrypt.
    If set to false creates a self signed certificate.    		 false

  4. Verify and setup the administrative account.

    After the installation completes it will output server details and credentials.
    You must copy credentials to setup the admin account.

    Installer output
    Key Description
    Password Random generated password.
    Changes if the service has restarted before account is setup.
    Phishing HTTP server The address that is serving the HTTP phishing server.
    Phishing HTTPS server The address that is serving the HTTPS phishing server.
    Admin server The address that is serving the HTTPS administration server.
    Phishing Club - Credentials
    Output from an install with the credentials.

Setup

After completing the install, an inital setup must be completed before Phishing Club is ready for use.

If the application has been restarted after the install, then you must get the password from the logs.

  1. Enter the username admin and the password from the installer output.

    Phishing Club - login
    Login page.

  2. Setup the new admin account.

    Phishing Club - Setup account
    Setup - Step 1 - Profile

  3. Add the license code.

    Phishing Club - Setup license
    Setup - Step 2 - License

  4. Complete the setup

    Phishing Club - Setup complete
    Setup - Step 3 - Complete setup.

Congratulations - Phishing Club is installed and ready for use.

Update

Phishing Club will regulary check if there is a new version available.

When a new update is ready, the Update Available icon is shown in the bottom right corner.

Phishing Club - Update available
Update ready for download

Click the Update and confirm the update.

Phishing Club - Update page
Update ready for download

Manual Update

Download the binary by clicking the Update button.

If the service is running via. systemd and installed with the --install flag you can perform the update using the --update on the newest binary.

Phishing Club - Update service
Updating using the --update flag.

If the instance is manually setup, then replace the currently deployed binary with the latest and restart the service.

Uninstall

If installed using the --install, then a uninstall can be done with the --uninstall flag.

Uninstall removes the user/group, systemd service, and all files including the database.

./phishingclub --uninstall

Type 'YES' in capital letters to confirm when prompted.

Phishing Club - Uninstall
Uinstalling using --uninstall flag.

Configuration (config.json)

The configuration file config.json handled by the -config flag lets you customize different aspects of Phishing Club.

A restart is required for configuration changes to take effect.

Phishing Club config format
config.json file.

The config is JSON and has the following properties:

config.json
Key Default value Description
acme.email Empty string The email to use for ACME. Read more here.
administration.tls_host localhost The hostname used for TLS certificate for the administration server.
Example: the IP or your-domain.tld.
administration.tls_cert_path Empty string Path to self signed certificate.
administration.tls_cert_key Empty string Path to self signed key.
phishing.http 80 The HTTP port for the phishing server.
phishing.https 443 The HTTPS (TLS) for the phishing server.
database.engine sqlite3 The database engine used.
database.dsn file:./db.sqlite3 The database DSN.
config.path Empty string If supplied outputs stdout to a file
config.errorPath Empty string If supplied outputs stderr to a file.
ip_security.admin_allowed Empty array An array of IP's that are allowed to access to the administration server.
Empty means all IP's can access it.
ip_security.trust_proxies Empty array An array of IP's which are trusted to forward client IP information. See how the it works here This is important to set when the administration server is served via. a proxy.
ip_security.trusted_ip_header Empty string Specific header value that is trusted for forwarding IP information.