🎯 Project Overview
School of Phish is a serverless phishing simulation tool built on Cloudflare Workers. It demonstrates email and SMS tracking techniques used in real phishing attacks through a simple proof-of-concept interface.
The tool can track email opens using multiple methods (tracking pixels, CSS, fonts) and log link clicks, while also supporting SMS-based phishing simulations via Twilio integration.
⚠️ Educational/Research Use Only
This is a proof-of-concept tool for educational and authorized research purposes only. Any unauthorized use is illegal and prohibited.
Access is strictly controlled and requires legitimate justification. Most access requests are denied.
🔧 Actual Functionality
School of Phish is a basic tool that demonstrates common phishing tracking techniques:
📧 Email Tracking
Tracks email opens using tracking pixels, CSS requests, and font loading techniques.
📱 SMS Campaigns
Sends SMS messages with tracking links via Twilio API integration.
🔗 Link Tracking
Logs clicks on malicious links and redirects users to specified destinations.
📝 Simple Interface
Basic form to create phishing campaigns with email/phone inputs and redirect URLs.
⚙️ How It Works
The tool uses a simple workflow to create and track phishing simulations:
Create Campaign
Fill out a form with target email/phone and redirect URLs. The system generates unique tracking tokens.
Queue for Delivery
Messages are queued and sent via cron job, either instantly or at a time the user is unlikely to be online.
Track Interactions
Email opens are tracked via pixels/CSS/fonts. Link clicks are logged before redirecting to specified URL.
Log Data
All interactions (opens, clicks, IP addresses, user agents) are stored in Cloudflare KV for analysis.