Just before leaving for SANS last week, I was hit up and told that we need to implement our own home-grown phishing tests. My first thought was "crap, gotta build a box, write code, run tests, maintain code, etc"...
Well, I went to a phishing lunch and learn at the conference, and found out about the PhishMe company/service. I like the idea of it, and I'm try to get approval to move forward with a demo, HOWEVER, cost is always an object. We got an initial quote, and it's probably going to be difficult to get funding.
Which, puts me back at building my own solution. As I was looking up reviews on PhishMe, there were mentions in articles about scripts and programs in the open source community that assist in phishing tests, but my google-foo is not up to snuff this morning and I'm coming up blank.
So, I'm putting out a call to anyone with information on building a platform for this. What scripts/programs/frameworks do you utilize to perform phishing exercises?
As always, thanks for any input!