I’ve been looking forward to the release of Lunker, a spear Phishing toolkit for pentesters. It was originally reported to be part of the OWASP live CD due out this month. We just dont have the budget for phishme (although it is cheap).
Unfortunately according to a comment on this post over at they are getting a case of the conscience. “Its too ripe for exploitation”. So they are going to take a couple months to make it less ready to go. The rationale is that with metasploit anyone can patch and protect themselves from that. You can’t patch the users against social engineering.


  1. Roger,
    Sorry it took me so long to respond to your post here. We are going to do what we consider a “responsible” release to interested parties hopefully soon. We’re simply not going to release this tool for general public download, but also don’t want to hold it back from people who need it.
    Send me an email to the address tied to this post and I’ll keep you on the list. We’re doing some real-world testing this month with the current release, so if things go well (and still leaves a little of the work to the user) we should be ready to go fairly soon.

Comments are closed.