Skip to content
/ security-training-platform Public

A secure and ethical phishing simulation training platform designed for authorized security awareness training and education. Includes consent-based simulations, logging, analytics, and strong security safeguards. Unauthorized or malicious use is strictly prohibited.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SkillDevloper/security-training-platform

BranchesTags

Repository files navigation

Phishing Simulation Training Platform

⚠️ CRITICAL ETHICAL & LEGAL DISCLAIMER

THIS SOFTWARE IS DESIGNED EXCLUSIVELY FOR AUTHORIZED SECURITY TRAINING IN CONTROLLED ENVIRONMENTS

Authorized Use Cases:

  • Internal security awareness training within organizations
  • Educational exercises in academic cybersecurity programs
  • Controlled penetration testing with explicit written consent
  • Legitimate security research in isolated lab environments

Strictly Prohibited:

  • Unauthorized phishing attacks against any individuals or organizations
  • Commercial exploitation without proper licensing
  • Use outside of controlled, consent-based training scenarios
  • Any malicious or illegal activities

USERS ARE SOLELY RESPONSIBLE FOR ENSURING COMPLIANCE WITH ALL APPLICABLE LAWS AND REGULATIONS.

Screenshots

Login Page View DashBoard View campaign View Creating campaign View Recent Activity ETHICAL WARNING

Quick Start

Project Structure

phishing-training-platform/
├── app/
│   ├── __init__.py
│   ├── main.py
│   ├── database.py
│   ├── models.py
│   ├── schemas.py
│   ├── auth.py
│   ├── config.py
│   ├── routes/
│   │   ├── __init__.py
│   │   ├── campaigns.py
│   │   ├── tracking.py
│   │   └── dashboard.py
│   ├── templates/
│   │   ├── base.html
│   │   ├── dashboard.html
│   │   ├── login.html
│   │   ├── campaigns.html
│   │   ├── create_campaign.html
│   │   ├── tracking_logs.html
│   │   └── simulation/
│   │       ├── login_template.html
│   │       ├── prize_template.html
│   │       └── clickbait_template.html
│   └── static/
│       ├── css/
│       │   └── style.css
│       ├── js/
│       │   ├── dashboard.js
│       │   ├── campaigns.js
│       │   └── camera.js
│       └── images/
├── requirements.txt
├── README.md
└── ethical_disclaimer.md

Prerequisites

  • Python 3.8+ or Python 3.12
  • pip package manager

Installation

  1. Clone and setup: 
    git clone skilldevloper/phishing-training-platform

cd phishing-training-platform

python -m venv venv

source venv/bin/activate  # On Windows: venv\Scripts\activate

pip install -r requirements.txt
  2. Run the application:
uvicorn app.main:app --reload --host 127.0.0.1 --port 8000
  1. Access the platform:
  • Dashboard: http://127.0.0.1:8000/dashboard
  • Default credentials: admin / admin

Security Configuration

For production use, you MUST:

  1. Change default admin credentials
  2. Set a strong SECRET_KEY environment variable
  3. Enable HTTPS with proper SSL certificates
  4. Restrict database access
  5. Implement additional authentication layers
  6. Configure proper firewall rules

Features

Core Training Modules

  • Phishing Simulation Campaigns: Create and manage training scenarios
  • Real-time Analytics: Track participant interactions and metrics
  • Device Fingerprinting: Capture technical data for analysis
  • Camera Consent Demo: Practice handling permission requests
  • Comprehensive Logging: Maintain audit trails for compliance

Security Safeguards

  • Local-only deployment by default
  • Explicit consent requirements
  • Activity logging and monitoring
  • Rate limiting and access controls
  • Ethical use warnings throughout

API Documentation

Once running, access API docs at: http://127.0.0.1:8000/docs

Reporting Issues

Report security concerns or ethical issues immediately to your organization's security team.

License

This software is provided for educational purposes only. Commercial use requires explicit authorization.

15. Ethical Disclaimer (ethical_disclaimer.md)

Deployment Instructions

16. Setup Script (setup.py)

Running the Application

  1. Execute the setup: python setup.py

  2. Activate virtual environment:

    # Linux/Mac
source venv/bin/activate

# Windows  
venv\Scripts\activate

  3. Launch the application: uvicorn app.main:app --reload --host 127.0.0.1 --port 8000

Access the platform:

  • Navigate to http://127.0.0.1:8000
  • Login with credentials: admin / admin
  • Review ethical guidelines before creating campaigns

Key Security Features Implemented

  1. Ethical Safeguards:
  • Prominent warnings throughout the application
  • Local-only deployment by default
  • Comprehensive activity logging
  • Explicit consent requirements for camera access
  1. Technical Security:
  • JWT-based authentication
  • Rate limiting on all endpoints
  • Input validation and sanitization
  • SQL injection protection via SQLAlchemy
  • CORS restrictions to local hosts
  1. Compliance Features:
  • Audit trails for all activities
  • Timestamped logging
  • Consent tracking
  • Data minimization practices

This complete implementation provides a robust, ethically-designed phishing simulation platform ready for immediate deployment in authorized training environments, with all the required features and security measures in place.

About

A secure and ethical phishing simulation training platform designed for authorized security awareness training and education. Includes consent-based simulations, logging, analytics, and strong security safeguards. Unauthorized or malicious use is strictly prohibited.

Topics

python cybersecurity ethical-hacking training-platform fastapi phishing-simulation security-awareness-training

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages