Schneider Downs Releases redlure, an Open-Source Phishing Assessment Platform

Open-Source Phishing Assessment Platform

Software permits users to create customizable and scalable mock phishing campaigns

Schneider Downs, one of the nation’s 60 largest accounting and business consulting firms, announced the release of redlure, an open-source phishing platform built with the needs of red teamers and penetration testers top of mind.  redlure provides users with the ability to self-generate phishing test campaigns that will be realistic and appropriate for each company’s organizational structure and includes a distributed model that grants one interface access to multiple campaigns running on different servers and domains simultaneously.

Phishing attacks continue to be on a rise and represent an enormous threat to corporate and individual privacy and security.  redlure provides organizations with a tool to create their own phishing tests to proactively assess employee resistance to phishing attacks and identify vulnerabilities.

This is the first open-source offering from the Schneider Downs’ rapidly growing cybersecurity practice.

“There is an essential need for a phishing platform that can be customized and scaled for the unique needs of each company. Schneider Downs tried numerous tools to create testing environments that mimic real user experiences from cloud services, yet we didn’t find one with the full capabilities that we needed,” explained Matthew Creel, product engineer and author of the open-source code. “Ultimately, we determined that we could best meet our needs by programming a solution ourselves.”

By developing redlure internally, the cybersecurity team at Schneider Downs prioritized the ability to develop testing campaigns tailored to the user. Features include the ability to:

  • Manage multiple phishing campaigns in parallel
  • Accurately mimic user experiences on common or popular websites
  • Encrypt sensitive data within the platform’s database to secure private credentials
  • Improve metrics to track when specific targets have opened emails, clicked links, downloaded payloads and submitted credentials
  • Customize campaigns to best fit an organization’s culture and structure, thus providing a more stringent testing platform

“Our practice owes a great deal to the cybersecurity community and other companies that have previously created open-source programs for us to use. They have made us a better practice,” explained Daniel Desko, leader of Schneider Downs’ cybersecurity practice. “This is our contribution and effort to pay that debt forward to help other companies.”