Team: Huntress SAT
Product: Account phishing settings
Summary: This article outlines how to use shortcodes in the Phishing Creator
Shortcodes are a powerful tool that will allow you to add dynamic (and sometimes randomized) information to custom phishing campaigns. A shortcode is written inside two square brackets. For example, the [firstname] shortcode can be used to insert the target recipient's first name into the body of the scenario.
Some shortcodes are modifiers. Modifiers are unique in that they need the addition of a closing code, which will always be forward slash followed by the shortcode name itself.
Future Date
The [future-date] shortcode will generate a future date/time and parse it into the desired format. The available periods are minutes, hours, days, weeks, months, or years.
I will be out of the office on [future-date amount="5" period="days" format="m-d-Y"]
This will generate a future date 5 days in the future based on the current date/time.
Past Date
The [past-date] shortcode will generate a past date/time and parse it into the desired format.
I was out of the office on [past-date amount="2" period="months" format="m-d-Y"].
This will generate a past date 2 months in the past based on the current date/time.
Name To Email
The [name-to-email] shortcode will transform the given name into a formatted email address. This can be helpful when dynamically generating a random name and needing a matching email to go with it.
- "f" = first name, david@gmail.com
- "l" = last name, brent@gmail.com
- "f.l" = first period last, david.brent@gmail.com
- "l.f" = last period first, brent.david@gmail.com
- "fi.l" = first initial period last, d.brent@gmail.com
- "f.li" = first period last initial, david.b@gmail.com
[name-to-email format="l.f" domain="gmail.com"]David Brent[/name-to-email]
IP Address
The [random-ip-address] shortcode will generate a random IP address in either IPV4 (default) or IPV6 variations.
[random-ip-address type="ipv4"]
Might become "192.0. 2.146".
Name
The [random-name] shortcode will generate a random fictitious persons name. You can optionally pass a gender of "male" or "female" as well as the option of generating only a first or last name.
[random-name gender="male"format="both"]
Number
The [random-number] shortcode will generate a random integer between the "from" and "to" attributes passed.
My account number is [random-number from="999" to="9999"]
Might become "2975".
Option
The [random-option] shortcode will generate a random string based on the options provided. Options must be separated by a tilde symbol (~). This can be useful when you want to create some uniqueness to a scenario but still within the context of your options.
I am from the local [random-option options="Fire~Police"] Department.
Might become "Police".
State
The [random-state] shortcode will generate a random US state and can optionally abbreviate the response by passing a format attribute of "abbr".
I live in [random-state] or [random-state format="abbr"].
Might become "New Jersey" or "NJ".
Bait Link
The [bait-link] shortcode will generate a hyperlink that directs the recipient to the valid "bait link" URL configured for the scenario. You may optionally pass a "class" or "style" attribute.
Please click [bait-link]here[/bait-link].
Please click [bait-link]here[/bait-link].
Might become "here".
Using [bait-link format="qr"] shortcode will generate a QR code image that directs the recipient to the valid “bait link” URL configured for this scenario.
[bait-link format="qr"][/bait-link]
Might display the QR code image below
Recipient
The following shortcodes are all specific to the recipient the scenario is being sent to and will only work if the recipient has corresponding data. This is decided at the time of sending, and therefore may be different than what is shown in a preview.
Company
The [company] shortcode will generate the learner's parent company name with option to "normalize" the name (useful for URL encoding).
You work for [company].
Co-worker
The [coworker] shortcode will generate the email address of a fellow co-worker to the recipient. An optional "pattern" attribute accepts a string that contains an asterisk (*) and will replace the asterisk with the co-worker's email address. Additionally a "fallback" attribute can be provided in the event that the recipient doesn't have any other active learner's in their parent company.
Want to grab a coffee with [coworker pattern="me and *" fallback="me"].
Domain
The [domain] shortcode will generate the domain name of the recipient's email address.
I was found you on [domain].
The [email] shortcode will generate the email address of the recipient.
This email is intended for [email] only.
First Name
The [firstname] shortcode will generate the recipient's first name if provided inside the Learner settings. An optional "pattern" attribute accepts a string that contains an asterisk (*) and will replace the asterisk with first name. Additionally a "fallback" attribute can be provided in the event that the recipient doesn't have a first name provided.
Hi [firstname pattern="*" fallback="User"]
Last Name
The [lastname] shortcode will generate the recipient's last name if provided inside the Learner settings. An optional "pattern" attribute accepts a string that contains an asterisk (*) and will replace the asterisk with last name. Additionally a "fallback" attribute can be provided in the event that the recipient doesn't have a last name provided.
Happy Holidays from the [lastname pattern="* family" fallback="whole team"]!
Might become "Johnson family" or "whole team" if no last name is available.
Comments
0 comments
Please sign in to leave a comment.