Your
Cybersecurity
Crash Test
Dummy

Lucy

What is LUCY?

To find the weakest security link in your organization, you need to think like a hacker. Thanks to LUCY, you can now measure and improve awareness towards phishing, SMiShing, BadUSB, malware and drive-by attacks by launching your own realistic security campaigns. LUCY can emulate cyberattacks in your own network or in the cloud through four main modules:

arrowTraditional Phishing/SMiShing Attack: LUCY runs different variations of attacks to measure and improve awareness of your employees. All technical aspects, i.e. sending mail/SMS, starting the embedded web server or generating statistical analysis are handled by the application. In a few clicks, entire websites can be copied. Also included is a menu of attack scenario templates (pre-defined websites and message templates).


arrowMalware Attack: LUCY can simulate a malware attack, combining phishing with custom malware samples (which can be delivered via mail, web download or USB). You will see who, how far and what type of information can be exposed. LUCY's malware simulation is non-intrusive and doesn't interrupt your normal daily business operations.

arrowMalware Protection Test: This feature allows users to perform security checks without involving employees outside your IT department. Determine your malware-related vulnerabilities on the network, system and application levels. Verify also your SIEM: can you actually detect malicious activities?

arrowTraining: An integrated (interactive) eLearning module provides the necessary training to improve employee awareness.

Show More All Features

How does it work?

LUCY features a simple web-based user interface that includes pre-defined Message, Web- and Malwaresimulation templates. LUCY can also be customized to allow users to create campaigns and templates that can be used again. The solution been designed so technical and non-technical persons can administrate the platform, and configure custom phishing, SMiShing or malware simulation attacks within minutes. Please check out our LUCY WIKI for more technical background infos.
 

What does it cost?

"LUCY" can be downloaded for free, although some limitations apply in the current version. The community edition is designed to increase awareness and can run in total 5 campaigns with 20 users per campaign (max 100 users in total). If you need help in setting up your security campaign, we offer an inexpensive, remote support setup bundle. To run larger campaigns or purchase LUCY please check our price list

SCREENSHOTS

Here you find a few sample screenhots

About LUCY

"LUCY" is a easy to set up tool, with simple reporting designed specifically to measure and improve awareness towards phishing, SMiShing, BadUSB, malware, and drive-by attacks by launching realistic social engineering attacks.
It comes with a simple web based user interface including pre-defined message and web templates. "LUCY" is also fully customizable, users can create campaigns and templates that can be used again. Designed so that both technical and non technical persons can administrate the platform, configuring custom phishing attacks within minutes. Easy to read, accurate reporting on user behaviour (includes link clicks, form submits etc.)
The creation of new attack scenarios can be done with just one mouse click with a website copy feature allowing the user to build a functional copy of any website automatically. "LUCY" can also create custom PE (portable executables) on the fly using the parameters from the initial configuration. Those PE can be send via mail attachment or embedded into the campaign web pages as a plain executable or a compressed archive format.

FIRST NAME* LAST NAME
EMAIL* COMPANY
 
SELECT YOUR DOWNLOAD TYPE

 

When used properly "LUCY" helps protect your network from invaders by creating awareness. Any actions and or activities related to the material contained within this Website is solely your responsibility. The misuse of "LUCY" can result in criminal charges brought against the persons in question. The authors will not be held responsible in the event any criminal charges be brought against any individuals misusing "LUCY" to break the law. Please also note that we may use your e-mail address to provide timely information about LUCY solutions. If you understand those terms please continue to download.

Confirmation of understanding and acceptance of disclaimer

Features

"LUCY" customizable scenarios can all be edited and offer the possibility to run phishing campaigns or malware simulations such as:

• Click-only simulations: These scenarios involve a two-step process with an email that urges the recipient to click on the embedded link.
• Data entry simulations: Send emails with a link to a customized landing page that encourages users to enter sensitive information.
• File Based simulations: create "BadUSB" simulations.
• SMiShing simulations: Send spoofed SMS with any free selectable source number & message to test the awareness regarding mobile devices
• Macro Based simulations: create Word Macro's that report back to LUCY
• BeEF Integration: Analyse how clients access the web & the mail. Determine client based vulnerabilities within the browser.
• Attachment-based simulations: Train users to recognize malicious attachments by sending emails with seemingly legitimate attachments or start web pages with customized tools that gather client data.
• Double Barrel simulations: technology that simulates conversational phishing techniques by sending two emails one at the beginning and one containing a malicious element used by APT.
• DynDNS (run "LUCY" accessible from the Internet on a private IP)
• Mail Engine (send & forward mails)
• Out of the box 40+ professional designed, fully functional web- & mail templates.
• Reporting engine (create custom report templates), export data to pdf, HTML or CVS
• Run Awarenesses Campaigns from LUCY (interactive learning, video's etc.)
• Compile custom code (portable executable) on LUCY that can be executed on the windows target clients (runs behind FW, NAT, Proxy etc.)
• Run malware tests to check for vulnerabilities on your PC's
• Test your SIEM: the advanced malware testing toolkit enables you to simulate all known malware activities (Spyware, Worm, Scanners, Backdoors, Keyloggers, Virus, Ransomware, Bot, Dropper etc.)
• Ability to schedule campaigns
• Ability to run fully anonymous campaigns for privacy reasons.
• Statistic engine (graphical analysis of each phishing campaign)
• Create SSL secured scenarios (with custom certificate or import official certificate via web gui)
• Easy linux configuration script for first use (Vmware Setup script helps you automatically configure LUCY in less than 5 minutes)
• interactive help that guides you through phishing campaigns
• Automatic software updates
• Website Copy feature: copy existing web pages and integrate them in your campaign
• Benchmark Analysis helps you compare different campaigns
• Professional web based scenario editor (editing landing pages or mails)
• Built in SPAM Checker to verify your mail settings
• Built in PERFORMANCE test to verify your hardware settings for your campaign
• Built in Domain API to reserve and map domains within LUCY
• Login filters (enable filters to check for complex passwords or custom domains required within the login)
• Real time access to graphical analysis of the phishing campaign
• Multi user enabled, web based GUI to configure and run phishing campaign against one or ten thousands of users simultaneously
• Customised GUI: upload your own logo and copyright for the admin based access

More Features

Other Features include:

•DynDNS (run "LUCY" accessible from the Internet on a private IP)
•Mail Engine (send & forward mails)
•Out of the box 20+ professional designed, fully functional web- & mail templates
•Reporting engine (create custom report templates), export data to pdf, HTML or CVS
•Run Awarenesses Campaigns from LUCY
•Compile custom code (portable executable) on LUCY that can be executed on the windows target clients (runs behind FW, NAT, Proxy etc.)
•Statistic engine (graphical analysis of each phishing campaign)
•Create SSL secured scenarios (with custom certificate or import official certificate via web gui)
•Easy linux configuration script for first use (Vmware Setup script helps you automatically configure LUCY in less than 5 minutes)
•interactive help that guides you through 1st phishing campaign
•Automatic software updates
•Website Copy feature: copy existing webpages and integrate them in your campaign
•Benchmark Analysis helps you compare different campaigns
•Professional web based scenario editor (editing landing pages or mails)
•Login filters (enable filters to check for complex passwords or custom domains required within the login)
•Real time access to graphical analysis of the phishing campaign
•Multi user enabled, web based gui to configure and run phishing campaign against one or ten thousands of users simultaneously

Meet Us

LUCY GMBH SWITZERLAND

Oliver Muenchow

Please use one of the links below to get in contact

Lucy is the result of 17 years experience answering questions for businesses related to their IT security. Recent scandals put phishing attacks in the minds of company execs who realize that they are unprepared should they get hacked. We started offering penetration tests in 98, assessing the infrastructure and recommending ways to improve. LUCY was a natural progression as companies began asking us questions about the likelihood that an employee might click on a link and trigger the disclosure of sensitive data. Until now companies had to hire external contractors to answer this question. But with LUCY, companies can simulate their own customized phishing and malware attacks to identify where they are at risk. LUCY comes with many e-learning modules giving the employers the tools to bridge the gaps.

Find us also on Facebook: https://www.facebook.com/phishingserver

Download

Please download the latest stable release of LUCY here.


DOWNLOAD NOW

Lucy v. 2.9

It might take a few seconds before the download starts - please be patient

By downloading and using "LUCY" you confirm that "LUCY" does not violate the standards of your community, town, city, state or country. You acknowledge that "LUCY" may not be used by you or any other party for any purpose that violates any local state, federal or foreign law. You understand that getting confidential data using "LUCY" from users not belonging to your own organisation may be illegal. Please also note that we may use your e-mail address to provide timely information about LUCY solutions.

Other resources

Contact us

Please contact Oliver under info@phishing-server.com for support, inquires and feedback.


Lucy Phishing GmbH
Seestrasse 13
8800 Thalwil
Switzerland
+41 79 6959510