3.1.2. Database Schema
This schema defines the various database tables and fields for the objects managed by the King Phisher server. These are exposed over the GraphQL interface with the exception of fields which are restricted based on permissions.
3.1.2.1. Tables
- alert_subscriptions
Subscriptions to alerts for campaigns that users are interested in receiving notifications for.
- expiration
The expiration for which the user can set to no longer receive notifications.
- Nullable
True
- Type
DateTime
- id
- Primary Key
True
- Type
Integer
- user_id
The identifier of the user which created the alert subscription.
- Nullable
False
- Foreignkey
- campaign_id
The identifier of the campaign the user is interested in receiving notifications for.
- Nullable
False
- Foreignkey
- authenticated_sessions
An authenticated session associated with a user that has logged into the server over RPC.
- id
- Primary Key
True
- Type
String
- created
The time at which the session was created.
- Nullable
False
- Type
DateTime
- last_seen
The time at which the last authenticated request associated with this session was seen. Used to support session timeouts.
- Nullable
False
- Type
DateTime
- campaign_types
The type information for a particular campaign. This information is useful for determining the success metrics. For example, a campaign type can be set as “Credentials” for a campaign intending to collect credentials from users while a campaign which does not can have the type set to “Visits”. This will ensure that the campaign of type “Visits” is not considered to be less successful due to it having not collected any credentials.
- id
- Primary Key
True
- Type
Integer
- name
A short name for the campaign type, e.g. “Credentials”.
- Nullable
False
- Type
String
- description
A description of the campaign type, e.g. “Campaigns that intend to collect credentials from target users”.
- Nullable
True
- Type
String
- campaigns
A logical testing unit representing a single campaign.
- expiration
The time at which the server should cease collection of testings information.
- Nullable
True
- Type
DateTime
- id
- Primary Key
True
- Type
Integer
- name
A short, human-readable name for the campaign.
- Nullable
False
- Type
String
- description
A field to store any descriptive information regarding the campaign such as why or how it was conducted.
- Nullable
True
- Type
String
- user_id
The identifier of the user who originally created the campaign.
- Nullable
False
- Foreignkey
- created
The time at which the campaign was created.
- Nullable
True
- Type
DateTime
- max_credentials
The maximum number of credentials to collect per user. This setting can be used to alter how the server behaves when a target submits multiple credentials during the course of a campaign.
- Nullable
True
- Type
Integer
- campaign_type_id
The identifier for the campaign’s type.
- Nullable
True
- Foreignkey
- company_id
The identifier for the company for which this campaign performs testing.
- Nullable
True
- Foreignkey
- credential_regex_username
A regular expression that can be used to determine the validity of a credential’s username field.
- Nullable
True
- Type
String
- credential_regex_password
A regular expression that can be used to determine the validity of a credential’s password field.
- Nullable
True
- Type
String
- credential_regex_mfa_token
A regular expression that can be used to determine the validity of a credential’s mfa token field.
- Nullable
True
- Type
String
- companies
An entity for which a campaign’s test is conducted for.
- id
- Primary Key
True
- Type
Integer
- name
A short, human-readable name for the entity.
- Nullable
False
- Type
String
- description
A field to store any descriptive information regarding the entity.
- Nullable
True
- Type
String
- industry_id
The identifier of the primary industry in which the entity operates.
- Nullable
True
- Foreignkey
- url_main
The URL to the entity’s main web site, useful for incorporation into site templates.
- Nullable
True
- Type
String
- url_email
The URL to the entity’s email portal, useful for incorporation into site templates.
- Nullable
True
- Type
String
- url_remote_access
The URL for the entity’s remote access solution, useful for incorporation into site templates.
- Nullable
True
- Type
String
- company_departments
A subdivision of a company used to group targets with similar roles together.
- id
- Primary Key
True
- Type
Integer
- name
A short, human-readable name for the subdivision.
- Nullable
False
- Type
String
- description
A field to store any descriptive information regarding the subdivision.
- Nullable
True
- Type
String
- credentials
A table storing authentication information collected from a target during the course of a campaign.
- id
- Primary Key
True
- Type
Integer
- visit_id
The identifier of the visit which submitted the credential information.
- Nullable
False
- Foreignkey
- message_id
The identifier of the message which submitted the credential information.
- Nullable
False
- Foreignkey
- campaign_id
The identifier campaign the information was collected as a part of.
- Nullable
False
- Foreignkey
- username
The username submitted by the target.
- Nullable
True
- Type
String
- password
The password submitted by the target.
- Nullable
True
- Type
String
- mfa_token
The multi-factor authentication (MFA) token submitted by the target. This may, for example be a Time-Based One-Time Password (TOTP) code.
- Nullable
True
- Type
String
- submitted
The time at which the credential information was submitted.
- Nullable
True
- Type
DateTime
- regex_validated
Whether or not the fields passed validation with the regular expressions defined by the campaign at the time the credentials information was submitted. If no validation took place because no regular expressions were defined by the campaign, this field is null. If a regular expression for validation was defined for a field that was not submitted, validation fails and this field is false. See
validate_credential()
for more information.- Nullable
True
- Type
Boolean
- deaddrop_connections
A connection instance of an agent which has sent information to the server to prove that the agent was executed.
- id
- Primary Key
True
- Type
Integer
- deployment_id
The deployment identifier of agent which initiated the connection.
- Nullable
False
- Foreignkey
- campaign_id
The identifier campaign the information was collected as a part of.
- Nullable
False
- Foreignkey
- count
The number of times the agent made the connection with the same information, implying that the agent was executed multiple times.
- Nullable
True
- Type
Integer
- ip
The external IP address from which this information was submitted and collected from.
- Nullable
True
- Type
String
- local_username
The username that executed the agent.
- Nullable
True
- Type
String
- local_hostname
The hostname the agent was executed on.
- Nullable
True
- Type
String
- local_ip_addresses
The local IP addresses the agent identified on the system from which it was executed.
- Nullable
True
- Type
String
- first_seen
The first time the information was submitted to the server.
- Nullable
True
- Type
DateTime
- last_seen
The last time the information was submitted to the server.
- Nullable
True
- Type
DateTime
- deaddrop_deployments
An instance of a generated agent which can be distributed as part of testing to identify users that are susceptible to executing arbitrary programs.
- id
- Primary Key
True
- Type
String
- campaign_id
The identifier of the campaign the deaddrop agent was generated for.
- Nullable
False
- Foreignkey
- destination
A descriptive field describing where the agent was deployed to. Used for reporting and tracking purposes.
- Nullable
True
- Type
String
- industries
An industry in which a company operates in.
- id
- Primary Key
True
- Type
Integer
- name
A short, human-readable name for the industry.
- Nullable
False
- Type
String
- description
A field to store any descriptive information regarding the industry.
- Nullable
True
- Type
String
- landing_pages
A page that is intended to be visited during the course of a test to be qualified as a failure. Visits to the landing page will increment the
visits.count
field, while requests to non-landing pages will not. A campaign may have one or more landing pages, and they are automatically identified from the Target URL when messages are sent.- id
- Primary Key
True
- Type
Integer
- campaign_id
The identifier of the campaign this landing page is associated with.
- Nullable
False
- Foreignkey
- hostname
The hostname component of the URL this landing page uses.
- Nullable
False
- Type
String
- page
The path component of the URL this landing page uses.
- Nullable
False
- Type
String
- messages
A message that was sent to a target user to test their susceptibility to phishing attempts.
- id
- Primary Key
True
- Type
String
- campaign_id
The identifier of the campaign which this message was sent as a part of.
- Nullable
False
- Foreignkey
- target_email
The email address of the user who this message was sent to.
- Nullable
True
- Type
String
- first_name
The first name of the user who this message was sent to.
- Nullable
True
- Type
String
- last_name
The last name of the user who this message was sent to.
- Nullable
True
- Type
String
- opened
The time at which the message was confirmed to have been opened. This field is prone to false negatives due to many email clients not automatically loading remote images.
- Nullable
True
- Type
DateTime
- opener_ip
The IP address which opened the message.
- Nullable
True
- Type
String
- opener_user_agent
The user agent of the request sent when the message was opened.
- Nullable
True
- Type
String
- sent
The time at which the message was sent to the target.
- Nullable
True
- Type
DateTime
- reported
The time at which the message was reported by the target.
- Nullable
True
- Type
DateTime
- trained
Whether or not the taget agreed to any training provided during the course of the testing.
- Nullable
True
- Type
Boolean
- delivery_status
A short, human-readable status regarding the state of delivery of the message such as delivered, rejected or deferred.
- Nullable
True
- Type
String
- delivery_details
Any additional details regarding the state of the message delivery status.
- Nullable
True
- Type
String
- testing
Whether or not the message was intended for testing and should be omitted from the overall results.
- Nullable
False
- Type
Boolean
- company_department_id
The identifier of the company subdivision that the target is a member of.
- Nullable
True
- Foreignkey
- storage_data
Storage for internal server data that is generated at run time.
- id
- Primary Key
True
- Type
Integer
- created
The time at which the data unit was created.
- Nullable
True
- Type
DateTime
- modified
The time at which the data unit was modified.
- Nullable
True
- Type
DateTime
- namespace
The namespace in which the data unit exists to allow the same
storage_data.key
to be used multiple times while remaining uniquely identifiable.- Nullable
True
- Type
String
- key
The key by which the data unit is retrieved. This value must be unique within the defined
storage_data.namespace
.- Nullable
False
- Type
String
- value
The readable and writable data unit itself, serialized as a binary object to be loaded and unloaded from the database.
- Nullable
True
- Type
Binary
- users
An authorized user as loaded through the server’s authentication mechanism.
- expiration
The time at which the user should no longer be able to authenticate to the server.
- Nullable
True
- Type
DateTime
- id
- Primary Key
True
- Type
Integer
- name
The name of the user.
- Nullable
False
- Type
String
- description
A field to store any descriptive information regarding the user.
- Nullable
True
- Type
String
- phone_carrier
The service provider of the user’s cell phone. This information is used to send text messages via the providers email to SMS gateway.
- Nullable
True
- Type
String
- phone_number
The user’s cell phone number. This information is used to provide the user with alerts regarding campaigns to which they have subscribed.
- Nullable
True
- Type
String
- email_address
The user’s email address. This information is used to provide the user with alerts regarding campaigns to which they have been subscribed.
- Nullable
True
- Type
String
- otp_secret
A secret value used when prompting for Multi Factor Authentication (MFA) to the server.
- Nullable
True
- Type
String
- last_login
The time at which the user last authenticated.
- Nullable
True
- Type
DateTime
- access_level
The level of access available to a users, where a higher number represents less access than a lower number.
- Nullable
False
- Type
Integer
- visits
An instance where a targeted user has failed their testing attempt by visiting the link provided to them from a message.
- id
- Primary Key
True
- Type
String
- message_id
The identifier of the message that was sent to the target which initiated the visit.
- Nullable
False
- Foreignkey
- campaign_id
The identifier of the campaign that this visit is associated with.
- Nullable
False
- Foreignkey
- count
The number of times the user visited a landing page associated with the campaign. This would be the case when the user visits the link they were provided multiple times from the same browser.
- Nullable
True
- Type
Integer
- ip
The IP address from which the user visited the server.
- Nullable
True
- Type
String
- details
Any applicable details regarding the visist.
- Nullable
True
- Type
String
- user_agent
The user agent of the visist request.
- Nullable
True
- Type
String
- first_landing_page_id
The identifier of the first landing page the visit was made. This is used to determine which landing page a user visited if multiple landing pages are associated with the campaign.
- Nullable
True
- Foreignkey
- first_seen
The time at which the first visit was made to the server.
- Nullable
True
- Type
DateTime
- last_seen
The time at which the last visit was made to the server.
- Nullable
True
- Type
DateTime