name: phishing-simulation-skill description: 钓鱼模拟演练活动的执行与分析,用于安全意识评估 allowed-tools:
- Bash
- Read
- Write
- Glob
- Grep
- WebFetch
钓鱼模拟技能
目的
执行和分析钓鱼模拟演练活动,以评估组织的安全意识,识别高风险用户,并衡量安全培训计划的有效性。
能力
活动模板生成
- 创建逼真的钓鱼邮件模板
- 设计用于凭证收集模拟的着陆页
- 生成基于附件的模拟场景
- 利用开源情报创建鱼叉式钓鱼模板
- 开发伪装场景
- 构建多阶段攻击模拟
活动执行
- 安排和启动模拟活动
- 管理目标用户组
- 配置发送参数(时间安排、节流)
- 处理退信和投递跟踪
- 实施安全着陆页
- 管理活动持续时间和范围
用户响应跟踪
- 跟踪邮件打开率
- 监控链接点击率
- 记录凭证提交尝试
- 跟踪附件打开情况
- 测量响应时间
- 识别重复违规者
意识报告
- 生成活动摘要报告
- 创建部门级细分报告
- 生成随时间变化的趋势分析
- 与行业基准进行比较
- 生成高管仪表板
- 导出数据以供进一步分析
高风险用户识别
- 识别点击链接的用户
- 标记提交凭证的用户
- 跟踪重复的高风险行为
- 为用户安全意识评分
- 优先安排用户进行额外培训
培训建议
- 推荐针对性培训模块
- 建议补救性培训任务
- 跟踪培训完成率
- 关联培训与行为改善情况
- 生成培训有效性报告
模拟类型
| 类型 | 描述 | 风险等级 |
|---|---|---|
| 大规模钓鱼 | 广泛的意识测试 | 低 |
| 鱼叉式钓鱼 | 针对性攻击 | 中 |
| 捕鲸攻击 | 针对高管的攻击 | 高 |
| 语音钓鱼 | 电话钓鱼 | 中 |
| 短信钓鱼 | 短信钓鱼 | 中 |
| 商业邮件欺诈 | 商业邮件欺诈 | 高 |
模板类别
- 密码重置通知
- IT支持消息
- 包裹递送通知
- 发票/付款请求
- 人力资源通讯
- 高管请求
- 云服务通知
- 社交媒体警报
集成
- KnowBe4: 安全意识培训平台
- Proofpoint: 安全意识和钓鱼模拟
- GoPhish: 开源钓鱼框架
- Cofense: 钓鱼防御解决方案
- Microsoft Defender: 攻击模拟培训
目标流程
- 安全意识培训计划
- 人员风险评估
- 社会工程学测试
- 合规性培训验证
输入模式
{
"type": "object",
"properties": {
"campaignType": {
"type": "string",
"enum": ["mass", "spear", "whaling", "department", "new-hire"],
"description": "钓鱼模拟类型"
},
"templateCategory": {
"type": "string",
"enum": ["password-reset", "it-support", "delivery", "invoice", "hr", "executive", "cloud-service"],
"description": "钓鱼模板类别"
},
"targetGroups": {
"type": "array",
"items": { "type": "string" },
"description": "目标用户组或部门"
},
"schedule": {
"type": "object",
"properties": {
"startDate": { "type": "string", "format": "date-time" },
"endDate": { "type": "string", "format": "date-time" },
"sendingWindow": { "type": "string" }
}
},
"difficulty": {
"type": "string",
"enum": ["easy", "medium", "hard", "expert"],
"description": "模拟难度级别"
},
"landingPageAction": {
"type": "string",
"enum": ["awareness", "training-redirect", "credential-capture"],
"description": "用户点击链接后的操作"
},
"customTemplate": {
"type": "string",
"description": "自定义模板文件路径"
}
},
"required": ["campaignType", "targetGroups"]
}
输出模式
{
"type": "object",
"properties": {
"campaignId": {
"type": "string"
},
"campaignType": {
"type": "string"
},
"executionPeriod": {
"type": "object",
"properties": {
"startDate": { "type": "string" },
"endDate": { "type": "string" }
}
},
"targetSummary": {
"type": "object",
"properties": {
"totalTargets": { "type": "integer" },
"emailsSent": { "type": "integer" },
"emailsDelivered": { "type": "integer" },
"bounced": { "type": "integer" }
}
},
"results": {
"type": "object",
"properties": {
"emailsOpened": { "type": "integer" },
"openRate": { "type": "number" },
"linksClicked": { "type": "integer" },
"clickRate": { "type": "number" },
"credentialsSubmitted": { "type": "integer" },
"submissionRate": { "type": "number" },
"attachmentsOpened": { "type": "integer" },
"reportedPhishing": { "type": "integer" },
"reportRate": { "type": "number" }
}
},
"departmentBreakdown": {
"type": "array",
"items": {
"type": "object",
"properties": {
"department": { "type": "string" },
"clickRate": { "type": "number" },
"riskScore": { "type": "number" }
}
}
},
"highRiskUsers": {
"type": "array",
"items": {
"type": "object",
"properties": {
"userId": { "type": "string" },
"actions": { "type": "array" },
"repeatOffender": { "type": "boolean" }
}
}
},
"trainingRecommendations": {
"type": "array",
"items": {
"type": "object",
"properties": {
"userGroup": { "type": "string" },
"recommendedModules": { "type": "array" },
"priority": { "type": "string" }
}
}
},
"benchmarkComparison": {
"type": "object",
"properties": {
"industryAvgClickRate": { "type": "number" },
"organizationClickRate": { "type": "number" },
"performanceRating": { "type": "string" }
}
}
}
}
使用示例
skill: {
name: 'phishing-simulation-skill',
context: {
campaignType: 'mass',
templateCategory: 'password-reset',
targetGroups: ['all-employees'],
difficulty: 'medium',
landingPageAction: 'awareness'
}
}