Managing Campaigns

After a campaign is created use the Manage Campaigns dashboard to make changes. From here you can run a campaign, view findings, export data and other tasks.

Campaign Restrictions

The following restrictions apply to campaigns:

  • A campaign can only contain one email.
  • A campaign that you build with the canned phishing campaign can only contain one email and up to two web pages. One web page is used for the landing page, and the other web page is used for the redirect page. If you need additional redirect pages, do not use the canned phishing campaign to create a campaign, use the custom campaign builder instead.
  • Each instance of Metasploit Pro can only run one campaign at a time.

Editing the Campaign Name

  1. From within a project, select Campaigns from the Tasks menu.
  2. When the Manage Campaigns area appears, find the campaign that you want to edit.
  1. Click the Edit link.
  1. When the campaign configuration page appears, delete the existing campaign name from the Name field.
  2. Enter the new campaign name in the Name field.
  3. Click the Save button.

Running a Campaign

  1. From within a project, click the Campaigns tab.
  2. When the Manage Campaigns area appears, find the campaign that you want to run. The campaign status must be launchable for the campaign to run. A launchable status indicates that all necessary components of the campaign are configured.
  1. Click the Start button.

Clearing the Data from a Campaign

When you reset the campaign, you clear all the statistics and data collected by the campaign. A campaign reset removes any data collected through form submissions, the statistics for a phishing attack, and the statistics for email tracking.

  1. From within a project, select Campaigns from the Tasks menu.
  2. When the Manage Campaigns area appears, find the campaign that you want to reset.
  1. Click the Reset link.
  1. When the confirmation window appears, click OK to confirm that you want to reset the data in the campaign.

Viewing the Findings for a Campaign

  1. From within a project, click the Campaigns tab.
  2. When the Manage Campaigns area appears, find the campaign whose results you want to view.
  1. Click the Findings link. The Findings window appears and displays the statistics for the entire campaign. You will see the total number human targets that received an email, opened the email, visited the phishing web page, and submitted the web page form.
  2. Click on a stat bubble to view the findings for that a list of human targets associated with that statistic.

For example, if you view the findings for the recipients who filled out the web form, you will see the name and email of the human target that submitted the web form. If you click on their email address, you will see the data that they submitted.

  1. Click the Done button to close the Findings window.

Adding a Campaign Component

  1. From within a project, click the Campaigns tab.
  2. When the Manage Campaigns area appears, find the campaign that you want to edit and click the Edit link.
  1. When the campaign configuration page appears, click the Add email, web page, or portable file button. You can only add components to a campaign that uses the custom setup. You cannot add components to a campaign that you created with the canned phishing campaign.
  1. Click on the campaign component that you want to add. After you add the component, the configuration page for the component appears. Follow the onscreen instructions to configure the component.

Removing a Campaign Component

  1. From within a project, click the Campaigns tab.
  2. When the Manage Campaigns area appears, find the campaign that you want to edit and click the Edit link.
  1. When the campaign configuration page appears, click the Edit button located under Campaign Components. The component icons show red X’s that you can use to remove a component from the campaign.
  2. Click the ‘X’ button for the component that you want to remove.
  3. Click the Done button when you finish.

Stopping a Campaign

  1. From within a project, click the Campaigns tab.
  2. When the Manage Campaigns area appears, find the campaign that you want to stop.
  3. Click the Stop link.

Sending an Email Notification when a Campaign Starts

Before you configure an email notification, you should verify that the SMTP settings for your mail server have been configured for Metasploit Pro. Go to Administration > Global Settings to view your SMTP settings.

  1. From the campaign configuration form, locate the Notifications area.
  2. Select the Notify others before launching the campaign option.
  3. When the Notification Settings window appears, enter the email addresses of the people who you want to send the alert in the To field. To include multiple email addresses, use a comma separated list of email addresses. For example, you can enter a list like the following: joe@rapid7.com, mary@rapid7.com, jon@rapid7.com.
  4. In the Subject field, enter the subject that you want the email to display. By default, Metasploit Pro auto-fills the subject for you with a canned subject line.
  5. In the Message field, enter the information, or body, that you want to send in the email. For example, you may want to say something like, “This is a company wide alert to inform you that we are starting our security awareness program. If you have any questions, please contact John Smith.”
  6. When you are done creating the notification email, click the Save button.

Uploading a Malicious File

  1. From within a project, click the Campaigns tab.
  2. Click the Manage Reusable Resources tab.
  3. From the Resource dropdown, select Malicious Files.
  4. Click the New Malicious File button.
  5. In the File name field, enter the name of the file that you are importing. The file name must include the file extension. For example, if you are uploading an executable file, the file name should include the exe extension.
  6. Click the Browse button to navigate to the location of the file that you want to upload. Once you have found and selected the file, click the Open button. The path to the file will appear in the Attachment field.
  7. Click the Save button.

Deleting a Campaign

  1. From within a project, click the Campaigns tab.
  2. When the Manage Campaigns area appears, find the campaign that you want to delete.
  3. Click the Delete button.
  4. When the confirmation window appears, click OK to confirm that you want to permanently delete the campaign. All target lists and campaign components will be deleted from the project. You will no longer be able to view, run, or edit the campaign.

Exporting Data

You are able to export data about the campaign for later review.

Exporting a CSV File of Campaign Findings

  1. From within a project, click the Campaigns tab.
  2. When the Manage Campaigns area appears, find the campaign that contains the data that you want to export.
  3. Click the Findings link.
  4. Click on the stat bubble that represents the data that you want to export. For example, if you want to export the list of human targets that opened the email, click on the % recipients opened the email stat bubble. A list of human targets and the Export Data button appears.
  5. Click the Export Data button.
  6. When the Open window appears, choose the Save File option and click OK. The file saves to the Downloads folder on your system.

Exporting a CSV File of Emails Sent from a Campaign

  1. From within a project, click the Campaigns tab.
  2. When the Manage Campaigns area appears, find the campaign that contains the data that you want to export.
  3. Click the Findings link.
  4. Click on the # emails were sent stat bubble. A list of human targets and the Export Data button appears.
  5. Click the Export Data button.
  6. When the Open window appears, choose the Save File option and click OK. The file saves to the Downloads folder on your system.

Exporting a CSV File of Human Targets that Opened the Email

  1. From within a project, click the Campaigns tab.
  2. When the Manage Campaigns area appears, find the campaign that contains the data that you want to export.
  3. Click the Findings link.
  4. Click on the % of recipients opened the email stat bubble. A list of human targets and the Export Data button appears.
  5. Click the Export Data button.
  6. When the Open window appears, choose the Save File option and click OK. The file saves to the Downloads folder on your system.
  1. From within a project, click the Campaigns tab.
  2. When the Manage Campaigns area appears, find the campaign that contains the data that you want to export.
  3. Click the Findings link.
  4. Click on the % of openers clicked on link stat bubble. A list of human targets and the Export Data button appears.
  5. Click the Export Data button.
  6. When the Open window appears, choose the Save File option and click OK. The file saves to the Downloads folder on your system.

Exporting a CSV File of Human Targets that Submitted the Form

  1. From within a project, click the Campaigns tab.
  2. When the Manage Campaigns area appears, find the campaign that contains the data that you want to export.
  3. Click the Findings link.
  4. Click on the % of openers submitted the form stat bubble. A list of human targets and the Export Data button appears.
  5. Click the Export Data button.
  6. When the Open window appears, choose the Save File option and click OK. The file saves to the Downloads folder on your system.