---
title: "New NakedPages Phishing Toolkit Causing a Ruckus in the Cybersecurity Industry | Phish Protection"
description: "New NakedPages Phishing Toolkit Causing a Ruckus in the Cybersecurity Industry: The NakedPages phishing toolkit model has been making headlines since its."
image: "https://phishprotection.com/og/blog/nakedpages-phishing-toolkit-causing-ruckus-cybersecurity-industry.png"
canonical: "https://phishprotection.com/blog/nakedpages-phishing-toolkit-causing-ruckus-cybersecurity-industry/"
---

Quick Answer

The NakedPages phishing toolkit model has been making headlines since its discovery by CloudSEK researchers. This post explains what NakedPages is, everything you need to know, and shares NakedPages' features, impact, and how you can protect yourself from the phishing toolkit.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fnakedpages-phishing-toolkit-causing-ruckus-cybersecurity-industry%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=New%20NakedPages%20Phishing%20Toolkit%20Causing%20a%20Ruckus%20in%20the%20Cybersecurity%20Industry&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fnakedpages-phishing-toolkit-causing-ruckus-cybersecurity-industry%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fnakedpages-phishing-toolkit-causing-ruckus-cybersecurity-industry%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fnakedpages-phishing-toolkit-causing-ruckus-cybersecurity-industry%2F&title=New%20NakedPages%20Phishing%20Toolkit%20Causing%20a%20Ruckus%20in%20the%20Cybersecurity%20Industry "Share on Reddit") [ ](mailto:?subject=New%20NakedPages%20Phishing%20Toolkit%20Causing%20a%20Ruckus%20in%20the%20Cybersecurity%20Industry&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fnakedpages-phishing-toolkit-causing-ruckus-cybersecurity-industry%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2022/08/anti-phishing-solutions-6842.jpg) 

The NakedPages phishing toolkit model has been making headlines since its discovery by CloudSEK researchers. This post explains what NakedPages is, everything you need to know, and shares NakedPages’ features, impact, and how you can protect yourself from the phishing toolkit.

The phishing toolkit, NakedPages, has caused a stir by offering its phishing services with over 50 pre-existing phishing templates and anti-bot functionalities that can steer clear of bots from over 120 countries. The NakedPages phishing toolkit was recently discovered for sale across various cybercrime channels and Telegram by **CloudSEK cybersecurity researchers**.

Phishing is the[most common cybercrime](https://www.statista.com/chart/24593/most-common-types-of-cyber-crime/), and NakedPages is a significant threat, especially when the [cybercriminal](/blog/cybercriminals-are-duping-millions-of-accounts-in-the-latest-facebook-phishing-campaign/) behind it is inviting supporters for $1000 contributions for the project’s development.

The following sections discuss how dangerous this new threat is.

\*\* \*\*

### What is NakedPages Phishing Toolkit?

NakedPages is a toolkit that CloudSEK’s[XVigil](https://cloudsek.com/xvigil/)discovered. NakedPages is a phishing toolkit advertised on a cybercrime forum as the tool that serious developers and [scammers](https://www.ft.com/content/a6111b62-6589-44b7-ae6c-7a5f8daed82c) need.

There is no information about the cybercrime syndicate/actor behind NakedPages. However, the advertisement came with a google form that allowed individuals to contact the cybercriminal by filling out a questionnaire. The users who fill out the form get access to a **private GitHub repository** bearing the same logo as the advertised phishing kit. The GitHub account and the cybercrime forum are new and were created within the last 30 days . You can read more about it in[CloudSEK’s post](https://cloudsek.com/threatintelligence/sophisticated-phishing-toolkit-dubbed-nakedpages-for-sale-on-cybercrime-forums/).

![Anti phishing solutions](https://media.mailhop.org/phishprotection/images/2022/08/anti-phishing-solutions-6842.jpg) 

### NakedPages: Everything Discovered Yet

NakedPages is a cause of concern as it contains more than 50 phishing projects under its umbrella and invites more developers and experienced sellers to make it powerful and offer it as a PhaaS ([Phishing as a Service](/blog/latest-phishing-trends-the-biggest-impersonation-targets-of-threat-actors/)) model. The advertisement that CloudSEK analyzed also mentions that it may provide software licenses if those purchasing NakedPages **pay $1000 upfront**.

NakedPages would allow cybercriminals to launch sophisticated [phishing](/resources/what-is-phishing) and [malware](/content/protection-against-malware/malware-protection) campaigns and runs on auto-generated **JavaScript code** attributed to its development framework, NodeJS. NakedPages is designed to work on Linux and requests [R-W-X permissions](https://blog.ssdnodes.com/blog/linux-permissions/) from users and R-X permissions from groups and others. NakedPages uses the “nkp.app” binary.

\*\* \*\*

### Phishing ToWhat Does the NakedPagesolkit Offer?

The NakedPages phishing toolkit offers a wide array of malicious services that cybercriminals using the toolkit will be able to use against you. The NakedPages phishing toolkit:

is a completely automated tool.

contains over 50 phishing templates and projects.

is a fully integrated tool with test anti-bot functionality integrated with the database capable of detecting various bots from over 120 countries.

has a one-click setup and can also be launched with the **bash command** “bash setup/sh.”

supports local environments with mkcert.

offers MongoDB database storage and auto SSL, with domain configuration that can be configured using the bash change-domain.sh script.

offers readymade project generation without the need to code.

renders PHP files and data between the **reverse proxy and PHP** and can handle multiple traffic sources simultaneously.

offers portability via asset storage.

provides a strong session authentication with fingerprints and cookies, all of which are sent to a configured Telegram channel.

- \_ allows cybercriminals to use it to receive results manually, add cookies, filter users, and decode responses.

\*\* \*\*

### Key Takeaway: Can NakedPages Impact You?

The quick answer is yes, NakedPages can affect you. Phishing is a serious cybercrime that paves the way for stealing credentials, and financial information, delivering malware and [ransomware](/resources/ransomware-attack-why-organizations-pay-ransom), rootkits, [spyware](https://www.foxnews.com/tech/newly-unearthed-iphone-spyware-tool-sold-governments-targeted-surveillance), and more. Here are a few phishing statistics to help you understand the severity of this threat.

- [One in 99 emails](https://clario.co/blog/phishing-statistics/)exchanged is a phishing one.

At the cost of[$4.65 million](https://www.ibm.com/downloads/cas/OJDVQGRY), phishing is the second **most expensive cyberattack**, according to IBM’s 2021 Cost of a Data Breach report.

- [During a phishing attack](https://www.tessian.com/blog/phishing-statistics-2020/), 60% of organizations lose data, 52% suffer compromised credentials , and 47% and 29% are affected by ransomware and malware.

Such a sophisticated phishing toolkit that offers automated functionalities and has the potential to grow even more dangerous with invitations to developers willing to join the NakedPages’ phishing toolkit campaign can surely arm cyber criminals to carry out **ransomware attacks**.

Furthermore, with more and more data being collected from phishing pages, cybercriminals can easily pose a [threat](/products/advanced-threat-defense) to your financial and personal security by offering said information on the [dark web](https://www.csoonline.com/article/3249765/what-is-the-dark-web-how-to-access-it-and-what-youll-find.html).

\*\*

![Anti phishing software](https://media.mailhop.org/phishprotection/images/2022/08/anti-phishing-software-5896.jpg) 

\*\*

### How to Protect Against the NakedPages Toolkit?

While talking about a phishing campaign, the first measure you need to take is to avoid [phishing tactics](https://www.indiatvnews.com/technology/news/cybercriminals-used-3-new-tactics-for-phishing-users-in-january-2023-2023-03-17-855428) and fake websites. [Phishing Awareness Training](/content/phishing-awareness-training) for staff members and at the individual level can allow them to notice the key giveaways of fake web pages and keep your organizational systems safe.

In addition, you should **monitor your system** and accounts for anomalies. If there are unintended logins from various places, [malicious detections](https://www.sciencedirect.com/topics/computer-science/malware-detection) by anti-virus tools, and more, you might be a victim of a [cyberattack](https://www.ndtv.com/india-news/11-convicted-in-indias-biggest-cyberattack-on-cosmos-bank-3973428). So, you should monitor all indicators to check if your account is safe.

You should also routinely change your passwords, never reuse them for multiple accounts, and implement MFA ([Multi-factor Authentication](https://aws.amazon.com/what-is/mfa/#:~:text=Multi%2Dfactor%20authentication%20%28MFA%29,question%2C%20or%20scan%20a%20fingerprint.)). With MFA, your account can have an additional layer of security with **OTP verifiability** via _mobile numbers, PINs, biometrics, etc., that cybercriminals cannot easily penetrate._

\*\* \*\*

### Final Words

Cybersecurity news this year has been full of twists. Every time cybersecurity researchers and teams work to keep your accounts safe, a [threat actor](/phishing-awareness/threat-actors-breach-reddit-and-access-internal-documents-code-and-business-systems) tries to break that security down.

The latest NakedPages phishing toolkit is the perfect example of how cybercriminals are teaming up and allowing even low-level criminals to engage in sophisticated cyberattacks. NakedPages might grow into a highly sophisticated phishing campaign affecting millions or might be taken down in a while. A question that only time will answer. In the meantime, you should follow the above steps and **practice excellent cyber hygiene** for better [phishing protection](/).

## Topics

[ Phishing ](/tags/phishing/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 4m  13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization  Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[  Foundational 4m  All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center  May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[  Foundational 4m  2021 Phishing Trends You Need To Be Wary Of  Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"New NakedPages Phishing Toolkit Causing a Ruckus in the Cybersecurity Industry","description":"New NakedPages Phishing Toolkit Causing a Ruckus in the Cybersecurity Industry: The NakedPages phishing toolkit model has been making headlines since its.","url":"https://phishprotection.com/blog/nakedpages-phishing-toolkit-causing-ruckus-cybersecurity-industry/","datePublished":"2022-08-02T10:00:38.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2022-08-02T10:00:38.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/nakedpages-phishing-toolkit-causing-ruckus-cybersecurity-industry/"},"articleSection":"foundational","keywords":"Phishing","wordCount":1041,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2022/08/anti-phishing-solutions-6842.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is NakedPages Phishing Toolkit?","acceptedAnswer":{"@type":"Answer","text":"NakedPages is a toolkit that CloudSEK's"}},{"@type":"Question","name":"Phishing ToWhat Does the NakedPagesolkit Offer?","acceptedAnswer":{"@type":"Answer","text":"The NakedPages phishing toolkit offers a wide array of malicious services that cybercriminals using the toolkit will be able to use against you. The NakedPages phishing toolkit:"}},{"@type":"Question","name":"Key Takeaway: Can NakedPages Impact You?","acceptedAnswer":{"@type":"Answer","text":"The quick answer is yes, NakedPages can affect you. Phishing is a serious cybercrime that paves the way for stealing credentials, and financial information, delivering malware and [ransomware](/resources/ransomware-attack-why-organizations-pay-ransom), rootkits, [spyware](https://www.foxnews.com/..."}},{"@type":"Question","name":"How to Protect Against the NakedPages Toolkit?","acceptedAnswer":{"@type":"Answer","text":"While talking about a phishing campaign, the first measure you need to take is to avoid [phishing tactics](https://www.indiatvnews.com/technology/news/cybercriminals-used-3-new-tactics-for-phishing-users-in-january-2023-2023-03-17-855428) and fake websites. [Phishing Awareness Training](/content/..."}}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"New NakedPages Phishing Toolkit Causing a Ruckus in the Cybersecurity Industry","item":"https://phishprotection.com/blog/nakedpages-phishing-toolkit-causing-ruckus-cybersecurity-industry/"}]}
```