Update immediately to LUCY V 3.3.3

Alert! Please install V 3.3.3! Your LUCY Server needs an immediate patch.

Dear Clients,

Please install LUCY version 3.3.3 as soon as possible! It should be available in Lucy upgrade section.


In the case the server has running campaigns:

If you have some campaigns running, that prevent you from upgrading and you are unable to access the campaign page, you will be unable to upgrade from the UI. In order to upgrade, you will need to stop campaigns manually. That could be done by connecting to Lucy over SSH and issuing the following command under the root account:

sudo -upostgres psql phishing -c 'update campaign_scenarios set status = 0 where status = 10'


After the command is done, you can safely upgrade to the newest version and start (do not click RESTART: ONLY click “START | REAL ATTACK” to resume the campaign without re-sending the mails) the campaigns you previously stopped again.


“Stop all” Feature will come with LUCY 3.5

In the last days, we got a lot of improvement requests for this functionality. We will implement it: Starting from Lucy 3.5 you can stop all campaigns before upgrading right on the update page.


Should you have problems:

If you experience any problems,

  1. please open an SSH connection for our support engineer and
  2. get in contact with us.

A big sorry for the inconvenience!

Best Regards,

Oliver Muenchow & Palo Stacho

LUCY Phishing GmbH


Edit Apr-06-2017, 3pm (CEST)

Reason: The patch adresses an internal issue with an encryption module that is used to obfuscate LUCY code. The encryption module stopped working. As a result code (e.g. PHP) cannot be decypted anymore and results to errors when accessing certain pages (500 internal server error). After the patch, the code can be interpreted again.


The ultimate Phishing Tool and even more – LUCY V 3.3 out now!

A completely redeveloped PhishButton, Reports in Microsoft Word format, improved learning management system (LMS) functionalities: LUCY had become the ultimate Phishing Tool (and even more)! And it’s still free for up to 50 Users! Download it now.

New Version: The Phishing Tool and its training functionalities

Again, we put lot of efforts into our baby. With the feedback from our customers and we improved many existing features. Here’s the list:

Completely new Outlook Plugin / Phish Button: Starting with LUCY 3.3 the plugin is a signed MSI file and programmed as a C++/COM object. The loading time of the plugin is around 10 Milliseconds.

Reports in Microsoft Word Format – Docx: Within each campaign you will find a button that allows you to create a PDF, HTML, raw CSV and now in Version 3.3 a Word report based on a predefined *.docx template report format

New CSV reports. Export the insights you got in raw CSV format

Embedded java exploit: The JavaExploiter is a signed applet that will execute one or multiple commands and report back to LUCY

Recipient stats page improvement: http://www.lucysecurity.com/PS/doc/dokuwiki/doku.php?id=monitor_a_campaign_statistics#see_advanced_recipient_statistics

Alternative dashboard views & actions: You can select different default views for your dashboard and starting with LUCY 3.3 you can export the dashboard info (overall stats, campaign names etc.): Ability to reschedule awareness training: Starting with LUCY 3.3 the recipient will be able to re-schedule an awareness training.

The ultimate Phishing Tool Dashboard - LUCY V 3.3 is out

New Dashboard Style available – LUCY – Phishing Tool and more

Comparison improvement: Starting with LUCY 3.3 you have advanced comparison statistics that allow you to make also trend analysis

Scheduling improvement (Timezones)  Now you have the ability to create scheduling rules based on different time zones. If you specify a longer time range you can also ensure, that mails are not sent out on weekends by selecting the according checkbox

Victim reminder: The victim reminder is a new feature that can be configured within a campaign. It allows the administrator to define, that recipients who did not click on a link, did not start a training or did not finish a training, get a reminder message send after X days (to be specified).

Automated awareness link delay (LMS): Now you can set a delay for the automated awareness email. This setting will ensure, that people within the same office will not all be informed immediately that a phishing simulation took place.

Recipient list custom fields:  You can create custom recipient fields now. You can add any new recipient attribute you want (e.g. city, gender, education etc.). Those attributes can be used for using customized statistics in LUCY (dashboard filters or raw exports).

Linking a custom Wiki / Optional manual view: By default the LUCY admin or view only user will have access to the LUCY WIKI. If you don’t want to expose the WIKI or create your own web based manual with your corporate design, you can go to the advanced settings and define a link to your manual

Even more new or improved Features in LUCY V 3.3 – The ultimate Phishing Tool:

  • Ability to install all available patches at once
  • Improved charts in reports
  • Time-based variables in message templates
  • Website copying improvement
  • Campaign recipients page improvement
  • Victim side optimizations
  • License purchase improvement
  • Improved statistics
  • Campaign blocking improvements
  • Benchmark statistics improvement
  • Ability to detect clients behind proxy
  • Awareness scheduler improvement
  • Possibility to rename fields in report
  • Timeline improvements
  • Closed JS files from unauthenticated access
  • Setup tool improvement
  • Optional custom 404 for domains
  • OpenDKIM improvements
  • Optional let’s encrypt domain check
  • IDN improvements
  • Limited view account
  • Menu adjustments

Upgrade now to the ultimate Phishing Tool (and it’s even more ) ! Or download below:


Please Update to LUCY 3.2.5 (Patch)

LUCY Relase 3.2 is available in November 2016

Bam! LUCY V3.2 is out with awesome corporate features

Dear LUCY Users,

Phishing Incident Plugin for Outlook and LDAP Integration – Only six weeks after Version 3.1 we’re shipping already LUCY Release V3.2! Why? Because we wanted it so! Big customers and large corporate prospects asked us to provide more corporate features. And we put them in this release!


Important things to consider when upgrading to LUCY V 3.1


New release: LUCY V 3.1 is a big leap forward


LUCY 3.0

Ladies and gentlemen, meet Lucy 3.0 – the biggest project update yet!

You can download VMware ESXi, VMware Workstation, VirtualBox images and Linux installer script on Lucy website, or use a pre-configured AMI on Amazon EC2 instance (search for “lucy” in Community AMIs when creating an instance). If you purchased a commercial license, you can update the system through the “Update” section in Lucy. Please make sure you have no active campaigns running before updating Lucy!

Update notes:

  • Campaign supervisors & campaign launch approval
  • Advanced user permission management
  • Compare results of different attacks
  • Support international domain names
  • Java applet file downloader
  • Massive scheduler improvement
  • Select individual recipients when adding group to campaign
  • “Last Tested” column in recipients
  • Split statistics charts for large amounts of data
  • Ability to map the same users to multiple scenarios within a single campaign
  • CPU/RAM monitoring page
  • Adjust PostgreSQL configuration based on system memory available
  • New variables in landing/message – use data from staff type, location, division and comment columns in your templates
  • Copy campaign button
  • System log viewer
  • Advanced quiz editor
  • Ability to purchase Lucy and extra credits from inside Lucy using Paypal
  • Shortened random recipient link support
  • Set host name for postfix using a scenario’s host name
  • Reboot is now possible for Docker-based setups
  • Time & timezone settings improvements
  • View logs before sending them to support
  • Message images/attachments improvement
  • Duplicate template removal
  • Multi-language message subject
  • Ability to generate new root/user passwords from setup tool
  • Security improvements
  • Support new types of Amazon EC2 containers
  • X-Mailer header made optional and configurable
  • Non-latin encodings support for webpage upload
  • Recipient import improvements
  • Website copy improvements
  • Campaign stop confirmation
  • Templates created/updated date
  • Dozens of other improvements & bug fixes

Preview LUCY 3.0

Lucy 2.9.1

Lucy 2.9.1 patch contains a fix for sending Awareness Website links automatically after an attack is successfully performed. If you downloaded or upgraded Lucy 2.9 on Mar 21, 2016 or later, then your version already contains all necessary fixes.

Lucy 2.9

Lucy 2.9 has been released! You can download VMware ESXi, VMware Workstation, VirtualBox images and Debian/Ubuntu installer script on the Lucy website, or use a pre-configured AMI on Amazon EC2 instance (search for “lucy” in Community AMIs when creating an instance). If you are using a commercial license, you can update the system through the “Update” section in Lucy.

Update notes:

  • Question titles support for quiz-based awareness websites
  • Licensing reports – see what spends your licensing points
  • New version of Malware Toolkit
  • Support 3rd-level domains
  • Additional checks for valid language settings
  • Link press statistics – show number of link clicks for individual recipients
  • Anti-virus/firewall check is optional now
  • Take default language as source when adding translations
  • Ability to insert link to awareness website from scenario landing page
  • Test run – ability to select scenarios to test and display data in statistics
  • Campaign backup with all data (recipients, visits, collected data, etc)
  • Improve graphics quality in reports
  • Check Lucy accessibility in Performance Test
  • Language selector for landing/message preview
  • Campaign checks help – get additional info when some of campaign checks fails
  • Template list speedup
  • Lots of extra features & bug fixes