LUCY might initiate certain communication channels to servers on the internet:
|18.104.22.168 (update.phishing-server.com)||Lucy Update/License Server/HTTP proxy||80/443 (HTTP/HTTPS)||TCP|
|22.214.171.124 (or any other DNS Server)||Your DNS Server||53 (DNS)||UPD|
|126.96.36.199||NIST CVE database (Optional)||80 (HTTP)||TCP|
|0.0.0.0 (Any)||Mail Communication (Optional)||25 (SMTP)||TCP|
|188.8.131.52 (news.gtta.net)||Fetch LUCY Update News (Optional)||80 (HTTP)||TCP|
In order to reach LUCY from the internet port 80 and 443 (if you use SSL in a campaign) needs to be open. No other ports are required. If LUCY should forward mails from users that respond to a phishing simulation port 25 (SMTP) needs to be opened as well.
|ANY||Your LUCY Server IP||80/443 (HTTP/HTTPS)||TCP||Needed for accessing the landing pages & for certificate verification (http)|
|ANY||Your LUCY Server IP||25 (SMTP)||TCP||Only needed, if you want to catch email replies|
Upon execution, the malware simulation tool will open the built in Internet Explorer or other default browser (in hidden mode) and send out the collected data to LUCY via HTTP or HTTPS (it will automatically choose HTTPS if you run your campaign via SSL). This tool will also work in environments where the Internet is accessed with Proxy servers - only allowing access for authorized Windows users.