Gophish - An Open-Source Phishing Toolkit
Gophish is a powerful, open-source phishing framework that makes the simulation of real-world phishing attacks dead-simple.
The idea behind gophish is simple - make industry-grade phishing training available to everyone. "Available" in this case means two things:
- Affordable - Gophish is open-source software that is completely free for anyone to use.
- Accessible - Gophish is written in the Go programming language. This has the benefit that gophish releases are compiled binaries with no dependencies. In a nutshell, this makes installation as simple as "download and run"!
How To Install Gophish
Gophish is provided as a pre-built binary for most operating systems. With this being the case, installation is as simple as downloading the ZIP file containing the binary that is built for your OS and extracting the contents.
Building Gophish from Source
Since Gophish is written in the Go programming language, it is extremely simple to build from source. All you will need is the Go language and a C compiler (such as gcc).
To build gophish from source, simply run go get github.com/gophish/gophish. This downloads gophish into your $GOPATH.
Next, navigate to $GOPATH/src/github.com/gophish/gophish and run the command go build. This builds a gophish binary in the current directory.
Understanding the config.jsonThere are some settings that are configurable via a file called config.json, located in the gophish root directory. Here are some of the options that you can set to your preferences:
Key Value (Default) Description admin_server.listen_url 127.0.0.1:3333 IP/Port of gophish admin server admin_server.use_tls false Use TLS for admin server? admin_server.cert_path example.crt Path to SSL Cert admin_server.key_path example.key Path to SSL Private Key phish_server.listen_url 0.0.0.0:80 IP/Port of the phishing server - this is where landing pages are hosted.
Be careful: Since the config.json file contains database credentials, you will want to ensure it is only readable by the correct user. For Linux users, you can do this using chmod 640 config.json.
Exposing Gophish to the InternetBy default, the phish_server.listen_url is configured to listen on all interfaces. This means that if the host Gophish is running on is exposed to the Internet (such as running on a VPS), the phishing server will be exposed to the Internet.
If you also want the admin server to be accessible over the Internet, you will need to change the entry for the admin_server.listen_url to 0.0.0.0:3333.
Be careful: Exposing the admin server to the Internet should only be used if needed. Before exposing the admin server to the Internet, it's highly recommended to change the default password.
Using MySQL
The default database in Gophish is SQLite. This is perfectly functional, but some environments may benefit from leveraging a more robust database such as MySQL.
Support for Mysql has been added as of 0.3-dev. To setup Gophish for Mysql, a couple extra steps are needed.
Example:
Support for Mysql has been added as of 0.3-dev. To setup Gophish for Mysql, a couple extra steps are needed.
Update config.json:First, change the entries in config.json to match your deployment:
Example:
"db_name" : "mysql", "db_path" : "root:@(:3306)/gophish?charset=utf8&parseTime=True&loc=UTC",
The format for the db_path entry is
username:password@(host:port)/database?charset=utf8&parseTime=True&loc=UTC
Update MySQL Config:Gophish uses a datetime format that is incompatible with MySQL >= 5.7. To fix this, Add the following lines to the bottom of /etc/mysql/mysql.cnf:
[mysqld] sql_mode=ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
The above settings are the default modes for MySQL, but with NO_ZERO_IN_DATE and NO_ZERO_DATE removed.The last step you'll need to do to leverage Mysql is to create the gophish database. To do this, log into mysql and run the command
Create the Database:
CREATE DATABASE gophish CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
Running Gophish
Now that you have gophish installed, you’re ready to run the software. To launch gophish, simply open a command shell and navigate to the directory the gophish binary is located.
Then, execute the gophish binary. You will see some informational output showing both the admin and phishing web servers starting up, as well as the database being created. This output will tell you the port numbers you can use to connect to the web interfaces.
gophish@gophish.dev:~/src/github.com/gophish/gophish$ ./gophish 2016/01/10 23:13:42 worker.go:34: Background Worker Started Successfully - Waiting for Campaigns 2016/01/10 23:13:42 models.go:64: Database not found... creating db at gophish.db 2016/01/10 23:13:42 gophish.go:49: Admin server started at http://127.0.0.1:3333 2016/01/10 23:13:42 gophish.go:51: Phishing server started at http://0.0.0.0:80
Running Gophish as a Service
Linux Distributions:
To run Gophish as a service in Linux distributions, you will need to setup a service script. You can refer to this Github issue for an example implementation.
Windows:
To run Gophish as a service in Windows, you can use nssm.
Running Gophish
Now that you have gophish installed, you’re ready to run the software. To launch gophish, simply open a command shell and navigate to the directory the gophish binary is located.
Then, execute the gophish binary. You will see some informational output showing both the admin and phishing web servers starting up, as well as the database being created. This output will tell you the port numbers you can use to connect to the web interfaces.
gophish@gophish.dev:~/src/github.com/gophish/gophish$ ./gophish 2016/01/10 23:13:42 worker.go:34: Background Worker Started Successfully - Waiting for Campaigns 2016/01/10 23:13:42 models.go:64: Database not found... creating db at gophish.db 2016/01/10 23:13:42 gophish.go:49: Admin server started at https://127.0.0.1:3333 2016/01/10 23:13:42 gophish.go:51: Phishing server started at http://0.0.0.0:80
Logging InAfter Gophish starts up, you can open a browser and navigate to https://127.0.0.1:3333 to reach the login page.
The default credentials are:
- Username: admin
- Password: gophish
You might also like:
- KillChain - A Unified Console To Perform The "Kill Chain" Stages of Attacks
- SimplyEmail - Email Recon Made Fast and Easy, With a Framework To Build On
- WinPayloads - Undetectable Windows Payload Generation
- Waldo - A Multithreaded Directory & Subdomain Bruteforcer
- Proxenet - Hacker-Friendly Proxy for Web Application Pentests
- PyPhisher - Python Tool for Phishing
- Commix - Automated Command Injection and Exploitation Tool
- SPARTA - Network Infrastructure Penetration Testing Tool
- wpbf - WordPress Brute Force Tool
- WebPwn3r - A Web Application Security Scanner
- Ncrack - High-Speed Network Authentication Cracker
- 15 Best Malware Sample Sources For Researchers and Reviewers
Post a Comment