Gophish

Gophish: Open-Source Phishing Toolkit

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.

SPECIAL NOTE ON THIS FORK

This fork of Gophish has the following OPSEC changes applied:

• All references to the X-Gophish-Contact header have been replaced with X-Contact in the following file(s):
  • models/email_request_test.go
  • models/maillog.go
  • models/maillog_test.go
  • models/email_request.go
• All references to the X-Gophish-Signature header have been replaced with X-Signature in the following file(s):
  • webhook/webhook.go
• The ServerName constant has been renamed to "IGNORE" in config/config.go
• The RecipientParameter constant has been renamed from "rid" to "key" in models/campaign.go
• The controllers/phish.go file has had changes made:
  • Michael Eder's customError function to overwrite Go's net.http Error function, plus more HTTP response headers (based on Nichola Anastasi's guide)
  • Michael Eder's customNotFound function to serve a less-fingerprintable HTTP 404 response
• An example HTTP 404 response file has been added at templates/404.html to align with the changes in controllers/phish.go

Special thanks to Nicholas Anastasi and Michael Eder for their extremely helpful guides and code changes!

Install

Installation of Gophish is dead-simple - just download and extract the zip containing the release for your system, and run the binary. Gophish has binary releases for Windows, Mac, and Linux platforms.

Building From Source

If you are building from source, please note that Gophish requires Go v1.10 or above!

To build Gophish from source, simply run git clone https://github.com/gophish/gophish.git and cd into the project source directory. Then, run go build. After this, you should have a binary called gophish in the current directory.

Docker

You can also use Gophish via the official Docker container here.

Setup

After running the Gophish binary, open an Internet browser to https://localhost:3333 and login with the default username and password listed in the log output. e.g.

time="2020-07-29T01:24:08Z" level=info msg="Please login with the username admin and the password 4304d5255378177d"

Releases of Gophish prior to v0.10.1 have a default username of admin and password of gophish.

Documentation

Documentation can be found on our site. Find something missing? Let us know by filing an issue!

Issues

Find a bug? Want more features? Find something missing in the documentation? Let us know! Please don't hesitate to file an issue and we'll get right on it.

License

Gophish - Open-Source Phishing Framework

The MIT License (MIT)

Copyright (c) 2013 - 2020 Jordan Wright

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software ("Gophish Community Edition") and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.