Gophish (Phishing)
Last updated
Last updated
This section provides the general steps to perform a phishing campaign and the commands to retrieve the campaign results.
Before installing Gophish, perform the following changes, so the phishing platform is not detected by modern AVs.
To install Gophish, simply execute the following command.
To fix this, you must compile it with the following environment variable.
In order to have a certificate signed by AC to make the phishing page more trusted, you can use Let's encrypt.
The easiest way to verify the domain is through DNS, so you only have to add the TXT record that the script tells you during its execution.
After that, the certificate will be generated on your system.
Then, copy the files into the Gophish directory and modify the config.json like so:
To execute Gophish, execute the following commands.
Note: If it is the first time you are running Gophish, you will be prompted with the password for the administration interface on the CLI. After logging in, you will be requested to change it.
If you see that the admin web interface doesn't work and some errors appear on the browser console like:
If you try to access the URL, you will obtain a 404 not found. That is because they have not been downloaded.
To fix that problem, execute the following commands.
In order to perform the phishing campaign, you will need to buy a fake DNS domain that must point to the Gophish instance, where the landing page will be located.
You will require an SMTP server to perform the phishing campaign to send the phishing emails to your targets.
To do so, you only need to install postfix.
Then, the sending profile will look like this:
Warning: If your postfix server is running on a VPS, you might encounter any outgoing traffic pointing to port 25 is been rejected; that is because the VPS policy doesn't allow outgoing traffic to port 25 to prevent users from performing phishing attacks.
However, the easiest way to bypass this is to install postfix your VM and redirect the traffic using Ngrok
Finally, you will only need to set the domain and port in the "Host" field provided by Ngrok.
To create a landing page, you can craft your own, download some templates or clone it.
Phishing templates:
Web page cloner (Might not work in every case):
Furthermore, if you want to obtain information provided by the target, then the data must be submitted through a POST request to the landing page; the name of the variables can be whatever you want, else will not be gathered by Gophis.
Nonetheless, if you want to use the below commands to retrieve the username and password from the EVENTS_RAW.CSV, name the variables username and password.
Finally, if you want to add static files such as images, fonts, and files to be downloaded... you need to upload them into the folder <GOPHIS_PATH>/static/endpoint/. Then, you must do the reference with the URL /static/<FILE>.
Once the campaign is over, you might want to obtain data about the number of clicked links, data submissions and obtain submitted usernames and passwords.
Obtain users who clicked the link.
Obtain users who submitted data.
Extract all usernames and passwords from the EVENTS CSV file.
During Gophish installation, you might encounter the following .
