Search the Community

Combination of evilginx2 and GoPhish. Disclaimer I shall not be responsible or liable for any misuse or illegitimate use of this software. This software is only to be used in authorized penetration testing or red team engagements where the operator(s) has(ve) been given explicit written permission to carry out social engineering. [hide][Hidden Content]]

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and executes phishing engagements and security awareness training. The idea behind gophish is simple – make industry-grade phishing training available to everyone. “Available” in this case means two things – Affordable – Gophish is open-source software that is completely free for anyone to use. Accessible – Gophish is written in the Go programming language. This has the benefit that gophish releases are compiled binaries with no dependencies. In a nutshell, this makes installation as simple as “download and run”! Changelog v0.12.1 Added Trusted Origins to CSRF Handler We’ve added the ability to set trusted_origins in the config.json file. This allows you to add addresses that you expect incoming connections to come from, which is helpful in cases where TLS termination is handled by a load balancer upstream, rather than the application itself. This has been a long discussed and requested feature so it’s great to have! Thanks to @mcab and everyone else in this thread. Updated Workflows Our Continuous Integration workflow has been updated and is succeeding again. We’ve also updated the Release workflow, mitigating some security concerns and adapting it be able to build Windows releases again. These are (hopefully!) at the bottom of this post. Minor fixes Some JavaScript files hadn’t been minified properly, causing problems with adding customer headers. A small bug was fixed where copying a campaign would not show [Deleted] in an edge case – see #2482. Thanks @29vivek. How to Upgrade To upgrade, download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new Gophish binary and you’ll be good to go! [hide][Hidden Content]]

Gophish: Open-Source Phishing Toolkit Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. [hide][Hidden Content]]

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and executes phishing engagements and security awareness training. The idea behind gophish is simple – make industry-grade phishing training available to everyone. “Available” in this case means two things – Affordable – Gophish is open-source software that is completely free for anyone to use. Accessible – Gophish is written in the Go programming language. This has the benefit that gophish releases are compiled binaries with no dependencies. In a nutshell, this makes installation as simple as “download and run”! Changelog v0.10.1 Gophish Just Got Better. We’re excited to announce v0.10.1. This release significantly improves the performance of sending emails, adds some features and fixes bugs. Here’s just a couple of the exciting changes. [HIDE][Hidden Content]]

Gophish: Open-Source Phishing Toolkit Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. [HIDE][Hidden Content]]

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and executes phishing engagements and security awareness training. The idea behind gophish is simple – make industry-grade phishing training available to everyone. “Available” in this case means two things – Affordable – Gophish is open-source software that is completely free for anyone to use. Accessible – Gophish is written in the Go programming language. This has the benefit that gophish releases are compiled binaries with no dependencies. In a nutshell, this makes installation as simple as “download and run”! Changelog v0.8 This release fixes a bunch of bugs, adds a few features, and lays the groundwork for really cool features to come. RBAC Support This release includes initial support for Role-Based Access Control (RBAC). Specifically, it introduces global roles that separates admins from non-admins. You can find more information here. Users API Users with the admin role have access to the user management API. This API allows you to create and manage users programmatically. You can find documentation for this API here. Added Docker Support We’ve added a Dockerfile so that you can build Gophish in a container. We’ll be uploading an official Docker image at gophish/gophish shortly. Code Refactoring While this isn’t a user-facing change, it’s a big one. We’ve refactored a bunch of the code to be cleaner and more structured. This will help new developers coming into Gophish to get up and running more quickly. Those are the big changes, but that’s certainly not everything! You can find a full changelog here. [HIDE][Hidden Content]]