GoPhish how to fish online?

No matter how much time an IT team spends securing your company's data center servers and / or desktops, your security is as strong as the end users who use the hardware.

With a single click, one of your employees could destroy your systems. That's why it's important to constantly test your devices. However, you also need to educate your users.

With a simple phishing test, you could test the effectiveness of antivirus solutions, as well as the knowledge of those who work in your business. Are end users able to detect a suspicious email, or are you one click away from being attacked?

How to test these end users? One way is with the GoPhish e-fishing tool kit. With GoPhish you can simulate e-fishing and train your employees.

GoPhish is an easy-to-use platform that can run on desktops with Linux, macOS and Windows. With GoPhish you can create and track phishing campaigns, landing pages, upload profiles and more.

Below we will see how you can install GoPhish and create a campaign.

I will show GoPhish in Debian. Installing GoPhish is actually quite simple, regardless of platforms, but there is one extra step you need to take when using Linux (the operating system of my choice).

To use GoPhish in the way I will describe below, you will need a Linux distribution and a root privileged user.

You are not actually installing GoPhish. Just download a compressed file, unpack it and run the binary.

• gophish-v0.11.0-linux-32bit.zip 30.9 MB
• gophish-v0.11.0-linux-64bit.zip 31.3 MB
• gophish-v0.11.0-osx-64bit.zip 33.2 MB
• gophish-v0.11.0-windows-64bit.zip 31.7 MB
• Source code (Zip)

The first thing you need to do is download the compressed GoPhish file from official download page. Once the download is complete, open a terminal in the folder that contains the download and create a new folder with the command:

mkdir gophish

Move the compressed file to this folder with the command:

mv gophish * .zip gophish

Go to the new directory with the command:

cd gophish

Then unzip the file with the command:

unzip gophish * .zip

When the decompression process is complete, you will find (among other things) the GoPhish binary. To run this file, you must grant it the appropriate permissions with the command:

chmod u + x gophish

How to run GoPhish

To use GoPhish properly, recipients of the e-fishing test campaign must have access to the e-fishing server. So you should not use the loopback address, but use the IP address of the phishing server URL.

This, of course, means that your server should be accessible. To make sure GoPhish is accessible from your LAN, you need to make a simple adjustment to a configuration file. At the terminal you have open, give the command:

nano config.json

In this file, look for the line:

"Listen_url": "127.0.0.1:3333",

and change it to:

"Listen_url": "SERVER_IP: 3333",

Where SERVER_IP is the IP address of the machine that will host the campaign.

Save and close the file with CTRL + X, press Y and Enter. In our example we did not change the internal IP 127.0.0.1 because we run it locally only for testing.

You can now start GoPhish with the command:

sudo ./gophish
or if you are already rooted
./gophish

This will start the GoPhish embedded server. Once it runs, you will see a line in the terminal informing you of the default credentials. The username is admin and the password is a random string. Copy this character string, and then open the address in a browser. When prompted, enter the default login credentials

Sign in to GoPhish for the first time.

You will then be prompted to change the administrator password.

Once you change the administrator password, you will be in the GoPhish control panel

Start a GoPhish campaign

Sending a campaign through GoPhish is quite simple, if you know where to start. You can't just click on New Campaign and get started, because you first have to create a few pieces to join the puzzle.

The upload profile needs SMTP settings (otherwise GoPhish could not send campaigns). Click Sending Profiles on the left sidebar, and then click New Profile. In the window that opens, configure an SMTP server to be used for the campaign.

Then create an email template by clicking Email Templates in the left pane and clicking New Template. In the new template window, create a template to use for your campaign.

When creating a Template, it is important to use variables. For example, in a subject line you would use something like:

Reset password for E E .Email}}

Then, in the main part of the e-mail, you can use something like:

N {.Name}},

The password for {{.Email}. Has expired. Reset your password here.

Thanks,

Your IT team

Next, you need to add a link. Open the Link Dialog, and then use {{.URL}} as the URL.

Then you need to create a landing page. This will simulate the page from which users will try to log in to their service or change their password.

For this, you need to use a real site that requires users to log in or change their password. This may be one of your own servers or some third party. Click Landing Page, then New Landing Page.

In the window that opens, give the page a name, click Import Site, and type the URL of the login page to be used, and click Import. Check the Capture Submitted Data.

Finally, you need to create a new group. Click Users & Groups on the left sidebar, and then click New Group. In the pop-up window, create a new group, and then add or add users. These users will be the email addresses to which you send your phishing campaign.

After creating all the above you can now click on Campaigns and then on New Campaign. In the New Campaign window, fill in all the information that you have created.

All you have to pay attention to is the URL. The URL is the one that will fill in the value of UR {.URL.} And must be accessible by the recipient. It must also be the domain or IP address of the server that contains GoPhish.

Once you have filled in all the information, click Start Campaign, which will start sending emails to the recipient list that you created in the Groups section.

Recipients will receive the campaign and can click on the link. When they do, GoPhish will record the data. You can then see the results in Control Panel. The list will tell you which users opened the email, which users clicked on the phishing link, and which users entered data on the link that was clicked.