pull/2631/merge
Milan Bharanya 2024-11-21 01:14:13 +00:00 committed by GitHub
commit 4d7910fec8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 57 additions and 15 deletions

View File

@ -19,5 +19,17 @@
"logging": {
"filename": "",
"level": ""
},
"attachments": {
"plain_text_file_list": [
".txt",
".html",
".ics",
".ps1",
".bat",
".vbs",
".sh",
".py"
]
}
}
}

View File

@ -26,6 +26,11 @@ type PhishServer struct {
KeyPath string `json:"key_path"`
}
// Attachments represents the handling of attachments in emails
type Attachments struct {
PlainTextFileList []string `json:"plain_text_file_list"`
}
// Config represents the configuration information.
type Config struct {
AdminConf AdminServer `json:"admin_server"`
@ -37,6 +42,7 @@ type Config struct {
TestFlag bool `json:"test_flag"`
ContactAddress string `json:"contact_address"`
Logging *log.Config `json:"logging"`
Attachments Attachments `json:"attachments"`
}
// Version contains the current gophish version

View File

@ -26,7 +26,19 @@ var validConfig = []byte(`{
"db_name": "sqlite3",
"db_path": "gophish.db",
"migrations_prefix": "db/db_",
"contact_address": ""
"contact_address": "",
"attachments": {
"plain_text_file_list": [
".txt",
".html",
".ics",
".ps1",
".bat",
".vbs",
".sh",
".py"
]
}
}`)
func createTemporaryConfig(t *testing.T) *os.File {

View File

@ -61,6 +61,21 @@ func (a *Attachment) ApplyTemplate(ptx PhishingTemplateContext) (io.Reader, erro
// "application/vnd.openxmlformats-officedocument.wordprocessingml.document"
fileExtension := filepath.Ext(a.Name)
if array_contains(conf.Attachments.PlainTextFileList, fileExtension) {
b, err := ioutil.ReadAll(decodedAttachment)
if err != nil {
return nil, err
}
processedAttachment, err := ExecuteTemplate(string(b), ptx)
if err != nil {
return nil, err
}
if processedAttachment == string(b) {
a.vanillaFile = true
}
return strings.NewReader(processedAttachment), nil
}
switch fileExtension {
case ".docx", ".docm", ".pptx", ".xlsx", ".xlsm":
@ -136,21 +151,18 @@ func (a *Attachment) ApplyTemplate(ptx PhishingTemplateContext) (io.Reader, erro
zipWriter.Close()
return bytes.NewReader(newZipArchive.Bytes()), err
case ".txt", ".html", ".ics":
b, err := ioutil.ReadAll(decodedAttachment)
if err != nil {
return nil, err
}
processedAttachment, err := ExecuteTemplate(string(b), ptx)
if err != nil {
return nil, err
}
if processedAttachment == string(b) {
a.vanillaFile = true
}
return strings.NewReader(processedAttachment), nil
default:
return decodedAttachment, nil // Default is to simply return the file
}
}
func array_contains(s []string, str string) bool {
for _, v := range s {
if v == str {
return true
}
}
return false
}