diff --git a/blog/CNAME b/blog/CNAME new file mode 100644 index 00000000..f78ab527 --- /dev/null +++ b/blog/CNAME @@ -0,0 +1 @@ +getgophish.com diff --git a/blog/css/all.min.css b/blog/css/all.min.css index 9764f9af..472e97b1 100644 --- a/blog/css/all.min.css +++ b/blog/css/all.min.css @@ -1 +1 @@ -#layout,.nav-list{padding:0}.brand-title,.content-subhead{text-transform:uppercase}.footer,.header,.post-share-links{text-align:center}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}.pure-g [class*=pure-u],button,html,input,select,textarea{font-family:"Source Sans Pro",serif}.brand-title,.nav-item a,.post-title{font-family:Oxygen,sans-serif}a{text-decoration:none;color:#3d92c9}.brand-title a,.sidebar{color:#fff}a:focus,a:hover{text-decoration:underline}.brand-title a:hover,.post-share-links a:hover,.post-title:hover{text-decoration:none}h3{font-weight:100}.pure-img-responsive{max-width:100%;height:auto}.header{top:auto;margin:3em auto}.sidebar{background:#283F50;}.brand-tagline,.brand-title{margin:0}.brand-tagline{font-weight:300;color:#b0cadb}.nav-list{margin:0;list-style:none}.nav-item{display:inline-block;zoom:1}.nav-item a{background:0 0;border:2px solid #b0cadb;color:#fff;margin-top:1em;font-weight:700}.nav-item a:focus,.nav-item a:hover{border:2px solid #3d92c9;text-decoration:none}.post-share-links,pre{border:1px solid #ccc}.content-subhead{color:#aaa;border-bottom:1px solid #eee;padding:.4em 0;font-size:80%;font-weight:500;letter-spacing:.1em}.hugo,.post-title,pre .class,pre .css-property,pre .css-value,pre .entity.function,pre .id,pre .keyword,pre .sass,pre .storage.function,pre .vendor-prefix{font-weight:700}.content{padding:2em 1em 0}.post{padding-bottom:2em}.post-title{font-size:2em;color:#222;margin:.4em 0}.post-avatar{border-radius:50px;float:right;margin-left:1em}.post-description{font-family:"Source Sans Pro",serif;color:#333;line-height:1.35em}.post-meta{color:#999;font-size:90%;margin:5px 0}.post-category{margin:0 .1em;padding:.3em 1em;color:#fff;background:#999;font-size:80%}.post-category-design{background:#5aba59}.post-category-pure{background:#4d85d1}.post-category-yui{background:#8156a7}.post-category-javascript{background:#df2d4f}.post-images{margin:1em 0}.post-image-meta{margin-top:-3.5em;margin-left:1em;color:#fff;text-shadow:0 1px 1px #333}.footer{padding:1em 0;color:#555;font-size:80%}.footer ul li a{display:inline;padding:0}.hugo{color:#333}.footer .pure-menu a:focus,.footer .pure-menu a:hover{background:0 0}.footer li{list-style-type:none}.post-share-links{margin:15px 15px 0 0;float:left;padding:10px}.post-share-links a{color:#aaa;font-size:28px;line-height:36px;margin:0 auto;display:block;transition:all .3s ease-in}.post-share-links a:hover{color:#3d92c9}.post-share-links h4{font-family:Oxygen,sans-serif;margin:0 0 5px;color:#aaa}@media (min-width:48em){.content{padding:2em 3em 0;margin-left:25%}.header{margin:80% 2em 0;text-align:right}.sidebar{position:fixed;top:0;bottom:0}}pre{word-wrap:break-word;padding:6px 10px;line-height:19px;margin-bottom:20px}code{border:1px solid #eaeaea;margin:0 2px;padding:0 5px;font-size:12px}pre code{border:0;padding:0;margin:0;-moz-border-radius:0;-webkit-border-radius:0;border-radius:0}code,pre{font-family:Consolas,'Liberation Mono',Courier,monospace;color:#333;background:#f8f8f8;-moz-border-radius:3px;-webkit-border-radius:3px;border-radius:3px}pre,pre code{font-size:13px}pre .comment{color:#998}pre .support{color:#0086B3}pre .tag,pre .tag-name{color:navy}pre .css-property,pre .css-value,pre .support.namespace,pre .vendor-prefix{color:#333}pre .constant.numeric,pre .hex-color,pre .keyword.unit{font-weight:400;color:#099}pre .entity.class{color:#458}pre .entity.function,pre .entity.id{color:#900}pre .attribute,pre .variable{color:teal}pre .string,pre .support.value{font-weight:400;color:#d14}pre .regexp{color:#009926} +#layout,.nav-list{padding:0}.brand-title,.content-subhead{text-transform:uppercase}.footer,.header,.post-share-links{text-align:center}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}.pure-g [class*=pure-u],button,html,input,select,textarea{font-family:"Source Sans Pro",serif}.brand-title,.nav-item a,.post-title{font-family:Oxygen,sans-serif}a{text-decoration:none;color:#3d92c9}.brand-title a,.sidebar{color:#fff}a:focus,a:hover{text-decoration:underline}.brand-title a:hover,.post-share-links a:hover,.post-title:hover{text-decoration:none}h3{font-weight:100}.pure-img-responsive{max-width:100%;height:auto}.blog-image{max-width:100%;height:auto;display:block;text-align:center;border:1px solid #aaaaaa;border-radius:5px;margin:0 auto;}figcap{text-align:center;display:block;color:#999999;font-style:italic;}.header{top:auto;margin:3em auto}.sidebar{background:#283F50;}.brand-tagline,.brand-title{margin:0}.brand-tagline{font-weight:300;color:#b0cadb}.nav-list{margin:0;list-style:none}.nav-item{display:inline-block;zoom:1}.nav-item a{background:0 0;border:2px solid #b0cadb;color:#fff;margin-top:1em;font-weight:700}.nav-item a:focus,.nav-item a:hover{border:2px solid #3d92c9;text-decoration:none}.post-share-links,pre{border:1px solid #ccc}.content-subhead{color:#aaa;border-bottom:1px solid #eee;padding:.4em 0;font-size:80%;font-weight:500;letter-spacing:.1em}.hugo,.post-title,pre .class,pre .css-property,pre .css-value,pre .entity.function,pre .id,pre .keyword,pre .sass,pre .storage.function,pre .vendor-prefix{font-weight:700}.content{padding:2em 1em 0}.post{padding-bottom:2em}.post-title{font-size:2em;color:#222;margin:.4em 0}.post-avatar{border-radius:50px;float:right;margin-left:1em}.post-description{font-family:"Source Sans Pro",serif;color:#333;line-height:1.35em}.post-meta{color:#999;font-size:90%;margin:5px 0}.post-category{margin:0 .1em;padding:.3em 1em;color:#fff;background:#999;font-size:80%}.post-category-design{background:#5aba59}.post-category-pure{background:#4d85d1}.post-category-yui{background:#8156a7}.post-category-javascript{background:#df2d4f}.post-images{margin:1em 0}.post-image-meta{margin-top:-3.5em;margin-left:1em;color:#fff;text-shadow:0 1px 1px #333}.footer{padding:1em 0;color:#555;font-size:80%}.footer ul li a{display:inline;padding:0}.hugo{color:#333}.footer .pure-menu a:focus,.footer .pure-menu a:hover{background:0 0}.footer li{list-style-type:none}.post-share-links{margin:15px 15px 0 0;float:left;padding:10px}.post-share-links a{color:#aaa;font-size:28px;line-height:36px;margin:0 auto;display:block;transition:all .3s ease-in}.post-share-links a:hover{color:#3d92c9}.post-share-links h4{font-family:Oxygen,sans-serif;margin:0 0 5px;color:#aaa}@media (min-width:48em){.content{padding:2em 3em 0;margin-left:25%}.header{margin:80% 2em 0;text-align:right}.sidebar{position:fixed;top:0;bottom:0}}pre{word-wrap:break-word;padding:6px 10px;line-height:19px;margin-bottom:20px}code{border:1px solid #eaeaea;margin:0 2px;padding:0 5px;font-size:12px}pre code{border:0;padding:0;margin:0;-moz-border-radius:0;-webkit-border-radius:0;border-radius:0}code,pre{font-family:Consolas,'Liberation Mono',Courier,monospace;color:#333;background:#f8f8f8;-moz-border-radius:3px;-webkit-border-radius:3px;border-radius:3px}pre,pre code{font-size:13px}pre .comment{color:#998}pre .support{color:#0086B3}pre .tag,pre .tag-name{color:navy}pre .css-property,pre .css-value,pre .support.namespace,pre .vendor-prefix{color:#333}pre .constant.numeric,pre .hex-color,pre .keyword.unit{font-weight:400;color:#099}pre .entity.class{color:#458}pre .entity.function,pre .entity.id{color:#900}pre .attribute,pre .variable{color:teal}pre .string,pre .support.value{font-weight:400;color:#d14}pre .regexp{color:#009926}.btn{background-color:#1abc9c;color:#ffffff;border: none;font-size: 15px;font-weight: normal;line-height: 1.4;border-radius: 4px;padding: 10px 15px;-webkit-font-smoothing: subpixel-antialiased;-webkit-transition: border .25s linear, color .25s linear, background-color .25s linear;transition: border .25s linear, color .25s linear, background-color .25s linear;}blockquote{margin-left:0px;padding-left:40px;border-left:5px solid #283F50;font-style:italic;} diff --git a/blog/images/gophish_purple.png b/blog/images/gophish_purple.png new file mode 100644 index 00000000..1d9178a9 Binary files /dev/null and b/blog/images/gophish_purple.png differ diff --git a/blog/images/screenshots/campaign_results.png b/blog/images/screenshots/campaign_results.png new file mode 100644 index 00000000..5af93be0 Binary files /dev/null and b/blog/images/screenshots/campaign_results.png differ diff --git a/blog/images/screenshots/import_site.png b/blog/images/screenshots/import_site.png new file mode 100644 index 00000000..365c86af Binary files /dev/null and b/blog/images/screenshots/import_site.png differ diff --git a/blog/images/screenshots/login.png b/blog/images/screenshots/login.png new file mode 100644 index 00000000..f3f79534 Binary files /dev/null and b/blog/images/screenshots/login.png differ diff --git a/blog/images/screenshots/new_group.png b/blog/images/screenshots/new_group.png new file mode 100644 index 00000000..3186cf2c Binary files /dev/null and b/blog/images/screenshots/new_group.png differ diff --git a/blog/images/screenshots/new_template.png b/blog/images/screenshots/new_template.png new file mode 100644 index 00000000..942aca62 Binary files /dev/null and b/blog/images/screenshots/new_template.png differ diff --git a/blog/images/screenshots/timeline.png b/blog/images/screenshots/timeline.png new file mode 100644 index 00000000..68e3c9de Binary files /dev/null and b/blog/images/screenshots/timeline.png differ diff --git a/blog/index.html b/blog/index.html index da18bb9b..a6a33541 100644 --- a/blog/index.html +++ b/blog/index.html @@ -63,6 +63,253 @@
+

01 Feb 2016, 07:00

+
+
+ + Handling Database Migrations in Go + + +
+ +
+ + +

Why You Should Version Your Database

+ +
+

“I got my database schema correct on the first try.”

+ +

-No one ever.

+
+ +

Like most big projects, gophish needed a way to automatically manage changes to our database schema. As new features were being added, we found ourselves in a situation that required us to add or modify columns and tables to store the new data.

+ +

In a hosted environment, this is no problem since we control the database and can make schema changes as we see fit. Gophish is different, in that it is software intentionally designed to run on the client’s machine. This means that as we rollout updates to gophish’s backend database, we need a way to easily update (or rollback!) changes to the database structure. A versioning system is a perfect fit, which introduces the idea of migrations.

+ +

What is a Migration?

+ +

A migration is nothing more than a set of SQL commands to make changes to a database. Every migration typically has two parts: how to apply the changes you want, and how to roll them back.

+ +

To version control our database, we can create a folder holding multiple migration files. Each file will have an identifier so we know which migration should be applied and in which order. Then, we can store which version our database is currently at in the database itself so if we ever add migrations in the future, we can tell where we left off.

+ +

There are tools that can automate this process for us. We settled on a well-known database migration tool called goose.

+ +

Introduction to goose

+ +

We chose to go with goose since it seemed like a mature, fully-featured solution that would be easily integrated into our code. Goose typically works through the use of its command line tool aptly named goose.

+ +

To set things up, we first need to create the following folder structure:

+ +
| db/
+| | migrations/
+| `-dbconf.yml
+
+ +

Our migrations will be stored in the migrations folder as a series of SQL files. Before we can create migrations, we have to specify the configuration for goose to use. This is found in the dbconf.yml file. In our case, we used the following configuration:

+ +
production:
+    driver: sqlite3 
+    open: gophish.db
+    dialect: sqlite3
+    import: github.com/mattn/go-sqlite3
+
+ +

This configuration specifies a single environment, production, that manages a SQLite database.

+ +

Now that we have created our configuration file, we can start making our migrations. Unfortunately, this is where the hurdles began.

+ +

A Little About Gophish

+ +

Normally, migrations are something that is considered early on in the database creation process. Unfortunately, our schema was already defined and we had clients already running gophish. So, we needed to orchestrate goose in such a way that we could create and apply our migrations without messing up any data that was already in the client’s databases.

+ +

The first step was creating the migrations. To handle this, we first created an empty migration file using the following:

+ +
goose -env production create 0.1.2_browser_post sql
+goose: created ~\go\src\github.com\gophish\gophish\db\migrations\20160130184410_0.1.2_browser_post.sql
+
+ +

This command created a new empty SQL file in our migrations folder that looks like this:

+ +
-- +goose Up
+-- SQL in section 'Up' is executed when this migration is applied
+
+
+-- +goose Down
+-- SQL section 'Down' is executed when this migration is rolled back
+
+ +

For our first migration, we decided to baseline our schema to the current version. To do this, we simply exported our existing schema using the sqlite3 tool. That gave us all of our CREATE TABLE statements that setup our tables and default data. We then copy/pasted those statements below the -- +goose Up section of the migrations.

+ +

The one change we made was to add IF NOT EXISTS to all of our table creation statements. This meant that if the client already had a database setup, this migration would be applied, but no changes would be made - exactly what we want.

+ +

The final step to create this migration was to add the rollback statements. Since this was creating the database, DROP TABLE equivalent statements worked just fine. You can see our final migration file here.

+ +

Now for the next hurdle. Traditionally, migrations work by creating a new migration file and running goose up. Then, goose will compare your database version with the migration files it finds. If there are migrations that need to be applied, it will apply them in order until you are at the current version.

+ +

While the goose up command can work if we control the database, there’s simply no way that we can expect our users to install goose and run goose up every time we want to make a database change. Our goal has always been to make the lives of our users easier, so this simply wouldn’t work. This meant that we needed to handle the migrations in our code.

+ +

Fortunately for us, the goose CLI wraps a rich library that we can use. We were able to integrate this directly into our Setup() function to apply migrations automatically.

+ +

First, we created the gooose.DBConf struct to hold the configuration (a programmatic copy of our dbconf.yml file).

+ +
// Setup the goose configuration
+migrateConf := &goose.DBConf{
+	MigrationsDir: config.Conf.MigrationsPath,
+	Env:           "production",
+	Driver: goose.DBDriver{
+		Name:    "sqlite3",
+		OpenStr: config.Conf.DBPath,
+		Import:  "github.com/mattn/go-sqlite3",
+		Dialect: &goose.Sqlite3Dialect{},
+	},
+}
+
+ +

Next, we need to figure out the latest database version supported by our migrations. This gives us the final “goal” migration that we want to upgrade to. We can do this via the function goose.GetMostRecentDBVersion.

+ +
// Get the latest possible migration
+latest, err := goose.GetMostRecentDBVersion(migrateConf.MigrationsDir)
+if err != nil {
+	Logger.Println(err)
+	return err
+}
+
+ +

And finally, we need to apply our migrations. Goose has a function called goose.RunMigrationsOnDb which expects an existing sql.DB object. Since gophish uses the ORM gorm, we already had a sql.DB object already initialized that we could use to send to goose. This was stored in the db variable.

+ +
// Migrate up to the latest version
+err = goose.RunMigrationsOnDb(migrateConf, migrateConf.MigrationsDir, latest, db.DB())
+if err != nil {
+	Logger.Println(err)
+	return err
+}
+
+ +

That’s it! You can find our full Setup() function here. To handle any additional migrations, all we need to do is run goose create again, add the SQL that makes up the migration, and push out the new file. The next time clients update gophish and restart the executable, the database migrations will be applied automatically!

+ +

If this kind of stuff is interesting to you, and you want to see a full example of a web app written in Go, check out gophish by clicking below.

+ +Download gophish + + +
+
+ +

01 Feb 2016, 06:00

+
+
+ + Announcing gophish v0.1.1 + + +
+ +
+ + + + +

Tl;dr - Download the release here

+ +

The wait is over!

+ +

The gophish team is excited to announce our first public beta version of gophish - version 0.1.1! This blog post will be a short introduction into what gophish is, as well as some of the insanely awesome features we’ve created.

+ +

What is Gophish?

+ +

Gophish is a phishing framework that makes the simulation of real-world phishing attacks dead-simple. The idea behind gophish is simple – make industry-grade phishing training available to everyone.

+ +

“Available” in this case means two things –

+ +
    +
  • Affordable – Gophish is currently open-source software that is completely free for anyone to use.
  • +
  • Accessible – Gophish is written in the Go programming language. This has the benefit that gophish releases are compiled binaries with no dependencies. In a nutshell, this makes installation as simple as “download and run”!
  • +
+ +

Time For Features

+ +

Ok, ok, enough with the intro. The idea of a phishing simulation platform isn’t new. Let’s take a look at some of the features that really set gophish apart and make it awesome.

+ +

Hosted On-Prem

+ +

There are many commercial offerings that provide phishing simulation/training. Unfortunately, these are SaaS solutions that require you to hand over your data to someone else.

+ +

Gophish is different in that it is meant to be hosted in-house. This keeps you data where it belongs - with you.

+ +

Download -> Run

+ +

For the few existing in-house solutions that exist, setup can be a huge pain (looking at you, Ruby gems). Your time is too valuable to be spent wrestling with dependencies trying to create the perfect setup that somehow magically allows the program to run.

+ +

Gophish was written in the Go programming language for this exact reason. To install gophish, all you have to do is download the zip file, extract the contents, and run the binary.

+ +

By doing this, you just started two webservers, populated a database, and setup a background worker to handle sending the mails. Now, your time can be spent making campaigns. Easy peasy.

+ +

API’s for Everything.

+ +

Gophish was built with automation first. This means that you can create scripts and clients that automate all the hard work for you. In addition to this, we keep up-to-date API docs that describe each API endpoint in detail.

+ +

Rock-Solid Documentation

+ +

Speaking of API docs, we take documentation very seriously. We take documentation seriously because we take our user experience seriously. If you can’t find what you need to use and troubleshoot gophish, we’ve failed. Just take a look at our comprehensive user guide, API documentation, and even fully documented code.

+ +

If you ever find something missing in our documentation, we want to know!

+ +

Beautiful UI

+ +

While the API is the core of gophish’s functionality, we also provide a gorgeous admin UI. This UI is simply a wrapper on top of the underlying API. Nothing says more than screenshots:

+ +

+ + Login Screen +
+ +
+ + Creating a New Group +
+ +
+ + Creating an Email Template +
+ +
+ + Importing a Site +
+ +
+ + Viewing Campaign Results +
+ +
+ + Viewing the Timeline for a Target +
+

+ +

Take Gophish for a Spin!

+ +

These features only scratch the surface when it comes to what makes gophish great, and we aren’t anywhere near done yet. To explore these features for yourself, take gophish for a spin!

+ +

We hope you enjoy gophish and are excited for all the new features that will be released soon! In the meantime, if you ever have any questions, comments, or issues, we want to hear from you!

+ +

-The Gophish Team

+ +

Download gophish +

+ +
+
+

07 Jan 2016, 22:05

diff --git a/blog/index.xml b/blog/index.xml index 96fe271a..ea34dd2d 100644 --- a/blog/index.xml +++ b/blog/index.xml @@ -6,9 +6,240 @@ Recent content on Gophish - Blog Hugo -- gohugo.io en-us - Thu, 07 Jan 2016 22:05:58 -0600 + Mon, 01 Feb 2016 07:00:00 -0600 + + Handling Database Migrations in Go + https://getgophish.com/blog/post/database-migrations-in-go/ + Mon, 01 Feb 2016 07:00:00 -0600 + + https://getgophish.com/blog/post/database-migrations-in-go/ + + +<h3 id="why-you-should-version-your-database:664f01dc60472cd080b34187311f6c6f">Why You Should Version Your Database</h3> + +<blockquote> +<p>&ldquo;I got my database schema correct on the first try.&rdquo;</p> + +<p>-No one ever.</p> +</blockquote> + +<p>Like most big projects, gophish needed a way to automatically manage changes to our database schema. As new features were being added, we found ourselves in a situation that required us to add or modify columns and tables to store the new data.</p> + +<p>In a hosted environment, this is no problem since we control the database and can make schema changes as we see fit. Gophish is different, in that it is software intentionally designed to run on the client&rsquo;s machine. This means that as we rollout updates to gophish&rsquo;s backend database, we need a way to easily update (or rollback!) changes to the database structure. A versioning system is a perfect fit, which introduces the idea of migrations.</p> + +<h4 id="what-is-a-migration:664f01dc60472cd080b34187311f6c6f">What is a <em>Migration</em>?</h4> + +<p>A migration is nothing more than a set of SQL commands to make changes to a database. Every migration typically has two parts: how to apply the changes you want, and how to roll them back.</p> + +<p>To version control our database, we can create a folder holding multiple migration files. Each file will have an identifier so we know which migration should be applied and in which order. Then, we can store which version our database is currently at in the database itself so if we ever add migrations in the future, we can tell where we left off.</p> + +<p>There are tools that can automate this process for us. We settled on a well-known database migration tool called <a href="https://bitbucket.org/liamstask/goose/"><code>goose</code></a>.</p> + +<h3 id="introduction-to-goose:664f01dc60472cd080b34187311f6c6f">Introduction to <code>goose</code></h3> + +<p>We chose to go with <a href="https://bitbucket.org/liamstask/goose/"><code>goose</code></a> since it seemed like a mature, fully-featured solution that would be easily integrated into our code. Goose typically works through the use of its command line tool aptly named <code>goose</code>.</p> + +<p>To set things up, we first need to create the following folder structure:</p> + +<pre><code>| db/ +| | migrations/ +| `-dbconf.yml +</code></pre> + +<p>Our migrations will be stored in the <code>migrations</code> folder as a series of SQL files. Before we can create migrations, we have to specify the configuration for <code>goose</code> to use. This is found in the <code>dbconf.yml</code> file. In our case, we used the following configuration:</p> + +<pre><code>production: + driver: sqlite3 + open: gophish.db + dialect: sqlite3 + import: github.com/mattn/go-sqlite3 +</code></pre> + +<p>This configuration specifies a single environment, <code>production</code>, that manages a SQLite database.</p> + +<p>Now that we have created our configuration file, we can start making our migrations. Unfortunately, this is where the hurdles began.</p> + +<h3 id="a-little-about-gophish:664f01dc60472cd080b34187311f6c6f">A Little About Gophish</h3> + +<p>Normally, migrations are something that is considered early on in the database creation process. Unfortunately, our schema was already defined and we had clients already running gophish. So, we needed to orchestrate <code>goose</code> in such a way that we could create and apply our migrations without messing up any data that was already in the client&rsquo;s databases.</p> + +<p>The first step was creating the migrations. To handle this, we first created an empty migration file using the following:</p> + +<pre><code>goose -env production create 0.1.2_browser_post sql +goose: created ~\go\src\github.com\gophish\gophish\db\migrations\20160130184410_0.1.2_browser_post.sql +</code></pre> + +<p>This command created a new empty SQL file in our migrations folder that looks like this:</p> + +<pre><code>-- +goose Up +-- SQL in section 'Up' is executed when this migration is applied + + +-- +goose Down +-- SQL section 'Down' is executed when this migration is rolled back +</code></pre> + +<p>For our first migration, we decided to baseline our schema to the current version. To do this, we simply exported our existing schema using the sqlite3 tool. That gave us all of our <code>CREATE TABLE</code> statements that setup our tables and default data. We then copy/pasted those statements below the <code>-- +goose Up</code> section of the migrations.</p> + +<p>The one change we made was to add <code>IF NOT EXISTS</code> to all of our table creation statements. This meant that if the client already had a database setup, this migration would be applied, but no changes would be made - exactly what we want.</p> + +<p>The final step to create this migration was to add the rollback statements. Since this was creating the database, <code>DROP TABLE</code> equivalent statements worked just fine. You can see our final migration file <a href="https://raw.githubusercontent.com/gophish/gophish/master/db/migrations/20160118194630_init.sql">here</a>.</p> + +<p>Now for the next hurdle. Traditionally, migrations work by creating a new migration file and running <code>goose up</code>. Then, <code>goose</code> will compare your database version with the migration files it finds. If there are migrations that need to be applied, it will apply them in order until you are at the current version.</p> + +<p>While the <code>goose up</code> command can work if we control the database, there&rsquo;s simply no way that we can expect our users to install <code>goose</code> and run <code>goose up</code> every time we want to make a database change. Our goal has always been to make the lives of our users easier, so this simply wouldn&rsquo;t work. This meant that we needed to handle the migrations in our code.</p> + +<p>Fortunately for us, the <code>goose</code> CLI wraps a rich library that we can use. We were able to integrate this directly into our <code>Setup()</code> function to apply migrations automatically.</p> + +<p>First, we created the <code>gooose.DBConf</code> struct to hold the configuration (a programmatic copy of our <code>dbconf.yml</code> file).</p> + +<pre><code class="language-golang">// Setup the goose configuration +migrateConf := &amp;goose.DBConf{ + MigrationsDir: config.Conf.MigrationsPath, + Env: &quot;production&quot;, + Driver: goose.DBDriver{ + Name: &quot;sqlite3&quot;, + OpenStr: config.Conf.DBPath, + Import: &quot;github.com/mattn/go-sqlite3&quot;, + Dialect: &amp;goose.Sqlite3Dialect{}, + }, +} +</code></pre> + +<p>Next, we need to figure out the latest database version supported by our migrations. This gives us the final &ldquo;goal&rdquo; migration that we want to upgrade to. We can do this via the function <a href="https://godoc.org/bitbucket.org/liamstask/goose/lib/goose#GetMostRecentDBVersion"><code>goose.GetMostRecentDBVersion</code></a>.</p> + +<pre><code class="language-golang">// Get the latest possible migration +latest, err := goose.GetMostRecentDBVersion(migrateConf.MigrationsDir) +if err != nil { + Logger.Println(err) + return err +} +</code></pre> + +<p>And finally, we need to apply our migrations. <code>Goose</code> has a function called <a href="https://godoc.org/bitbucket.org/liamstask/goose/lib/goose#RunMigrationsOnDb"><code>goose.RunMigrationsOnDb</code></a> which expects an existing <a href="https://golang.org/pkg/database/sql/#DB"><code>sql.DB</code></a> object. Since gophish uses the ORM <a href="https://github.com/jinzhu/gorm"><code>gorm</code></a>, we already had a <code>sql.DB</code> object already initialized that we could use to send to <code>goose</code>. This was stored in the <code>db</code> variable.</p> + +<pre><code class="language-golang">// Migrate up to the latest version +err = goose.RunMigrationsOnDb(migrateConf, migrateConf.MigrationsDir, latest, db.DB()) +if err != nil { + Logger.Println(err) + return err +} +</code></pre> + +<p>That&rsquo;s it! You can find our full <code>Setup()</code> function <a href="https://github.com/gophish/gophish/blob/master/models/models.go#L61">here.</a> To handle any additional migrations, all we need to do is run <code>goose create</code> again, add the SQL that makes up the migration, and push out the new file. The next time clients update gophish and restart the executable, the database migrations will be applied automatically!</p> + +<p>If this kind of stuff is interesting to you, and you want to see a full example of a web app written in Go, check out gophish by clicking below.</p> + +<a href="https://github.com/gophish/gophish" class="btn">Download gophish</a> + + + + + + Announcing gophish v0.1.1 + https://getgophish.com/blog/post/release-0.1.1/ + Mon, 01 Feb 2016 06:00:00 -0600 + + https://getgophish.com/blog/post/release-0.1.1/ + + +<img src="https://getgophish.com/blog/blog/images/gophish_purple.png" alt="" class="pure-img" > + +<p><em>Tl;dr - Download the release <a href="https://github.com/gophish/gophish/releases">here</a></em></p> + +<h3 id="the-wait-is-over:1cea0120cd31cba0f7863bc47631176f"><strong>The wait is over!</strong></h3> + +<p>The gophish team is excited to announce our first public beta version of gophish - version 0.1.1! This blog post will be a short introduction into what gophish is, as well as some of the insanely awesome features we&rsquo;ve created.</p> + +<h3 id="what-is-gophish:1cea0120cd31cba0f7863bc47631176f">What is Gophish?</h3> + +<p>Gophish is a phishing framework that makes the simulation of real-world phishing attacks dead-simple. The idea behind gophish is simple – make industry-grade phishing training available to <em>everyone</em>.</p> + +<p>&ldquo;Available&rdquo; in this case means two things –</p> + +<ul> +<li><strong>Affordable</strong> – Gophish is currently open-source software that is completely free for anyone to use.</li> +<li><strong>Accessible</strong> – Gophish is written in the Go programming language. This has the benefit that gophish releases are compiled binaries with no dependencies. In a nutshell, this makes installation as simple as “download and run”!</li> +</ul> + +<h3 id="time-for-features:1cea0120cd31cba0f7863bc47631176f">Time For Features</h3> + +<p>Ok, ok, enough with the intro. The idea of a phishing simulation platform isn&rsquo;t new. Let&rsquo;s take a look at some of the features that really set gophish apart and make it awesome.</p> + +<h4 id="hosted-on-prem:1cea0120cd31cba0f7863bc47631176f">Hosted On-Prem</h4> + +<p>There are many commercial offerings that provide phishing simulation/training. Unfortunately, these are SaaS solutions that require you to hand over your data to someone else.</p> + +<p>Gophish is different in that it is meant to be hosted in-house. This keeps you data where it belongs - with you.</p> + +<h4 id="download-run:1cea0120cd31cba0f7863bc47631176f">Download -&gt; Run</h4> + +<p>For the few existing in-house solutions that exist, setup can be a <em>huge pain</em> (looking at you, Ruby gems). Your time is too valuable to be spent wrestling with dependencies trying to create the perfect setup that somehow magically allows the program to run.</p> + +<p>Gophish was written in the Go programming language for this exact reason. To install gophish, all you have to do is download the zip file, extract the contents, and run the binary.</p> + +<p>By doing this, you just started two webservers, populated a database, and setup a background worker to handle sending the mails. Now, your time can be spent making campaigns. Easy peasy.</p> + +<h4 id="api-s-for-everything:1cea0120cd31cba0f7863bc47631176f">API&rsquo;s for <em>Everything</em>.</h4> + +<p>Gophish was built with automation first. This means that you can create scripts and clients that automate all the hard work for you. In addition to this, we keep up-to-date <a href="https://getgophish.com/blog/documentation/api/">API docs</a> that describe each API endpoint in detail.</p> + +<h4 id="rock-solid-documentation:1cea0120cd31cba0f7863bc47631176f">Rock-Solid Documentation</h4> + +<p>Speaking of API docs, we take documentation very seriously. We take documentation seriously because we take our user experience seriously. If you can&rsquo;t find what you need to use and troubleshoot gophish, we&rsquo;ve failed. Just take a look at our comprehensive <a href="https://getgophish.com/blog/documentation/Gophish%20User%20Guide.pdf">user guide</a>, <a href="https://getgophish.com/blog/documentation/api/">API documentation</a>, and even <a href="http://godoc.org/github.com/gophish/gophish">fully documented code</a>.</p> + +<p>If you ever find something missing in our documentation, <a href="https://getgophish.com/blog/support">we want to know!</a></p> + +<h4 id="beautiful-ui:1cea0120cd31cba0f7863bc47631176f">Beautiful UI</h4> + +<p>While the API is the core of gophish&rsquo;s functionality, we also provide a gorgeous admin UI. This UI is simply a wrapper on top of the underlying API. Nothing says more than screenshots:</p> + +<p><figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/login.png" alt="" class="blog-image" > + <figcap>Login Screen</figcap> +</figure> + +<figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/new_group.png" alt="" class="blog-image" > + <figcap>Creating a New Group</figcap> +</figure> + +<figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/new_template.png" alt="" class="blog-image" > + <figcap>Creating an Email Template</figcap> +</figure> + +<figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/import_site.png" alt="" class="blog-image" > + <figcap>Importing a Site</figcap> +</figure> + +<figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/campaign_results.png" alt="" class="blog-image" > + <figcap>Viewing Campaign Results</figcap> +</figure> + +<figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/timeline.png" alt="" class="blog-image" > + <figcap>Viewing the Timeline for a Target</figcap> +</figure> +</p> + +<h3 id="take-gophish-for-a-spin:1cea0120cd31cba0f7863bc47631176f">Take Gophish for a Spin!</h3> + +<p>These features only scratch the surface when it comes to what makes gophish great, and we aren&rsquo;t anywhere near done yet. To explore these features for yourself, take gophish for a spin!</p> + +<p>We hope you enjoy gophish and are excited for all the new features that will be released soon! In the meantime, if you ever have any questions, comments, or issues, <a href="https://getgophish.com/blog/support">we want to hear from you</a>!</p> + +<p>-The Gophish Team</p> + +<p><a href="https://github.com/gophish/gophish/releases" class="btn">Download gophish</a> +</p> + + + Introducing gophish https://getgophish.com/blog/post/hello-world/ diff --git a/blog/post/database-migrations-in-go/index.html b/blog/post/database-migrations-in-go/index.html new file mode 100644 index 00000000..a1fe0f3c --- /dev/null +++ b/blog/post/database-migrations-in-go/index.html @@ -0,0 +1,227 @@ + + + + + + Handling Database Migrations in Go · Gophish - Blog + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + +
+
+ +
+

01 Feb 2016, 07:00

+
+
+ + Handling Database Migrations in Go + + +
+ +
+ + +

Why You Should Version Your Database

+ +
+

“I got my database schema correct on the first try.”

+ +

-No one ever.

+
+ +

Like most big projects, gophish needed a way to automatically manage changes to our database schema. As new features were being added, we found ourselves in a situation that required us to add or modify columns and tables to store the new data.

+ +

In a hosted environment, this is no problem since we control the database and can make schema changes as we see fit. Gophish is different, in that it is software intentionally designed to run on the client’s machine. This means that as we rollout updates to gophish’s backend database, we need a way to easily update (or rollback!) changes to the database structure. A versioning system is a perfect fit, which introduces the idea of migrations.

+ +

What is a Migration?

+ +

A migration is nothing more than a set of SQL commands to make changes to a database. Every migration typically has two parts: how to apply the changes you want, and how to roll them back.

+ +

To version control our database, we can create a folder holding multiple migration files. Each file will have an identifier so we know which migration should be applied and in which order. Then, we can store which version our database is currently at in the database itself so if we ever add migrations in the future, we can tell where we left off.

+ +

There are tools that can automate this process for us. We settled on a well-known database migration tool called goose.

+ +

Introduction to goose

+ +

We chose to go with goose since it seemed like a mature, fully-featured solution that would be easily integrated into our code. Goose typically works through the use of its command line tool aptly named goose.

+ +

To set things up, we first need to create the following folder structure:

+ +
| db/
+| | migrations/
+| `-dbconf.yml
+
+ +

Our migrations will be stored in the migrations folder as a series of SQL files. Before we can create migrations, we have to specify the configuration for goose to use. This is found in the dbconf.yml file. In our case, we used the following configuration:

+ +
production:
+    driver: sqlite3 
+    open: gophish.db
+    dialect: sqlite3
+    import: github.com/mattn/go-sqlite3
+
+ +

This configuration specifies a single environment, production, that manages a SQLite database.

+ +

Now that we have created our configuration file, we can start making our migrations. Unfortunately, this is where the hurdles began.

+ +

A Little About Gophish

+ +

Normally, migrations are something that is considered early on in the database creation process. Unfortunately, our schema was already defined and we had clients already running gophish. So, we needed to orchestrate goose in such a way that we could create and apply our migrations without messing up any data that was already in the client’s databases.

+ +

The first step was creating the migrations. To handle this, we first created an empty migration file using the following:

+ +
goose -env production create 0.1.2_browser_post sql
+goose: created ~\go\src\github.com\gophish\gophish\db\migrations\20160130184410_0.1.2_browser_post.sql
+
+ +

This command created a new empty SQL file in our migrations folder that looks like this:

+ +
-- +goose Up
+-- SQL in section 'Up' is executed when this migration is applied
+
+
+-- +goose Down
+-- SQL section 'Down' is executed when this migration is rolled back
+
+ +

For our first migration, we decided to baseline our schema to the current version. To do this, we simply exported our existing schema using the sqlite3 tool. That gave us all of our CREATE TABLE statements that setup our tables and default data. We then copy/pasted those statements below the -- +goose Up section of the migrations.

+ +

The one change we made was to add IF NOT EXISTS to all of our table creation statements. This meant that if the client already had a database setup, this migration would be applied, but no changes would be made - exactly what we want.

+ +

The final step to create this migration was to add the rollback statements. Since this was creating the database, DROP TABLE equivalent statements worked just fine. You can see our final migration file here.

+ +

Now for the next hurdle. Traditionally, migrations work by creating a new migration file and running goose up. Then, goose will compare your database version with the migration files it finds. If there are migrations that need to be applied, it will apply them in order until you are at the current version.

+ +

While the goose up command can work if we control the database, there’s simply no way that we can expect our users to install goose and run goose up every time we want to make a database change. Our goal has always been to make the lives of our users easier, so this simply wouldn’t work. This meant that we needed to handle the migrations in our code.

+ +

Fortunately for us, the goose CLI wraps a rich library that we can use. We were able to integrate this directly into our Setup() function to apply migrations automatically.

+ +

First, we created the gooose.DBConf struct to hold the configuration (a programmatic copy of our dbconf.yml file).

+ +
// Setup the goose configuration
+migrateConf := &goose.DBConf{
+	MigrationsDir: config.Conf.MigrationsPath,
+	Env:           "production",
+	Driver: goose.DBDriver{
+		Name:    "sqlite3",
+		OpenStr: config.Conf.DBPath,
+		Import:  "github.com/mattn/go-sqlite3",
+		Dialect: &goose.Sqlite3Dialect{},
+	},
+}
+
+ +

Next, we need to figure out the latest database version supported by our migrations. This gives us the final “goal” migration that we want to upgrade to. We can do this via the function goose.GetMostRecentDBVersion.

+ +
// Get the latest possible migration
+latest, err := goose.GetMostRecentDBVersion(migrateConf.MigrationsDir)
+if err != nil {
+	Logger.Println(err)
+	return err
+}
+
+ +

And finally, we need to apply our migrations. Goose has a function called goose.RunMigrationsOnDb which expects an existing sql.DB object. Since gophish uses the ORM gorm, we already had a sql.DB object already initialized that we could use to send to goose. This was stored in the db variable.

+ +
// Migrate up to the latest version
+err = goose.RunMigrationsOnDb(migrateConf, migrateConf.MigrationsDir, latest, db.DB())
+if err != nil {
+	Logger.Println(err)
+	return err
+}
+
+ +

That’s it! You can find our full Setup() function here. To handle any additional migrations, all we need to do is run goose create again, add the SQL that makes up the migration, and push out the new file. The next time clients update gophish and restart the executable, the database migrations will be applied automatically!

+ +

If this kind of stuff is interesting to you, and you want to see a full example of a web app written in Go, check out gophish by clicking below.

+ +Download gophish + + +
+ +
+
+ + +
+
+
+ + + + + + diff --git a/blog/post/index.html b/blog/post/index.html index 9ccb9403..de3f47bb 100644 --- a/blog/post/index.html +++ b/blog/post/index.html @@ -63,6 +63,253 @@
+

01 Feb 2016, 07:00

+
+
+ + Handling Database Migrations in Go + + +
+ +
+ + +

Why You Should Version Your Database

+ +
+

“I got my database schema correct on the first try.”

+ +

-No one ever.

+
+ +

Like most big projects, gophish needed a way to automatically manage changes to our database schema. As new features were being added, we found ourselves in a situation that required us to add or modify columns and tables to store the new data.

+ +

In a hosted environment, this is no problem since we control the database and can make schema changes as we see fit. Gophish is different, in that it is software intentionally designed to run on the client’s machine. This means that as we rollout updates to gophish’s backend database, we need a way to easily update (or rollback!) changes to the database structure. A versioning system is a perfect fit, which introduces the idea of migrations.

+ +

What is a Migration?

+ +

A migration is nothing more than a set of SQL commands to make changes to a database. Every migration typically has two parts: how to apply the changes you want, and how to roll them back.

+ +

To version control our database, we can create a folder holding multiple migration files. Each file will have an identifier so we know which migration should be applied and in which order. Then, we can store which version our database is currently at in the database itself so if we ever add migrations in the future, we can tell where we left off.

+ +

There are tools that can automate this process for us. We settled on a well-known database migration tool called goose.

+ +

Introduction to goose

+ +

We chose to go with goose since it seemed like a mature, fully-featured solution that would be easily integrated into our code. Goose typically works through the use of its command line tool aptly named goose.

+ +

To set things up, we first need to create the following folder structure:

+ +
| db/
+| | migrations/
+| `-dbconf.yml
+
+ +

Our migrations will be stored in the migrations folder as a series of SQL files. Before we can create migrations, we have to specify the configuration for goose to use. This is found in the dbconf.yml file. In our case, we used the following configuration:

+ +
production:
+    driver: sqlite3 
+    open: gophish.db
+    dialect: sqlite3
+    import: github.com/mattn/go-sqlite3
+
+ +

This configuration specifies a single environment, production, that manages a SQLite database.

+ +

Now that we have created our configuration file, we can start making our migrations. Unfortunately, this is where the hurdles began.

+ +

A Little About Gophish

+ +

Normally, migrations are something that is considered early on in the database creation process. Unfortunately, our schema was already defined and we had clients already running gophish. So, we needed to orchestrate goose in such a way that we could create and apply our migrations without messing up any data that was already in the client’s databases.

+ +

The first step was creating the migrations. To handle this, we first created an empty migration file using the following:

+ +
goose -env production create 0.1.2_browser_post sql
+goose: created ~\go\src\github.com\gophish\gophish\db\migrations\20160130184410_0.1.2_browser_post.sql
+
+ +

This command created a new empty SQL file in our migrations folder that looks like this:

+ +
-- +goose Up
+-- SQL in section 'Up' is executed when this migration is applied
+
+
+-- +goose Down
+-- SQL section 'Down' is executed when this migration is rolled back
+
+ +

For our first migration, we decided to baseline our schema to the current version. To do this, we simply exported our existing schema using the sqlite3 tool. That gave us all of our CREATE TABLE statements that setup our tables and default data. We then copy/pasted those statements below the -- +goose Up section of the migrations.

+ +

The one change we made was to add IF NOT EXISTS to all of our table creation statements. This meant that if the client already had a database setup, this migration would be applied, but no changes would be made - exactly what we want.

+ +

The final step to create this migration was to add the rollback statements. Since this was creating the database, DROP TABLE equivalent statements worked just fine. You can see our final migration file here.

+ +

Now for the next hurdle. Traditionally, migrations work by creating a new migration file and running goose up. Then, goose will compare your database version with the migration files it finds. If there are migrations that need to be applied, it will apply them in order until you are at the current version.

+ +

While the goose up command can work if we control the database, there’s simply no way that we can expect our users to install goose and run goose up every time we want to make a database change. Our goal has always been to make the lives of our users easier, so this simply wouldn’t work. This meant that we needed to handle the migrations in our code.

+ +

Fortunately for us, the goose CLI wraps a rich library that we can use. We were able to integrate this directly into our Setup() function to apply migrations automatically.

+ +

First, we created the gooose.DBConf struct to hold the configuration (a programmatic copy of our dbconf.yml file).

+ +
// Setup the goose configuration
+migrateConf := &goose.DBConf{
+	MigrationsDir: config.Conf.MigrationsPath,
+	Env:           "production",
+	Driver: goose.DBDriver{
+		Name:    "sqlite3",
+		OpenStr: config.Conf.DBPath,
+		Import:  "github.com/mattn/go-sqlite3",
+		Dialect: &goose.Sqlite3Dialect{},
+	},
+}
+
+ +

Next, we need to figure out the latest database version supported by our migrations. This gives us the final “goal” migration that we want to upgrade to. We can do this via the function goose.GetMostRecentDBVersion.

+ +
// Get the latest possible migration
+latest, err := goose.GetMostRecentDBVersion(migrateConf.MigrationsDir)
+if err != nil {
+	Logger.Println(err)
+	return err
+}
+
+ +

And finally, we need to apply our migrations. Goose has a function called goose.RunMigrationsOnDb which expects an existing sql.DB object. Since gophish uses the ORM gorm, we already had a sql.DB object already initialized that we could use to send to goose. This was stored in the db variable.

+ +
// Migrate up to the latest version
+err = goose.RunMigrationsOnDb(migrateConf, migrateConf.MigrationsDir, latest, db.DB())
+if err != nil {
+	Logger.Println(err)
+	return err
+}
+
+ +

That’s it! You can find our full Setup() function here. To handle any additional migrations, all we need to do is run goose create again, add the SQL that makes up the migration, and push out the new file. The next time clients update gophish and restart the executable, the database migrations will be applied automatically!

+ +

If this kind of stuff is interesting to you, and you want to see a full example of a web app written in Go, check out gophish by clicking below.

+ +Download gophish + + +
+
+ +

01 Feb 2016, 06:00

+
+
+ + Announcing gophish v0.1.1 + + +
+ +
+ + + + +

Tl;dr - Download the release here

+ +

The wait is over!

+ +

The gophish team is excited to announce our first public beta version of gophish - version 0.1.1! This blog post will be a short introduction into what gophish is, as well as some of the insanely awesome features we’ve created.

+ +

What is Gophish?

+ +

Gophish is a phishing framework that makes the simulation of real-world phishing attacks dead-simple. The idea behind gophish is simple – make industry-grade phishing training available to everyone.

+ +

“Available” in this case means two things –

+ +
    +
  • Affordable – Gophish is currently open-source software that is completely free for anyone to use.
  • +
  • Accessible – Gophish is written in the Go programming language. This has the benefit that gophish releases are compiled binaries with no dependencies. In a nutshell, this makes installation as simple as “download and run”!
  • +
+ +

Time For Features

+ +

Ok, ok, enough with the intro. The idea of a phishing simulation platform isn’t new. Let’s take a look at some of the features that really set gophish apart and make it awesome.

+ +

Hosted On-Prem

+ +

There are many commercial offerings that provide phishing simulation/training. Unfortunately, these are SaaS solutions that require you to hand over your data to someone else.

+ +

Gophish is different in that it is meant to be hosted in-house. This keeps you data where it belongs - with you.

+ +

Download -> Run

+ +

For the few existing in-house solutions that exist, setup can be a huge pain (looking at you, Ruby gems). Your time is too valuable to be spent wrestling with dependencies trying to create the perfect setup that somehow magically allows the program to run.

+ +

Gophish was written in the Go programming language for this exact reason. To install gophish, all you have to do is download the zip file, extract the contents, and run the binary.

+ +

By doing this, you just started two webservers, populated a database, and setup a background worker to handle sending the mails. Now, your time can be spent making campaigns. Easy peasy.

+ +

API’s for Everything.

+ +

Gophish was built with automation first. This means that you can create scripts and clients that automate all the hard work for you. In addition to this, we keep up-to-date API docs that describe each API endpoint in detail.

+ +

Rock-Solid Documentation

+ +

Speaking of API docs, we take documentation very seriously. We take documentation seriously because we take our user experience seriously. If you can’t find what you need to use and troubleshoot gophish, we’ve failed. Just take a look at our comprehensive user guide, API documentation, and even fully documented code.

+ +

If you ever find something missing in our documentation, we want to know!

+ +

Beautiful UI

+ +

While the API is the core of gophish’s functionality, we also provide a gorgeous admin UI. This UI is simply a wrapper on top of the underlying API. Nothing says more than screenshots:

+ +

+ + Login Screen +
+ +
+ + Creating a New Group +
+ +
+ + Creating an Email Template +
+ +
+ + Importing a Site +
+ +
+ + Viewing Campaign Results +
+ +
+ + Viewing the Timeline for a Target +
+

+ +

Take Gophish for a Spin!

+ +

These features only scratch the surface when it comes to what makes gophish great, and we aren’t anywhere near done yet. To explore these features for yourself, take gophish for a spin!

+ +

We hope you enjoy gophish and are excited for all the new features that will be released soon! In the meantime, if you ever have any questions, comments, or issues, we want to hear from you!

+ +

-The Gophish Team

+ +

Download gophish +

+ +
+
+

07 Jan 2016, 22:05

diff --git a/blog/post/index.xml b/blog/post/index.xml index ab8ab8b0..e305e89a 100644 --- a/blog/post/index.xml +++ b/blog/post/index.xml @@ -6,9 +6,240 @@ Recent content in Posts on Gophish - Blog Hugo -- gohugo.io en-us - Thu, 07 Jan 2016 22:05:58 -0600 + Mon, 01 Feb 2016 07:00:00 -0600 + + Handling Database Migrations in Go + https://getgophish.com/blog/post/database-migrations-in-go/ + Mon, 01 Feb 2016 07:00:00 -0600 + + https://getgophish.com/blog/post/database-migrations-in-go/ + + +<h3 id="why-you-should-version-your-database:664f01dc60472cd080b34187311f6c6f">Why You Should Version Your Database</h3> + +<blockquote> +<p>&ldquo;I got my database schema correct on the first try.&rdquo;</p> + +<p>-No one ever.</p> +</blockquote> + +<p>Like most big projects, gophish needed a way to automatically manage changes to our database schema. As new features were being added, we found ourselves in a situation that required us to add or modify columns and tables to store the new data.</p> + +<p>In a hosted environment, this is no problem since we control the database and can make schema changes as we see fit. Gophish is different, in that it is software intentionally designed to run on the client&rsquo;s machine. This means that as we rollout updates to gophish&rsquo;s backend database, we need a way to easily update (or rollback!) changes to the database structure. A versioning system is a perfect fit, which introduces the idea of migrations.</p> + +<h4 id="what-is-a-migration:664f01dc60472cd080b34187311f6c6f">What is a <em>Migration</em>?</h4> + +<p>A migration is nothing more than a set of SQL commands to make changes to a database. Every migration typically has two parts: how to apply the changes you want, and how to roll them back.</p> + +<p>To version control our database, we can create a folder holding multiple migration files. Each file will have an identifier so we know which migration should be applied and in which order. Then, we can store which version our database is currently at in the database itself so if we ever add migrations in the future, we can tell where we left off.</p> + +<p>There are tools that can automate this process for us. We settled on a well-known database migration tool called <a href="https://bitbucket.org/liamstask/goose/"><code>goose</code></a>.</p> + +<h3 id="introduction-to-goose:664f01dc60472cd080b34187311f6c6f">Introduction to <code>goose</code></h3> + +<p>We chose to go with <a href="https://bitbucket.org/liamstask/goose/"><code>goose</code></a> since it seemed like a mature, fully-featured solution that would be easily integrated into our code. Goose typically works through the use of its command line tool aptly named <code>goose</code>.</p> + +<p>To set things up, we first need to create the following folder structure:</p> + +<pre><code>| db/ +| | migrations/ +| `-dbconf.yml +</code></pre> + +<p>Our migrations will be stored in the <code>migrations</code> folder as a series of SQL files. Before we can create migrations, we have to specify the configuration for <code>goose</code> to use. This is found in the <code>dbconf.yml</code> file. In our case, we used the following configuration:</p> + +<pre><code>production: + driver: sqlite3 + open: gophish.db + dialect: sqlite3 + import: github.com/mattn/go-sqlite3 +</code></pre> + +<p>This configuration specifies a single environment, <code>production</code>, that manages a SQLite database.</p> + +<p>Now that we have created our configuration file, we can start making our migrations. Unfortunately, this is where the hurdles began.</p> + +<h3 id="a-little-about-gophish:664f01dc60472cd080b34187311f6c6f">A Little About Gophish</h3> + +<p>Normally, migrations are something that is considered early on in the database creation process. Unfortunately, our schema was already defined and we had clients already running gophish. So, we needed to orchestrate <code>goose</code> in such a way that we could create and apply our migrations without messing up any data that was already in the client&rsquo;s databases.</p> + +<p>The first step was creating the migrations. To handle this, we first created an empty migration file using the following:</p> + +<pre><code>goose -env production create 0.1.2_browser_post sql +goose: created ~\go\src\github.com\gophish\gophish\db\migrations\20160130184410_0.1.2_browser_post.sql +</code></pre> + +<p>This command created a new empty SQL file in our migrations folder that looks like this:</p> + +<pre><code>-- +goose Up +-- SQL in section 'Up' is executed when this migration is applied + + +-- +goose Down +-- SQL section 'Down' is executed when this migration is rolled back +</code></pre> + +<p>For our first migration, we decided to baseline our schema to the current version. To do this, we simply exported our existing schema using the sqlite3 tool. That gave us all of our <code>CREATE TABLE</code> statements that setup our tables and default data. We then copy/pasted those statements below the <code>-- +goose Up</code> section of the migrations.</p> + +<p>The one change we made was to add <code>IF NOT EXISTS</code> to all of our table creation statements. This meant that if the client already had a database setup, this migration would be applied, but no changes would be made - exactly what we want.</p> + +<p>The final step to create this migration was to add the rollback statements. Since this was creating the database, <code>DROP TABLE</code> equivalent statements worked just fine. You can see our final migration file <a href="https://raw.githubusercontent.com/gophish/gophish/master/db/migrations/20160118194630_init.sql">here</a>.</p> + +<p>Now for the next hurdle. Traditionally, migrations work by creating a new migration file and running <code>goose up</code>. Then, <code>goose</code> will compare your database version with the migration files it finds. If there are migrations that need to be applied, it will apply them in order until you are at the current version.</p> + +<p>While the <code>goose up</code> command can work if we control the database, there&rsquo;s simply no way that we can expect our users to install <code>goose</code> and run <code>goose up</code> every time we want to make a database change. Our goal has always been to make the lives of our users easier, so this simply wouldn&rsquo;t work. This meant that we needed to handle the migrations in our code.</p> + +<p>Fortunately for us, the <code>goose</code> CLI wraps a rich library that we can use. We were able to integrate this directly into our <code>Setup()</code> function to apply migrations automatically.</p> + +<p>First, we created the <code>gooose.DBConf</code> struct to hold the configuration (a programmatic copy of our <code>dbconf.yml</code> file).</p> + +<pre><code class="language-golang">// Setup the goose configuration +migrateConf := &amp;goose.DBConf{ + MigrationsDir: config.Conf.MigrationsPath, + Env: &quot;production&quot;, + Driver: goose.DBDriver{ + Name: &quot;sqlite3&quot;, + OpenStr: config.Conf.DBPath, + Import: &quot;github.com/mattn/go-sqlite3&quot;, + Dialect: &amp;goose.Sqlite3Dialect{}, + }, +} +</code></pre> + +<p>Next, we need to figure out the latest database version supported by our migrations. This gives us the final &ldquo;goal&rdquo; migration that we want to upgrade to. We can do this via the function <a href="https://godoc.org/bitbucket.org/liamstask/goose/lib/goose#GetMostRecentDBVersion"><code>goose.GetMostRecentDBVersion</code></a>.</p> + +<pre><code class="language-golang">// Get the latest possible migration +latest, err := goose.GetMostRecentDBVersion(migrateConf.MigrationsDir) +if err != nil { + Logger.Println(err) + return err +} +</code></pre> + +<p>And finally, we need to apply our migrations. <code>Goose</code> has a function called <a href="https://godoc.org/bitbucket.org/liamstask/goose/lib/goose#RunMigrationsOnDb"><code>goose.RunMigrationsOnDb</code></a> which expects an existing <a href="https://golang.org/pkg/database/sql/#DB"><code>sql.DB</code></a> object. Since gophish uses the ORM <a href="https://github.com/jinzhu/gorm"><code>gorm</code></a>, we already had a <code>sql.DB</code> object already initialized that we could use to send to <code>goose</code>. This was stored in the <code>db</code> variable.</p> + +<pre><code class="language-golang">// Migrate up to the latest version +err = goose.RunMigrationsOnDb(migrateConf, migrateConf.MigrationsDir, latest, db.DB()) +if err != nil { + Logger.Println(err) + return err +} +</code></pre> + +<p>That&rsquo;s it! You can find our full <code>Setup()</code> function <a href="https://github.com/gophish/gophish/blob/master/models/models.go#L61">here.</a> To handle any additional migrations, all we need to do is run <code>goose create</code> again, add the SQL that makes up the migration, and push out the new file. The next time clients update gophish and restart the executable, the database migrations will be applied automatically!</p> + +<p>If this kind of stuff is interesting to you, and you want to see a full example of a web app written in Go, check out gophish by clicking below.</p> + +<a href="https://github.com/gophish/gophish" class="btn">Download gophish</a> + + + + + + Announcing gophish v0.1.1 + https://getgophish.com/blog/post/release-0.1.1/ + Mon, 01 Feb 2016 06:00:00 -0600 + + https://getgophish.com/blog/post/release-0.1.1/ + + +<img src="https://getgophish.com/blog/blog/images/gophish_purple.png" alt="" class="pure-img" > + +<p><em>Tl;dr - Download the release <a href="https://github.com/gophish/gophish/releases">here</a></em></p> + +<h3 id="the-wait-is-over:1cea0120cd31cba0f7863bc47631176f"><strong>The wait is over!</strong></h3> + +<p>The gophish team is excited to announce our first public beta version of gophish - version 0.1.1! This blog post will be a short introduction into what gophish is, as well as some of the insanely awesome features we&rsquo;ve created.</p> + +<h3 id="what-is-gophish:1cea0120cd31cba0f7863bc47631176f">What is Gophish?</h3> + +<p>Gophish is a phishing framework that makes the simulation of real-world phishing attacks dead-simple. The idea behind gophish is simple – make industry-grade phishing training available to <em>everyone</em>.</p> + +<p>&ldquo;Available&rdquo; in this case means two things –</p> + +<ul> +<li><strong>Affordable</strong> – Gophish is currently open-source software that is completely free for anyone to use.</li> +<li><strong>Accessible</strong> – Gophish is written in the Go programming language. This has the benefit that gophish releases are compiled binaries with no dependencies. In a nutshell, this makes installation as simple as “download and run”!</li> +</ul> + +<h3 id="time-for-features:1cea0120cd31cba0f7863bc47631176f">Time For Features</h3> + +<p>Ok, ok, enough with the intro. The idea of a phishing simulation platform isn&rsquo;t new. Let&rsquo;s take a look at some of the features that really set gophish apart and make it awesome.</p> + +<h4 id="hosted-on-prem:1cea0120cd31cba0f7863bc47631176f">Hosted On-Prem</h4> + +<p>There are many commercial offerings that provide phishing simulation/training. Unfortunately, these are SaaS solutions that require you to hand over your data to someone else.</p> + +<p>Gophish is different in that it is meant to be hosted in-house. This keeps you data where it belongs - with you.</p> + +<h4 id="download-run:1cea0120cd31cba0f7863bc47631176f">Download -&gt; Run</h4> + +<p>For the few existing in-house solutions that exist, setup can be a <em>huge pain</em> (looking at you, Ruby gems). Your time is too valuable to be spent wrestling with dependencies trying to create the perfect setup that somehow magically allows the program to run.</p> + +<p>Gophish was written in the Go programming language for this exact reason. To install gophish, all you have to do is download the zip file, extract the contents, and run the binary.</p> + +<p>By doing this, you just started two webservers, populated a database, and setup a background worker to handle sending the mails. Now, your time can be spent making campaigns. Easy peasy.</p> + +<h4 id="api-s-for-everything:1cea0120cd31cba0f7863bc47631176f">API&rsquo;s for <em>Everything</em>.</h4> + +<p>Gophish was built with automation first. This means that you can create scripts and clients that automate all the hard work for you. In addition to this, we keep up-to-date <a href="https://getgophish.com/blog/documentation/api/">API docs</a> that describe each API endpoint in detail.</p> + +<h4 id="rock-solid-documentation:1cea0120cd31cba0f7863bc47631176f">Rock-Solid Documentation</h4> + +<p>Speaking of API docs, we take documentation very seriously. We take documentation seriously because we take our user experience seriously. If you can&rsquo;t find what you need to use and troubleshoot gophish, we&rsquo;ve failed. Just take a look at our comprehensive <a href="https://getgophish.com/blog/documentation/Gophish%20User%20Guide.pdf">user guide</a>, <a href="https://getgophish.com/blog/documentation/api/">API documentation</a>, and even <a href="http://godoc.org/github.com/gophish/gophish">fully documented code</a>.</p> + +<p>If you ever find something missing in our documentation, <a href="https://getgophish.com/blog/support">we want to know!</a></p> + +<h4 id="beautiful-ui:1cea0120cd31cba0f7863bc47631176f">Beautiful UI</h4> + +<p>While the API is the core of gophish&rsquo;s functionality, we also provide a gorgeous admin UI. This UI is simply a wrapper on top of the underlying API. Nothing says more than screenshots:</p> + +<p><figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/login.png" alt="" class="blog-image" > + <figcap>Login Screen</figcap> +</figure> + +<figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/new_group.png" alt="" class="blog-image" > + <figcap>Creating a New Group</figcap> +</figure> + +<figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/new_template.png" alt="" class="blog-image" > + <figcap>Creating an Email Template</figcap> +</figure> + +<figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/import_site.png" alt="" class="blog-image" > + <figcap>Importing a Site</figcap> +</figure> + +<figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/campaign_results.png" alt="" class="blog-image" > + <figcap>Viewing Campaign Results</figcap> +</figure> + +<figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/timeline.png" alt="" class="blog-image" > + <figcap>Viewing the Timeline for a Target</figcap> +</figure> +</p> + +<h3 id="take-gophish-for-a-spin:1cea0120cd31cba0f7863bc47631176f">Take Gophish for a Spin!</h3> + +<p>These features only scratch the surface when it comes to what makes gophish great, and we aren&rsquo;t anywhere near done yet. To explore these features for yourself, take gophish for a spin!</p> + +<p>We hope you enjoy gophish and are excited for all the new features that will be released soon! In the meantime, if you ever have any questions, comments, or issues, <a href="https://getgophish.com/blog/support">we want to hear from you</a>!</p> + +<p>-The Gophish Team</p> + +<p><a href="https://github.com/gophish/gophish/releases" class="btn">Download gophish</a> +</p> + + + Introducing gophish https://getgophish.com/blog/post/hello-world/ diff --git a/blog/post/release-0.1.1/index.html b/blog/post/release-0.1.1/index.html new file mode 100644 index 00000000..8669fc64 --- /dev/null +++ b/blog/post/release-0.1.1/index.html @@ -0,0 +1,202 @@ + + + + + + Announcing gophish v0.1.1 · Gophish - Blog + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + +
+
+ +
+

01 Feb 2016, 06:00

+
+
+ + Announcing gophish v0.1.1 + + +
+ +
+ + + + +

Tl;dr - Download the release here

+ +

The wait is over!

+ +

The gophish team is excited to announce our first public beta version of gophish - version 0.1.1! This blog post will be a short introduction into what gophish is, as well as some of the insanely awesome features we’ve created.

+ +

What is Gophish?

+ +

Gophish is a phishing framework that makes the simulation of real-world phishing attacks dead-simple. The idea behind gophish is simple – make industry-grade phishing training available to everyone.

+ +

“Available” in this case means two things –

+ +
    +
  • Affordable – Gophish is currently open-source software that is completely free for anyone to use.
  • +
  • Accessible – Gophish is written in the Go programming language. This has the benefit that gophish releases are compiled binaries with no dependencies. In a nutshell, this makes installation as simple as “download and run”!
  • +
+ +

Time For Features

+ +

Ok, ok, enough with the intro. The idea of a phishing simulation platform isn’t new. Let’s take a look at some of the features that really set gophish apart and make it awesome.

+ +

Hosted On-Prem

+ +

There are many commercial offerings that provide phishing simulation/training. Unfortunately, these are SaaS solutions that require you to hand over your data to someone else.

+ +

Gophish is different in that it is meant to be hosted in-house. This keeps you data where it belongs - with you.

+ +

Download -> Run

+ +

For the few existing in-house solutions that exist, setup can be a huge pain (looking at you, Ruby gems). Your time is too valuable to be spent wrestling with dependencies trying to create the perfect setup that somehow magically allows the program to run.

+ +

Gophish was written in the Go programming language for this exact reason. To install gophish, all you have to do is download the zip file, extract the contents, and run the binary.

+ +

By doing this, you just started two webservers, populated a database, and setup a background worker to handle sending the mails. Now, your time can be spent making campaigns. Easy peasy.

+ +

API’s for Everything.

+ +

Gophish was built with automation first. This means that you can create scripts and clients that automate all the hard work for you. In addition to this, we keep up-to-date API docs that describe each API endpoint in detail.

+ +

Rock-Solid Documentation

+ +

Speaking of API docs, we take documentation very seriously. We take documentation seriously because we take our user experience seriously. If you can’t find what you need to use and troubleshoot gophish, we’ve failed. Just take a look at our comprehensive user guide, API documentation, and even fully documented code.

+ +

If you ever find something missing in our documentation, we want to know!

+ +

Beautiful UI

+ +

While the API is the core of gophish’s functionality, we also provide a gorgeous admin UI. This UI is simply a wrapper on top of the underlying API. Nothing says more than screenshots:

+ +

+ + Login Screen +
+ +
+ + Creating a New Group +
+ +
+ + Creating an Email Template +
+ +
+ + Importing a Site +
+ +
+ + Viewing Campaign Results +
+ +
+ + Viewing the Timeline for a Target +
+

+ +

Take Gophish for a Spin!

+ +

These features only scratch the surface when it comes to what makes gophish great, and we aren’t anywhere near done yet. To explore these features for yourself, take gophish for a spin!

+ +

We hope you enjoy gophish and are excited for all the new features that will be released soon! In the meantime, if you ever have any questions, comments, or issues, we want to hear from you!

+ +

-The Gophish Team

+ +

Download gophish +

+ +
+ +
+
+ + +
+
+
+ + + + + + diff --git a/blog/screenshots/campaign_results.png b/blog/screenshots/campaign_results.png new file mode 100644 index 00000000..5af93be0 Binary files /dev/null and b/blog/screenshots/campaign_results.png differ diff --git a/blog/screenshots/import_site.png b/blog/screenshots/import_site.png new file mode 100644 index 00000000..365c86af Binary files /dev/null and b/blog/screenshots/import_site.png differ diff --git a/blog/screenshots/login.png b/blog/screenshots/login.png new file mode 100644 index 00000000..f3f79534 Binary files /dev/null and b/blog/screenshots/login.png differ diff --git a/blog/screenshots/new_group.png b/blog/screenshots/new_group.png new file mode 100644 index 00000000..3186cf2c Binary files /dev/null and b/blog/screenshots/new_group.png differ diff --git a/blog/screenshots/new_template.png b/blog/screenshots/new_template.png new file mode 100644 index 00000000..942aca62 Binary files /dev/null and b/blog/screenshots/new_template.png differ diff --git a/blog/screenshots/timeline.png b/blog/screenshots/timeline.png new file mode 100644 index 00000000..68e3c9de Binary files /dev/null and b/blog/screenshots/timeline.png differ diff --git a/blog/sitemap.xml b/blog/sitemap.xml index 091d0de4..22395ad3 100644 --- a/blog/sitemap.xml +++ b/blog/sitemap.xml @@ -3,10 +3,20 @@ https://getgophish.com/blog/ - 2016-01-07T22:05:58-06:00 + 2016-02-01T07:00:00-06:00 0 + + https://getgophish.com/blog/post/database-migrations-in-go/ + 2016-02-01T07:00:00-06:00 + + + + https://getgophish.com/blog/post/release-0.1.1/ + 2016-02-01T06:00:00-06:00 + + https://getgophish.com/blog/post/hello-world/ 2016-01-07T22:05:58-06:00 diff --git a/blog/tags/engineering/index.html b/blog/tags/engineering/index.html new file mode 100644 index 00000000..279a7701 --- /dev/null +++ b/blog/tags/engineering/index.html @@ -0,0 +1,229 @@ + + + + + + Engineering · Gophish - Blog + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + +
+
+ +
+ +

01 Feb 2016, 07:00

+
+
+ + Handling Database Migrations in Go + + +
+ +
+ + +

Why You Should Version Your Database

+ +
+

“I got my database schema correct on the first try.”

+ +

-No one ever.

+
+ +

Like most big projects, gophish needed a way to automatically manage changes to our database schema. As new features were being added, we found ourselves in a situation that required us to add or modify columns and tables to store the new data.

+ +

In a hosted environment, this is no problem since we control the database and can make schema changes as we see fit. Gophish is different, in that it is software intentionally designed to run on the client’s machine. This means that as we rollout updates to gophish’s backend database, we need a way to easily update (or rollback!) changes to the database structure. A versioning system is a perfect fit, which introduces the idea of migrations.

+ +

What is a Migration?

+ +

A migration is nothing more than a set of SQL commands to make changes to a database. Every migration typically has two parts: how to apply the changes you want, and how to roll them back.

+ +

To version control our database, we can create a folder holding multiple migration files. Each file will have an identifier so we know which migration should be applied and in which order. Then, we can store which version our database is currently at in the database itself so if we ever add migrations in the future, we can tell where we left off.

+ +

There are tools that can automate this process for us. We settled on a well-known database migration tool called goose.

+ +

Introduction to goose

+ +

We chose to go with goose since it seemed like a mature, fully-featured solution that would be easily integrated into our code. Goose typically works through the use of its command line tool aptly named goose.

+ +

To set things up, we first need to create the following folder structure:

+ +
| db/
+| | migrations/
+| `-dbconf.yml
+
+ +

Our migrations will be stored in the migrations folder as a series of SQL files. Before we can create migrations, we have to specify the configuration for goose to use. This is found in the dbconf.yml file. In our case, we used the following configuration:

+ +
production:
+    driver: sqlite3 
+    open: gophish.db
+    dialect: sqlite3
+    import: github.com/mattn/go-sqlite3
+
+ +

This configuration specifies a single environment, production, that manages a SQLite database.

+ +

Now that we have created our configuration file, we can start making our migrations. Unfortunately, this is where the hurdles began.

+ +

A Little About Gophish

+ +

Normally, migrations are something that is considered early on in the database creation process. Unfortunately, our schema was already defined and we had clients already running gophish. So, we needed to orchestrate goose in such a way that we could create and apply our migrations without messing up any data that was already in the client’s databases.

+ +

The first step was creating the migrations. To handle this, we first created an empty migration file using the following:

+ +
goose -env production create 0.1.2_browser_post sql
+goose: created ~\go\src\github.com\gophish\gophish\db\migrations\20160130184410_0.1.2_browser_post.sql
+
+ +

This command created a new empty SQL file in our migrations folder that looks like this:

+ +
-- +goose Up
+-- SQL in section 'Up' is executed when this migration is applied
+
+
+-- +goose Down
+-- SQL section 'Down' is executed when this migration is rolled back
+
+ +

For our first migration, we decided to baseline our schema to the current version. To do this, we simply exported our existing schema using the sqlite3 tool. That gave us all of our CREATE TABLE statements that setup our tables and default data. We then copy/pasted those statements below the -- +goose Up section of the migrations.

+ +

The one change we made was to add IF NOT EXISTS to all of our table creation statements. This meant that if the client already had a database setup, this migration would be applied, but no changes would be made - exactly what we want.

+ +

The final step to create this migration was to add the rollback statements. Since this was creating the database, DROP TABLE equivalent statements worked just fine. You can see our final migration file here.

+ +

Now for the next hurdle. Traditionally, migrations work by creating a new migration file and running goose up. Then, goose will compare your database version with the migration files it finds. If there are migrations that need to be applied, it will apply them in order until you are at the current version.

+ +

While the goose up command can work if we control the database, there’s simply no way that we can expect our users to install goose and run goose up every time we want to make a database change. Our goal has always been to make the lives of our users easier, so this simply wouldn’t work. This meant that we needed to handle the migrations in our code.

+ +

Fortunately for us, the goose CLI wraps a rich library that we can use. We were able to integrate this directly into our Setup() function to apply migrations automatically.

+ +

First, we created the gooose.DBConf struct to hold the configuration (a programmatic copy of our dbconf.yml file).

+ +
// Setup the goose configuration
+migrateConf := &goose.DBConf{
+	MigrationsDir: config.Conf.MigrationsPath,
+	Env:           "production",
+	Driver: goose.DBDriver{
+		Name:    "sqlite3",
+		OpenStr: config.Conf.DBPath,
+		Import:  "github.com/mattn/go-sqlite3",
+		Dialect: &goose.Sqlite3Dialect{},
+	},
+}
+
+ +

Next, we need to figure out the latest database version supported by our migrations. This gives us the final “goal” migration that we want to upgrade to. We can do this via the function goose.GetMostRecentDBVersion.

+ +
// Get the latest possible migration
+latest, err := goose.GetMostRecentDBVersion(migrateConf.MigrationsDir)
+if err != nil {
+	Logger.Println(err)
+	return err
+}
+
+ +

And finally, we need to apply our migrations. Goose has a function called goose.RunMigrationsOnDb which expects an existing sql.DB object. Since gophish uses the ORM gorm, we already had a sql.DB object already initialized that we could use to send to goose. This was stored in the db variable.

+ +
// Migrate up to the latest version
+err = goose.RunMigrationsOnDb(migrateConf, migrateConf.MigrationsDir, latest, db.DB())
+if err != nil {
+	Logger.Println(err)
+	return err
+}
+
+ +

That’s it! You can find our full Setup() function here. To handle any additional migrations, all we need to do is run goose create again, add the SQL that makes up the migration, and push out the new file. The next time clients update gophish and restart the executable, the database migrations will be applied automatically!

+ +

If this kind of stuff is interesting to you, and you want to see a full example of a web app written in Go, check out gophish by clicking below.

+ +Download gophish + + +
+
+ +
+ + + + +
+
+
+ + + + + diff --git a/blog/tags/engineering/index.xml b/blog/tags/engineering/index.xml new file mode 100644 index 00000000..c3805301 --- /dev/null +++ b/blog/tags/engineering/index.xml @@ -0,0 +1,141 @@ + + + + Engineering on Gophish - Blog + https://getgophish.com/blog/tags/engineering/ + Recent content in Engineering on Gophish - Blog + Hugo -- gohugo.io + en-us + Mon, 01 Feb 2016 07:00:00 -0600 + + + + Handling Database Migrations in Go + https://getgophish.com/blog/post/database-migrations-in-go/ + Mon, 01 Feb 2016 07:00:00 -0600 + + https://getgophish.com/blog/post/database-migrations-in-go/ + + +<h3 id="why-you-should-version-your-database:664f01dc60472cd080b34187311f6c6f">Why You Should Version Your Database</h3> + +<blockquote> +<p>&ldquo;I got my database schema correct on the first try.&rdquo;</p> + +<p>-No one ever.</p> +</blockquote> + +<p>Like most big projects, gophish needed a way to automatically manage changes to our database schema. As new features were being added, we found ourselves in a situation that required us to add or modify columns and tables to store the new data.</p> + +<p>In a hosted environment, this is no problem since we control the database and can make schema changes as we see fit. Gophish is different, in that it is software intentionally designed to run on the client&rsquo;s machine. This means that as we rollout updates to gophish&rsquo;s backend database, we need a way to easily update (or rollback!) changes to the database structure. A versioning system is a perfect fit, which introduces the idea of migrations.</p> + +<h4 id="what-is-a-migration:664f01dc60472cd080b34187311f6c6f">What is a <em>Migration</em>?</h4> + +<p>A migration is nothing more than a set of SQL commands to make changes to a database. Every migration typically has two parts: how to apply the changes you want, and how to roll them back.</p> + +<p>To version control our database, we can create a folder holding multiple migration files. Each file will have an identifier so we know which migration should be applied and in which order. Then, we can store which version our database is currently at in the database itself so if we ever add migrations in the future, we can tell where we left off.</p> + +<p>There are tools that can automate this process for us. We settled on a well-known database migration tool called <a href="https://bitbucket.org/liamstask/goose/"><code>goose</code></a>.</p> + +<h3 id="introduction-to-goose:664f01dc60472cd080b34187311f6c6f">Introduction to <code>goose</code></h3> + +<p>We chose to go with <a href="https://bitbucket.org/liamstask/goose/"><code>goose</code></a> since it seemed like a mature, fully-featured solution that would be easily integrated into our code. Goose typically works through the use of its command line tool aptly named <code>goose</code>.</p> + +<p>To set things up, we first need to create the following folder structure:</p> + +<pre><code>| db/ +| | migrations/ +| `-dbconf.yml +</code></pre> + +<p>Our migrations will be stored in the <code>migrations</code> folder as a series of SQL files. Before we can create migrations, we have to specify the configuration for <code>goose</code> to use. This is found in the <code>dbconf.yml</code> file. In our case, we used the following configuration:</p> + +<pre><code>production: + driver: sqlite3 + open: gophish.db + dialect: sqlite3 + import: github.com/mattn/go-sqlite3 +</code></pre> + +<p>This configuration specifies a single environment, <code>production</code>, that manages a SQLite database.</p> + +<p>Now that we have created our configuration file, we can start making our migrations. Unfortunately, this is where the hurdles began.</p> + +<h3 id="a-little-about-gophish:664f01dc60472cd080b34187311f6c6f">A Little About Gophish</h3> + +<p>Normally, migrations are something that is considered early on in the database creation process. Unfortunately, our schema was already defined and we had clients already running gophish. So, we needed to orchestrate <code>goose</code> in such a way that we could create and apply our migrations without messing up any data that was already in the client&rsquo;s databases.</p> + +<p>The first step was creating the migrations. To handle this, we first created an empty migration file using the following:</p> + +<pre><code>goose -env production create 0.1.2_browser_post sql +goose: created ~\go\src\github.com\gophish\gophish\db\migrations\20160130184410_0.1.2_browser_post.sql +</code></pre> + +<p>This command created a new empty SQL file in our migrations folder that looks like this:</p> + +<pre><code>-- +goose Up +-- SQL in section 'Up' is executed when this migration is applied + + +-- +goose Down +-- SQL section 'Down' is executed when this migration is rolled back +</code></pre> + +<p>For our first migration, we decided to baseline our schema to the current version. To do this, we simply exported our existing schema using the sqlite3 tool. That gave us all of our <code>CREATE TABLE</code> statements that setup our tables and default data. We then copy/pasted those statements below the <code>-- +goose Up</code> section of the migrations.</p> + +<p>The one change we made was to add <code>IF NOT EXISTS</code> to all of our table creation statements. This meant that if the client already had a database setup, this migration would be applied, but no changes would be made - exactly what we want.</p> + +<p>The final step to create this migration was to add the rollback statements. Since this was creating the database, <code>DROP TABLE</code> equivalent statements worked just fine. You can see our final migration file <a href="https://raw.githubusercontent.com/gophish/gophish/master/db/migrations/20160118194630_init.sql">here</a>.</p> + +<p>Now for the next hurdle. Traditionally, migrations work by creating a new migration file and running <code>goose up</code>. Then, <code>goose</code> will compare your database version with the migration files it finds. If there are migrations that need to be applied, it will apply them in order until you are at the current version.</p> + +<p>While the <code>goose up</code> command can work if we control the database, there&rsquo;s simply no way that we can expect our users to install <code>goose</code> and run <code>goose up</code> every time we want to make a database change. Our goal has always been to make the lives of our users easier, so this simply wouldn&rsquo;t work. This meant that we needed to handle the migrations in our code.</p> + +<p>Fortunately for us, the <code>goose</code> CLI wraps a rich library that we can use. We were able to integrate this directly into our <code>Setup()</code> function to apply migrations automatically.</p> + +<p>First, we created the <code>gooose.DBConf</code> struct to hold the configuration (a programmatic copy of our <code>dbconf.yml</code> file).</p> + +<pre><code class="language-golang">// Setup the goose configuration +migrateConf := &amp;goose.DBConf{ + MigrationsDir: config.Conf.MigrationsPath, + Env: &quot;production&quot;, + Driver: goose.DBDriver{ + Name: &quot;sqlite3&quot;, + OpenStr: config.Conf.DBPath, + Import: &quot;github.com/mattn/go-sqlite3&quot;, + Dialect: &amp;goose.Sqlite3Dialect{}, + }, +} +</code></pre> + +<p>Next, we need to figure out the latest database version supported by our migrations. This gives us the final &ldquo;goal&rdquo; migration that we want to upgrade to. We can do this via the function <a href="https://godoc.org/bitbucket.org/liamstask/goose/lib/goose#GetMostRecentDBVersion"><code>goose.GetMostRecentDBVersion</code></a>.</p> + +<pre><code class="language-golang">// Get the latest possible migration +latest, err := goose.GetMostRecentDBVersion(migrateConf.MigrationsDir) +if err != nil { + Logger.Println(err) + return err +} +</code></pre> + +<p>And finally, we need to apply our migrations. <code>Goose</code> has a function called <a href="https://godoc.org/bitbucket.org/liamstask/goose/lib/goose#RunMigrationsOnDb"><code>goose.RunMigrationsOnDb</code></a> which expects an existing <a href="https://golang.org/pkg/database/sql/#DB"><code>sql.DB</code></a> object. Since gophish uses the ORM <a href="https://github.com/jinzhu/gorm"><code>gorm</code></a>, we already had a <code>sql.DB</code> object already initialized that we could use to send to <code>goose</code>. This was stored in the <code>db</code> variable.</p> + +<pre><code class="language-golang">// Migrate up to the latest version +err = goose.RunMigrationsOnDb(migrateConf, migrateConf.MigrationsDir, latest, db.DB()) +if err != nil { + Logger.Println(err) + return err +} +</code></pre> + +<p>That&rsquo;s it! You can find our full <code>Setup()</code> function <a href="https://github.com/gophish/gophish/blob/master/models/models.go#L61">here.</a> To handle any additional migrations, all we need to do is run <code>goose create</code> again, add the SQL that makes up the migration, and push out the new file. The next time clients update gophish and restart the executable, the database migrations will be applied automatically!</p> + +<p>If this kind of stuff is interesting to you, and you want to see a full example of a web app written in Go, check out gophish by clicking below.</p> + +<a href="https://github.com/gophish/gophish" class="btn">Download gophish</a> + + + + + + \ No newline at end of file diff --git a/blog/tags/engineering/page/1/index.html b/blog/tags/engineering/page/1/index.html new file mode 100644 index 00000000..603af025 --- /dev/null +++ b/blog/tags/engineering/page/1/index.html @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/blog/tags/go/index.html b/blog/tags/go/index.html new file mode 100644 index 00000000..90941446 --- /dev/null +++ b/blog/tags/go/index.html @@ -0,0 +1,229 @@ + + + + + + Go · Gophish - Blog + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + +
+
+ +
+ +

01 Feb 2016, 07:00

+
+
+ + Handling Database Migrations in Go + + +
+ +
+ + +

Why You Should Version Your Database

+ +
+

“I got my database schema correct on the first try.”

+ +

-No one ever.

+
+ +

Like most big projects, gophish needed a way to automatically manage changes to our database schema. As new features were being added, we found ourselves in a situation that required us to add or modify columns and tables to store the new data.

+ +

In a hosted environment, this is no problem since we control the database and can make schema changes as we see fit. Gophish is different, in that it is software intentionally designed to run on the client’s machine. This means that as we rollout updates to gophish’s backend database, we need a way to easily update (or rollback!) changes to the database structure. A versioning system is a perfect fit, which introduces the idea of migrations.

+ +

What is a Migration?

+ +

A migration is nothing more than a set of SQL commands to make changes to a database. Every migration typically has two parts: how to apply the changes you want, and how to roll them back.

+ +

To version control our database, we can create a folder holding multiple migration files. Each file will have an identifier so we know which migration should be applied and in which order. Then, we can store which version our database is currently at in the database itself so if we ever add migrations in the future, we can tell where we left off.

+ +

There are tools that can automate this process for us. We settled on a well-known database migration tool called goose.

+ +

Introduction to goose

+ +

We chose to go with goose since it seemed like a mature, fully-featured solution that would be easily integrated into our code. Goose typically works through the use of its command line tool aptly named goose.

+ +

To set things up, we first need to create the following folder structure:

+ +
| db/
+| | migrations/
+| `-dbconf.yml
+
+ +

Our migrations will be stored in the migrations folder as a series of SQL files. Before we can create migrations, we have to specify the configuration for goose to use. This is found in the dbconf.yml file. In our case, we used the following configuration:

+ +
production:
+    driver: sqlite3 
+    open: gophish.db
+    dialect: sqlite3
+    import: github.com/mattn/go-sqlite3
+
+ +

This configuration specifies a single environment, production, that manages a SQLite database.

+ +

Now that we have created our configuration file, we can start making our migrations. Unfortunately, this is where the hurdles began.

+ +

A Little About Gophish

+ +

Normally, migrations are something that is considered early on in the database creation process. Unfortunately, our schema was already defined and we had clients already running gophish. So, we needed to orchestrate goose in such a way that we could create and apply our migrations without messing up any data that was already in the client’s databases.

+ +

The first step was creating the migrations. To handle this, we first created an empty migration file using the following:

+ +
goose -env production create 0.1.2_browser_post sql
+goose: created ~\go\src\github.com\gophish\gophish\db\migrations\20160130184410_0.1.2_browser_post.sql
+
+ +

This command created a new empty SQL file in our migrations folder that looks like this:

+ +
-- +goose Up
+-- SQL in section 'Up' is executed when this migration is applied
+
+
+-- +goose Down
+-- SQL section 'Down' is executed when this migration is rolled back
+
+ +

For our first migration, we decided to baseline our schema to the current version. To do this, we simply exported our existing schema using the sqlite3 tool. That gave us all of our CREATE TABLE statements that setup our tables and default data. We then copy/pasted those statements below the -- +goose Up section of the migrations.

+ +

The one change we made was to add IF NOT EXISTS to all of our table creation statements. This meant that if the client already had a database setup, this migration would be applied, but no changes would be made - exactly what we want.

+ +

The final step to create this migration was to add the rollback statements. Since this was creating the database, DROP TABLE equivalent statements worked just fine. You can see our final migration file here.

+ +

Now for the next hurdle. Traditionally, migrations work by creating a new migration file and running goose up. Then, goose will compare your database version with the migration files it finds. If there are migrations that need to be applied, it will apply them in order until you are at the current version.

+ +

While the goose up command can work if we control the database, there’s simply no way that we can expect our users to install goose and run goose up every time we want to make a database change. Our goal has always been to make the lives of our users easier, so this simply wouldn’t work. This meant that we needed to handle the migrations in our code.

+ +

Fortunately for us, the goose CLI wraps a rich library that we can use. We were able to integrate this directly into our Setup() function to apply migrations automatically.

+ +

First, we created the gooose.DBConf struct to hold the configuration (a programmatic copy of our dbconf.yml file).

+ +
// Setup the goose configuration
+migrateConf := &goose.DBConf{
+	MigrationsDir: config.Conf.MigrationsPath,
+	Env:           "production",
+	Driver: goose.DBDriver{
+		Name:    "sqlite3",
+		OpenStr: config.Conf.DBPath,
+		Import:  "github.com/mattn/go-sqlite3",
+		Dialect: &goose.Sqlite3Dialect{},
+	},
+}
+
+ +

Next, we need to figure out the latest database version supported by our migrations. This gives us the final “goal” migration that we want to upgrade to. We can do this via the function goose.GetMostRecentDBVersion.

+ +
// Get the latest possible migration
+latest, err := goose.GetMostRecentDBVersion(migrateConf.MigrationsDir)
+if err != nil {
+	Logger.Println(err)
+	return err
+}
+
+ +

And finally, we need to apply our migrations. Goose has a function called goose.RunMigrationsOnDb which expects an existing sql.DB object. Since gophish uses the ORM gorm, we already had a sql.DB object already initialized that we could use to send to goose. This was stored in the db variable.

+ +
// Migrate up to the latest version
+err = goose.RunMigrationsOnDb(migrateConf, migrateConf.MigrationsDir, latest, db.DB())
+if err != nil {
+	Logger.Println(err)
+	return err
+}
+
+ +

That’s it! You can find our full Setup() function here. To handle any additional migrations, all we need to do is run goose create again, add the SQL that makes up the migration, and push out the new file. The next time clients update gophish and restart the executable, the database migrations will be applied automatically!

+ +

If this kind of stuff is interesting to you, and you want to see a full example of a web app written in Go, check out gophish by clicking below.

+ +Download gophish + + +
+
+ +
+ + + + +
+
+
+ + + + + diff --git a/blog/tags/go/index.xml b/blog/tags/go/index.xml new file mode 100644 index 00000000..86ffc3e0 --- /dev/null +++ b/blog/tags/go/index.xml @@ -0,0 +1,141 @@ + + + + Go on Gophish - Blog + https://getgophish.com/blog/tags/go/ + Recent content in Go on Gophish - Blog + Hugo -- gohugo.io + en-us + Mon, 01 Feb 2016 07:00:00 -0600 + + + + Handling Database Migrations in Go + https://getgophish.com/blog/post/database-migrations-in-go/ + Mon, 01 Feb 2016 07:00:00 -0600 + + https://getgophish.com/blog/post/database-migrations-in-go/ + + +<h3 id="why-you-should-version-your-database:664f01dc60472cd080b34187311f6c6f">Why You Should Version Your Database</h3> + +<blockquote> +<p>&ldquo;I got my database schema correct on the first try.&rdquo;</p> + +<p>-No one ever.</p> +</blockquote> + +<p>Like most big projects, gophish needed a way to automatically manage changes to our database schema. As new features were being added, we found ourselves in a situation that required us to add or modify columns and tables to store the new data.</p> + +<p>In a hosted environment, this is no problem since we control the database and can make schema changes as we see fit. Gophish is different, in that it is software intentionally designed to run on the client&rsquo;s machine. This means that as we rollout updates to gophish&rsquo;s backend database, we need a way to easily update (or rollback!) changes to the database structure. A versioning system is a perfect fit, which introduces the idea of migrations.</p> + +<h4 id="what-is-a-migration:664f01dc60472cd080b34187311f6c6f">What is a <em>Migration</em>?</h4> + +<p>A migration is nothing more than a set of SQL commands to make changes to a database. Every migration typically has two parts: how to apply the changes you want, and how to roll them back.</p> + +<p>To version control our database, we can create a folder holding multiple migration files. Each file will have an identifier so we know which migration should be applied and in which order. Then, we can store which version our database is currently at in the database itself so if we ever add migrations in the future, we can tell where we left off.</p> + +<p>There are tools that can automate this process for us. We settled on a well-known database migration tool called <a href="https://bitbucket.org/liamstask/goose/"><code>goose</code></a>.</p> + +<h3 id="introduction-to-goose:664f01dc60472cd080b34187311f6c6f">Introduction to <code>goose</code></h3> + +<p>We chose to go with <a href="https://bitbucket.org/liamstask/goose/"><code>goose</code></a> since it seemed like a mature, fully-featured solution that would be easily integrated into our code. Goose typically works through the use of its command line tool aptly named <code>goose</code>.</p> + +<p>To set things up, we first need to create the following folder structure:</p> + +<pre><code>| db/ +| | migrations/ +| `-dbconf.yml +</code></pre> + +<p>Our migrations will be stored in the <code>migrations</code> folder as a series of SQL files. Before we can create migrations, we have to specify the configuration for <code>goose</code> to use. This is found in the <code>dbconf.yml</code> file. In our case, we used the following configuration:</p> + +<pre><code>production: + driver: sqlite3 + open: gophish.db + dialect: sqlite3 + import: github.com/mattn/go-sqlite3 +</code></pre> + +<p>This configuration specifies a single environment, <code>production</code>, that manages a SQLite database.</p> + +<p>Now that we have created our configuration file, we can start making our migrations. Unfortunately, this is where the hurdles began.</p> + +<h3 id="a-little-about-gophish:664f01dc60472cd080b34187311f6c6f">A Little About Gophish</h3> + +<p>Normally, migrations are something that is considered early on in the database creation process. Unfortunately, our schema was already defined and we had clients already running gophish. So, we needed to orchestrate <code>goose</code> in such a way that we could create and apply our migrations without messing up any data that was already in the client&rsquo;s databases.</p> + +<p>The first step was creating the migrations. To handle this, we first created an empty migration file using the following:</p> + +<pre><code>goose -env production create 0.1.2_browser_post sql +goose: created ~\go\src\github.com\gophish\gophish\db\migrations\20160130184410_0.1.2_browser_post.sql +</code></pre> + +<p>This command created a new empty SQL file in our migrations folder that looks like this:</p> + +<pre><code>-- +goose Up +-- SQL in section 'Up' is executed when this migration is applied + + +-- +goose Down +-- SQL section 'Down' is executed when this migration is rolled back +</code></pre> + +<p>For our first migration, we decided to baseline our schema to the current version. To do this, we simply exported our existing schema using the sqlite3 tool. That gave us all of our <code>CREATE TABLE</code> statements that setup our tables and default data. We then copy/pasted those statements below the <code>-- +goose Up</code> section of the migrations.</p> + +<p>The one change we made was to add <code>IF NOT EXISTS</code> to all of our table creation statements. This meant that if the client already had a database setup, this migration would be applied, but no changes would be made - exactly what we want.</p> + +<p>The final step to create this migration was to add the rollback statements. Since this was creating the database, <code>DROP TABLE</code> equivalent statements worked just fine. You can see our final migration file <a href="https://raw.githubusercontent.com/gophish/gophish/master/db/migrations/20160118194630_init.sql">here</a>.</p> + +<p>Now for the next hurdle. Traditionally, migrations work by creating a new migration file and running <code>goose up</code>. Then, <code>goose</code> will compare your database version with the migration files it finds. If there are migrations that need to be applied, it will apply them in order until you are at the current version.</p> + +<p>While the <code>goose up</code> command can work if we control the database, there&rsquo;s simply no way that we can expect our users to install <code>goose</code> and run <code>goose up</code> every time we want to make a database change. Our goal has always been to make the lives of our users easier, so this simply wouldn&rsquo;t work. This meant that we needed to handle the migrations in our code.</p> + +<p>Fortunately for us, the <code>goose</code> CLI wraps a rich library that we can use. We were able to integrate this directly into our <code>Setup()</code> function to apply migrations automatically.</p> + +<p>First, we created the <code>gooose.DBConf</code> struct to hold the configuration (a programmatic copy of our <code>dbconf.yml</code> file).</p> + +<pre><code class="language-golang">// Setup the goose configuration +migrateConf := &amp;goose.DBConf{ + MigrationsDir: config.Conf.MigrationsPath, + Env: &quot;production&quot;, + Driver: goose.DBDriver{ + Name: &quot;sqlite3&quot;, + OpenStr: config.Conf.DBPath, + Import: &quot;github.com/mattn/go-sqlite3&quot;, + Dialect: &amp;goose.Sqlite3Dialect{}, + }, +} +</code></pre> + +<p>Next, we need to figure out the latest database version supported by our migrations. This gives us the final &ldquo;goal&rdquo; migration that we want to upgrade to. We can do this via the function <a href="https://godoc.org/bitbucket.org/liamstask/goose/lib/goose#GetMostRecentDBVersion"><code>goose.GetMostRecentDBVersion</code></a>.</p> + +<pre><code class="language-golang">// Get the latest possible migration +latest, err := goose.GetMostRecentDBVersion(migrateConf.MigrationsDir) +if err != nil { + Logger.Println(err) + return err +} +</code></pre> + +<p>And finally, we need to apply our migrations. <code>Goose</code> has a function called <a href="https://godoc.org/bitbucket.org/liamstask/goose/lib/goose#RunMigrationsOnDb"><code>goose.RunMigrationsOnDb</code></a> which expects an existing <a href="https://golang.org/pkg/database/sql/#DB"><code>sql.DB</code></a> object. Since gophish uses the ORM <a href="https://github.com/jinzhu/gorm"><code>gorm</code></a>, we already had a <code>sql.DB</code> object already initialized that we could use to send to <code>goose</code>. This was stored in the <code>db</code> variable.</p> + +<pre><code class="language-golang">// Migrate up to the latest version +err = goose.RunMigrationsOnDb(migrateConf, migrateConf.MigrationsDir, latest, db.DB()) +if err != nil { + Logger.Println(err) + return err +} +</code></pre> + +<p>That&rsquo;s it! You can find our full <code>Setup()</code> function <a href="https://github.com/gophish/gophish/blob/master/models/models.go#L61">here.</a> To handle any additional migrations, all we need to do is run <code>goose create</code> again, add the SQL that makes up the migration, and push out the new file. The next time clients update gophish and restart the executable, the database migrations will be applied automatically!</p> + +<p>If this kind of stuff is interesting to you, and you want to see a full example of a web app written in Go, check out gophish by clicking below.</p> + +<a href="https://github.com/gophish/gophish" class="btn">Download gophish</a> + + + + + + \ No newline at end of file diff --git a/blog/tags/go/page/1/index.html b/blog/tags/go/page/1/index.html new file mode 100644 index 00000000..b0827106 --- /dev/null +++ b/blog/tags/go/page/1/index.html @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/blog/tags/gophish/index.html b/blog/tags/gophish/index.html index 02f5ac5b..96426bbc 100644 --- a/blog/tags/gophish/index.html +++ b/blog/tags/gophish/index.html @@ -63,6 +63,117 @@
+

01 Feb 2016, 06:00

+
+
+ + Announcing gophish v0.1.1 + + +
+ +
+ + + + +

Tl;dr - Download the release here

+ +

The wait is over!

+ +

The gophish team is excited to announce our first public beta version of gophish - version 0.1.1! This blog post will be a short introduction into what gophish is, as well as some of the insanely awesome features we’ve created.

+ +

What is Gophish?

+ +

Gophish is a phishing framework that makes the simulation of real-world phishing attacks dead-simple. The idea behind gophish is simple – make industry-grade phishing training available to everyone.

+ +

“Available” in this case means two things –

+ +
    +
  • Affordable – Gophish is currently open-source software that is completely free for anyone to use.
  • +
  • Accessible – Gophish is written in the Go programming language. This has the benefit that gophish releases are compiled binaries with no dependencies. In a nutshell, this makes installation as simple as “download and run”!
  • +
+ +

Time For Features

+ +

Ok, ok, enough with the intro. The idea of a phishing simulation platform isn’t new. Let’s take a look at some of the features that really set gophish apart and make it awesome.

+ +

Hosted On-Prem

+ +

There are many commercial offerings that provide phishing simulation/training. Unfortunately, these are SaaS solutions that require you to hand over your data to someone else.

+ +

Gophish is different in that it is meant to be hosted in-house. This keeps you data where it belongs - with you.

+ +

Download -> Run

+ +

For the few existing in-house solutions that exist, setup can be a huge pain (looking at you, Ruby gems). Your time is too valuable to be spent wrestling with dependencies trying to create the perfect setup that somehow magically allows the program to run.

+ +

Gophish was written in the Go programming language for this exact reason. To install gophish, all you have to do is download the zip file, extract the contents, and run the binary.

+ +

By doing this, you just started two webservers, populated a database, and setup a background worker to handle sending the mails. Now, your time can be spent making campaigns. Easy peasy.

+ +

API’s for Everything.

+ +

Gophish was built with automation first. This means that you can create scripts and clients that automate all the hard work for you. In addition to this, we keep up-to-date API docs that describe each API endpoint in detail.

+ +

Rock-Solid Documentation

+ +

Speaking of API docs, we take documentation very seriously. We take documentation seriously because we take our user experience seriously. If you can’t find what you need to use and troubleshoot gophish, we’ve failed. Just take a look at our comprehensive user guide, API documentation, and even fully documented code.

+ +

If you ever find something missing in our documentation, we want to know!

+ +

Beautiful UI

+ +

While the API is the core of gophish’s functionality, we also provide a gorgeous admin UI. This UI is simply a wrapper on top of the underlying API. Nothing says more than screenshots:

+ +

+ + Login Screen +
+ +
+ + Creating a New Group +
+ +
+ + Creating an Email Template +
+ +
+ + Importing a Site +
+ +
+ + Viewing Campaign Results +
+ +
+ + Viewing the Timeline for a Target +
+

+ +

Take Gophish for a Spin!

+ +

These features only scratch the surface when it comes to what makes gophish great, and we aren’t anywhere near done yet. To explore these features for yourself, take gophish for a spin!

+ +

We hope you enjoy gophish and are excited for all the new features that will be released soon! In the meantime, if you ever have any questions, comments, or issues, we want to hear from you!

+ +

-The Gophish Team

+ +

Download gophish +

+ +
+
+

07 Jan 2016, 22:05

diff --git a/blog/tags/gophish/index.xml b/blog/tags/gophish/index.xml index 7d7a602c..aa7c60bf 100644 --- a/blog/tags/gophish/index.xml +++ b/blog/tags/gophish/index.xml @@ -6,9 +6,112 @@ Recent content in Gophish on Gophish - Blog Hugo -- gohugo.io en-us - Thu, 07 Jan 2016 22:05:58 -0600 + Mon, 01 Feb 2016 06:00:00 -0600 + + Announcing gophish v0.1.1 + https://getgophish.com/blog/post/release-0.1.1/ + Mon, 01 Feb 2016 06:00:00 -0600 + + https://getgophish.com/blog/post/release-0.1.1/ + + +<img src="https://getgophish.com/blog/blog/images/gophish_purple.png" alt="" class="pure-img" > + +<p><em>Tl;dr - Download the release <a href="https://github.com/gophish/gophish/releases">here</a></em></p> + +<h3 id="the-wait-is-over:1cea0120cd31cba0f7863bc47631176f"><strong>The wait is over!</strong></h3> + +<p>The gophish team is excited to announce our first public beta version of gophish - version 0.1.1! This blog post will be a short introduction into what gophish is, as well as some of the insanely awesome features we&rsquo;ve created.</p> + +<h3 id="what-is-gophish:1cea0120cd31cba0f7863bc47631176f">What is Gophish?</h3> + +<p>Gophish is a phishing framework that makes the simulation of real-world phishing attacks dead-simple. The idea behind gophish is simple – make industry-grade phishing training available to <em>everyone</em>.</p> + +<p>&ldquo;Available&rdquo; in this case means two things –</p> + +<ul> +<li><strong>Affordable</strong> – Gophish is currently open-source software that is completely free for anyone to use.</li> +<li><strong>Accessible</strong> – Gophish is written in the Go programming language. This has the benefit that gophish releases are compiled binaries with no dependencies. In a nutshell, this makes installation as simple as “download and run”!</li> +</ul> + +<h3 id="time-for-features:1cea0120cd31cba0f7863bc47631176f">Time For Features</h3> + +<p>Ok, ok, enough with the intro. The idea of a phishing simulation platform isn&rsquo;t new. Let&rsquo;s take a look at some of the features that really set gophish apart and make it awesome.</p> + +<h4 id="hosted-on-prem:1cea0120cd31cba0f7863bc47631176f">Hosted On-Prem</h4> + +<p>There are many commercial offerings that provide phishing simulation/training. Unfortunately, these are SaaS solutions that require you to hand over your data to someone else.</p> + +<p>Gophish is different in that it is meant to be hosted in-house. This keeps you data where it belongs - with you.</p> + +<h4 id="download-run:1cea0120cd31cba0f7863bc47631176f">Download -&gt; Run</h4> + +<p>For the few existing in-house solutions that exist, setup can be a <em>huge pain</em> (looking at you, Ruby gems). Your time is too valuable to be spent wrestling with dependencies trying to create the perfect setup that somehow magically allows the program to run.</p> + +<p>Gophish was written in the Go programming language for this exact reason. To install gophish, all you have to do is download the zip file, extract the contents, and run the binary.</p> + +<p>By doing this, you just started two webservers, populated a database, and setup a background worker to handle sending the mails. Now, your time can be spent making campaigns. Easy peasy.</p> + +<h4 id="api-s-for-everything:1cea0120cd31cba0f7863bc47631176f">API&rsquo;s for <em>Everything</em>.</h4> + +<p>Gophish was built with automation first. This means that you can create scripts and clients that automate all the hard work for you. In addition to this, we keep up-to-date <a href="https://getgophish.com/blog/documentation/api/">API docs</a> that describe each API endpoint in detail.</p> + +<h4 id="rock-solid-documentation:1cea0120cd31cba0f7863bc47631176f">Rock-Solid Documentation</h4> + +<p>Speaking of API docs, we take documentation very seriously. We take documentation seriously because we take our user experience seriously. If you can&rsquo;t find what you need to use and troubleshoot gophish, we&rsquo;ve failed. Just take a look at our comprehensive <a href="https://getgophish.com/blog/documentation/Gophish%20User%20Guide.pdf">user guide</a>, <a href="https://getgophish.com/blog/documentation/api/">API documentation</a>, and even <a href="http://godoc.org/github.com/gophish/gophish">fully documented code</a>.</p> + +<p>If you ever find something missing in our documentation, <a href="https://getgophish.com/blog/support">we want to know!</a></p> + +<h4 id="beautiful-ui:1cea0120cd31cba0f7863bc47631176f">Beautiful UI</h4> + +<p>While the API is the core of gophish&rsquo;s functionality, we also provide a gorgeous admin UI. This UI is simply a wrapper on top of the underlying API. Nothing says more than screenshots:</p> + +<p><figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/login.png" alt="" class="blog-image" > + <figcap>Login Screen</figcap> +</figure> + +<figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/new_group.png" alt="" class="blog-image" > + <figcap>Creating a New Group</figcap> +</figure> + +<figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/new_template.png" alt="" class="blog-image" > + <figcap>Creating an Email Template</figcap> +</figure> + +<figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/import_site.png" alt="" class="blog-image" > + <figcap>Importing a Site</figcap> +</figure> + +<figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/campaign_results.png" alt="" class="blog-image" > + <figcap>Viewing Campaign Results</figcap> +</figure> + +<figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/timeline.png" alt="" class="blog-image" > + <figcap>Viewing the Timeline for a Target</figcap> +</figure> +</p> + +<h3 id="take-gophish-for-a-spin:1cea0120cd31cba0f7863bc47631176f">Take Gophish for a Spin!</h3> + +<p>These features only scratch the surface when it comes to what makes gophish great, and we aren&rsquo;t anywhere near done yet. To explore these features for yourself, take gophish for a spin!</p> + +<p>We hope you enjoy gophish and are excited for all the new features that will be released soon! In the meantime, if you ever have any questions, comments, or issues, <a href="https://getgophish.com/blog/support">we want to hear from you</a>!</p> + +<p>-The Gophish Team</p> + +<p><a href="https://github.com/gophish/gophish/releases" class="btn">Download gophish</a> +</p> + + + Introducing gophish https://getgophish.com/blog/post/hello-world/ diff --git a/blog/tags/release/index.html b/blog/tags/release/index.html new file mode 100644 index 00000000..5b8ed84d --- /dev/null +++ b/blog/tags/release/index.html @@ -0,0 +1,204 @@ + + + + + + Release · Gophish - Blog + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + +
+
+ +
+ +

01 Feb 2016, 06:00

+
+
+ + Announcing gophish v0.1.1 + + +
+ +
+ + + + +

Tl;dr - Download the release here

+ +

The wait is over!

+ +

The gophish team is excited to announce our first public beta version of gophish - version 0.1.1! This blog post will be a short introduction into what gophish is, as well as some of the insanely awesome features we’ve created.

+ +

What is Gophish?

+ +

Gophish is a phishing framework that makes the simulation of real-world phishing attacks dead-simple. The idea behind gophish is simple – make industry-grade phishing training available to everyone.

+ +

“Available” in this case means two things –

+ +
    +
  • Affordable – Gophish is currently open-source software that is completely free for anyone to use.
  • +
  • Accessible – Gophish is written in the Go programming language. This has the benefit that gophish releases are compiled binaries with no dependencies. In a nutshell, this makes installation as simple as “download and run”!
  • +
+ +

Time For Features

+ +

Ok, ok, enough with the intro. The idea of a phishing simulation platform isn’t new. Let’s take a look at some of the features that really set gophish apart and make it awesome.

+ +

Hosted On-Prem

+ +

There are many commercial offerings that provide phishing simulation/training. Unfortunately, these are SaaS solutions that require you to hand over your data to someone else.

+ +

Gophish is different in that it is meant to be hosted in-house. This keeps you data where it belongs - with you.

+ +

Download -> Run

+ +

For the few existing in-house solutions that exist, setup can be a huge pain (looking at you, Ruby gems). Your time is too valuable to be spent wrestling with dependencies trying to create the perfect setup that somehow magically allows the program to run.

+ +

Gophish was written in the Go programming language for this exact reason. To install gophish, all you have to do is download the zip file, extract the contents, and run the binary.

+ +

By doing this, you just started two webservers, populated a database, and setup a background worker to handle sending the mails. Now, your time can be spent making campaigns. Easy peasy.

+ +

API’s for Everything.

+ +

Gophish was built with automation first. This means that you can create scripts and clients that automate all the hard work for you. In addition to this, we keep up-to-date API docs that describe each API endpoint in detail.

+ +

Rock-Solid Documentation

+ +

Speaking of API docs, we take documentation very seriously. We take documentation seriously because we take our user experience seriously. If you can’t find what you need to use and troubleshoot gophish, we’ve failed. Just take a look at our comprehensive user guide, API documentation, and even fully documented code.

+ +

If you ever find something missing in our documentation, we want to know!

+ +

Beautiful UI

+ +

While the API is the core of gophish’s functionality, we also provide a gorgeous admin UI. This UI is simply a wrapper on top of the underlying API. Nothing says more than screenshots:

+ +

+ + Login Screen +
+ +
+ + Creating a New Group +
+ +
+ + Creating an Email Template +
+ +
+ + Importing a Site +
+ +
+ + Viewing Campaign Results +
+ +
+ + Viewing the Timeline for a Target +
+

+ +

Take Gophish for a Spin!

+ +

These features only scratch the surface when it comes to what makes gophish great, and we aren’t anywhere near done yet. To explore these features for yourself, take gophish for a spin!

+ +

We hope you enjoy gophish and are excited for all the new features that will be released soon! In the meantime, if you ever have any questions, comments, or issues, we want to hear from you!

+ +

-The Gophish Team

+ +

Download gophish +

+ +
+
+ +
+ + + + +
+
+
+ + + + + diff --git a/blog/tags/release/index.xml b/blog/tags/release/index.xml new file mode 100644 index 00000000..5b9d9b6f --- /dev/null +++ b/blog/tags/release/index.xml @@ -0,0 +1,116 @@ + + + + Release on Gophish - Blog + https://getgophish.com/blog/tags/release/ + Recent content in Release on Gophish - Blog + Hugo -- gohugo.io + en-us + Mon, 01 Feb 2016 06:00:00 -0600 + + + + Announcing gophish v0.1.1 + https://getgophish.com/blog/post/release-0.1.1/ + Mon, 01 Feb 2016 06:00:00 -0600 + + https://getgophish.com/blog/post/release-0.1.1/ + + +<img src="https://getgophish.com/blog/blog/images/gophish_purple.png" alt="" class="pure-img" > + +<p><em>Tl;dr - Download the release <a href="https://github.com/gophish/gophish/releases">here</a></em></p> + +<h3 id="the-wait-is-over:1cea0120cd31cba0f7863bc47631176f"><strong>The wait is over!</strong></h3> + +<p>The gophish team is excited to announce our first public beta version of gophish - version 0.1.1! This blog post will be a short introduction into what gophish is, as well as some of the insanely awesome features we&rsquo;ve created.</p> + +<h3 id="what-is-gophish:1cea0120cd31cba0f7863bc47631176f">What is Gophish?</h3> + +<p>Gophish is a phishing framework that makes the simulation of real-world phishing attacks dead-simple. The idea behind gophish is simple – make industry-grade phishing training available to <em>everyone</em>.</p> + +<p>&ldquo;Available&rdquo; in this case means two things –</p> + +<ul> +<li><strong>Affordable</strong> – Gophish is currently open-source software that is completely free for anyone to use.</li> +<li><strong>Accessible</strong> – Gophish is written in the Go programming language. This has the benefit that gophish releases are compiled binaries with no dependencies. In a nutshell, this makes installation as simple as “download and run”!</li> +</ul> + +<h3 id="time-for-features:1cea0120cd31cba0f7863bc47631176f">Time For Features</h3> + +<p>Ok, ok, enough with the intro. The idea of a phishing simulation platform isn&rsquo;t new. Let&rsquo;s take a look at some of the features that really set gophish apart and make it awesome.</p> + +<h4 id="hosted-on-prem:1cea0120cd31cba0f7863bc47631176f">Hosted On-Prem</h4> + +<p>There are many commercial offerings that provide phishing simulation/training. Unfortunately, these are SaaS solutions that require you to hand over your data to someone else.</p> + +<p>Gophish is different in that it is meant to be hosted in-house. This keeps you data where it belongs - with you.</p> + +<h4 id="download-run:1cea0120cd31cba0f7863bc47631176f">Download -&gt; Run</h4> + +<p>For the few existing in-house solutions that exist, setup can be a <em>huge pain</em> (looking at you, Ruby gems). Your time is too valuable to be spent wrestling with dependencies trying to create the perfect setup that somehow magically allows the program to run.</p> + +<p>Gophish was written in the Go programming language for this exact reason. To install gophish, all you have to do is download the zip file, extract the contents, and run the binary.</p> + +<p>By doing this, you just started two webservers, populated a database, and setup a background worker to handle sending the mails. Now, your time can be spent making campaigns. Easy peasy.</p> + +<h4 id="api-s-for-everything:1cea0120cd31cba0f7863bc47631176f">API&rsquo;s for <em>Everything</em>.</h4> + +<p>Gophish was built with automation first. This means that you can create scripts and clients that automate all the hard work for you. In addition to this, we keep up-to-date <a href="https://getgophish.com/blog/documentation/api/">API docs</a> that describe each API endpoint in detail.</p> + +<h4 id="rock-solid-documentation:1cea0120cd31cba0f7863bc47631176f">Rock-Solid Documentation</h4> + +<p>Speaking of API docs, we take documentation very seriously. We take documentation seriously because we take our user experience seriously. If you can&rsquo;t find what you need to use and troubleshoot gophish, we&rsquo;ve failed. Just take a look at our comprehensive <a href="https://getgophish.com/blog/documentation/Gophish%20User%20Guide.pdf">user guide</a>, <a href="https://getgophish.com/blog/documentation/api/">API documentation</a>, and even <a href="http://godoc.org/github.com/gophish/gophish">fully documented code</a>.</p> + +<p>If you ever find something missing in our documentation, <a href="https://getgophish.com/blog/support">we want to know!</a></p> + +<h4 id="beautiful-ui:1cea0120cd31cba0f7863bc47631176f">Beautiful UI</h4> + +<p>While the API is the core of gophish&rsquo;s functionality, we also provide a gorgeous admin UI. This UI is simply a wrapper on top of the underlying API. Nothing says more than screenshots:</p> + +<p><figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/login.png" alt="" class="blog-image" > + <figcap>Login Screen</figcap> +</figure> + +<figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/new_group.png" alt="" class="blog-image" > + <figcap>Creating a New Group</figcap> +</figure> + +<figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/new_template.png" alt="" class="blog-image" > + <figcap>Creating an Email Template</figcap> +</figure> + +<figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/import_site.png" alt="" class="blog-image" > + <figcap>Importing a Site</figcap> +</figure> + +<figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/campaign_results.png" alt="" class="blog-image" > + <figcap>Viewing Campaign Results</figcap> +</figure> + +<figure> + <img src="https://getgophish.com/blog/blog/images/screenshots/timeline.png" alt="" class="blog-image" > + <figcap>Viewing the Timeline for a Target</figcap> +</figure> +</p> + +<h3 id="take-gophish-for-a-spin:1cea0120cd31cba0f7863bc47631176f">Take Gophish for a Spin!</h3> + +<p>These features only scratch the surface when it comes to what makes gophish great, and we aren&rsquo;t anywhere near done yet. To explore these features for yourself, take gophish for a spin!</p> + +<p>We hope you enjoy gophish and are excited for all the new features that will be released soon! In the meantime, if you ever have any questions, comments, or issues, <a href="https://getgophish.com/blog/support">we want to hear from you</a>!</p> + +<p>-The Gophish Team</p> + +<p><a href="https://github.com/gophish/gophish/releases" class="btn">Download gophish</a> +</p> + + + + + \ No newline at end of file diff --git a/blog/tags/release/page/1/index.html b/blog/tags/release/page/1/index.html new file mode 100644 index 00000000..7ce68a24 --- /dev/null +++ b/blog/tags/release/page/1/index.html @@ -0,0 +1 @@ + \ No newline at end of file