cristiancmoises
/
gophish
mirror of https://github.com/gophish/gophish
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Moved documentation links to point to docs.getgophish.com.

pull/1264/head
Jordan Wright 2018-10-11 12:06:36 -05:00
parent d6cbc1a936
commit abafe3526b
12 changed files with 150 additions and 2818 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
controllers/api.go
View File

@ -9,7 +9,6 @@ import (
"net/http"
"strconv"
"strings"
"text/template"
"time"
"github.com/PuerkitoBio/goquery"
@ -33,19 +32,6 @@ func init() {
go Worker.Start()
}
// API (/api) provides access to api documentation
func API(w http.ResponseWriter, r *http.Request) {
switch {
case r.Method == "GET":
templates := template.New("template")
_, err := templates.ParseFiles("templates/docs.html")
if err != nil {
log.Error(err)
}
template.Must(templates, err).ExecuteTemplate(w, "base", nil)
}
}
// API (/api/reset) resets a user's API key
func API_Reset(w http.ResponseWriter, r *http.Request) {
switch {

1
controllers/route.go
View File

@ -36,7 +36,6 @@ func CreateAdminRouter() http.Handler {
// Create the API routes
api := router.PathPrefix("/api").Subrouter()
api = api.StrictSlash(true)
api.HandleFunc("/", Use(API, mid.RequireLogin))
api.HandleFunc("/reset", Use(API_Reset, mid.RequireAPIKey))
api.HandleFunc("/campaigns/", Use(API_Campaigns, mid.RequireAPIKey))
api.HandleFunc("/campaigns/summary", Use(API_Campaigns_Summary, mid.RequireAPIKey))

8
templates/campaign_results.html
View File

@ -28,10 +28,10 @@
<hr>
</li>
<li>
<a href="https://gophish.gitbooks.io/user-guide/content/">User Guide</a>
<a href="https://docs.getgophish.com/user-guide/">User Guide</a>
</li>
<li>
<a href="/api/">API Documentation</a>
<a href="https://docs.getgophish.com/api-documentation/">API Documentation</a>
</li>
</ul>
</div>
@ -50,8 +50,8 @@
<i class="fa fa-arrow-circle-o-left fa-lg"></i> Back
</a>
<div class="btn-group">
<button type="button" id="exportButton" class="btn btn-primary dropdown-toggle" data-toggle="dropdown" aria-haspopup="true"
aria-expanded="true">
<button type="button" id="exportButton" class="btn btn-primary dropdown-toggle" data-toggle="dropdown"
aria-haspopup="true" aria-expanded="true">
<i class="fa fa-file-excel-o"></i> Export CSV
<i class="fa fa-caret-down"></i>
</button>

4
templates/campaigns.html
View File

@ -28,10 +28,10 @@
<hr>
</li>
<li>
<a href="https://gophish.gitbooks.io/user-guide/content/">User Guide</a>
<a href="https://docs.getgophish.com/user-guide/">User Guide</a>
</li>
<li>
<a href="/api/">API Documentation</a>
<a href="https://docs.getgophish.com/api-documentation/">API Documentation</a>
</li>
</ul>
</div>

4
templates/dashboard.html
View File

@ -28,10 +28,10 @@
<hr>
</li>
<li>
<a href="https://gophish.gitbooks.io/user-guide/content/">User Guide</a>
<a href="https://docs.getgophish.com/user-guide/">User Guide</a>
</li>
<li>
<a href="/api/">API Documentation</a>
<a href="https://docs.getgophish.com/api-documentation/">API Documentation</a>
</li>
</ul>
</div>

1938
templates/docs.html
View File

File diff suppressed because one or more lines are too long

747
templates/gophish.apib
View File

@ -1,747 +0,0 @@
FORMAT: 1A
HOST: http://localhost:3333/api
# Gophish API
Gophish was built from the ground-up with a JSON API that makes it easy for developers and sysadmins to automate simulated phishing campaigns.
These docs describe how to use the [gophish](https://github.com/gophish/gophish) API.
::: note
## Authorization
All API requests require the use of a generated API key. You can find your API key, or generate a new one, by navigating to the /settings endpoint, or clicking the "Settings" sidebar item.
When making requests, simply append the ```api_key=[API_KEY]``` as a GET parameter to authorize yourself to the API.
```http
GET /api/campaigns/?api_key=12345678901234567890123456789012
```
If no API key is provided, you'll receive the following response when attempting to make requests to API endpoints:
```json
{
"message": "API Key not set",
"success": false,
"data": null
}
```
:::
# Group Campaigns
## Campaigns [/campaigns/]
### Get Campaigns [GET]
Get a list of campaigns.
Campaigns object contain the resources needed for gophish to launch and track a simulated phishing campaign.
Campaigns have the following attributes:
+ ```id``` : 1 (number, required) - Unique identifier
+ ```name``` : Example Campaign (string, required) - Title of Campaign
+ ```created_date``` : 2015-1-1T01:02:03.000000Z (datetime) - Date the Campaign was created
+ ```completed_date``` : 2015-1-1T01:02:03.000000Z (datetime) - Date the Campaign was completed
+ ```template``` : [Template](#templates)
+ ```page``` : [Page](#pages) (required) - Landing page for users who click the phishing link
+ ```status``` : Emails Sent (string) - The current status of the campaign
+ ```results``` : array[Result] - List of Results for the campaign
+ ```timeline``` : array[Event] - List of Events for the campaign
+ ```smtp``` : [SendingProfile](#sending-profiles)
+ ```url``` : http://foo.bar (required, string) - The URL used in the Template sent to us
ers
The results of the campaign are stored in the ```results``` field. Each result has the following attributes:
+ ```id``` : 1 (number, required) - Unique identifier
+ ```email``` : foo@example.com - Email address of the target
+ ```first_name``` : John - First name of the target
+ ```last_name``` : Doe - Last name of the target
+ ```status``` : Email Sent - The status of the result
+ ```ip``` : 1.2.3.4 - The IP address that created the event (if any)
+ ```latitude``` : 0.0000- The latitude of the IP address
+ ```longitude``` : 0.0000 - The longitude of the IP address
Each campaign also keeps a timeline of events that occur, such as clicking a link, opening an email, etc. These events each have the following attributes:
+ ```email``` : foo@example.com - Email address of the target
+ ```time``` : 2015-1-1T01:02:03.000000Z (datetime) - The timestamp the event was created
+ ```message``` : Campaign Created (string) - The event message
+ Response 200 (application/json)
+ Attributes (array[Campaign])
+ Response 404 (application/json)
+ Body
[]
### Create New Campaign [POST]
Create a new campaign.
+ Attributes (Campaign)
+ Request (application/json)
+ Response 201 (application/json)
+ Attributes (Campaign)
+ Response 400 (application/json)
+ Attributes (BadRequestResponse)
## Campaign [/campaigns/{id}]
### Get Campaign [GET]
Get a campaign by its ID.
+ Parameters
+ id: `1` (number, required) - The Campaign ID
+ Response 200 (application/json)
+ Attributes (Campaign)
+ Response 404 (application/json)
+ Body
{
"message": "Campaign not found",
"success": false,
"data": null
}
### Delete a Campaign [DELETE]
Delete a campaign by its ID.
+ Parameters
+ id: `1` (number, required) - The Campaign ID
+ Response 200 (application/json)
+ Body
{
"message": "Campaign deleted successfully!",
"success": true,
"data": null
}
+ Response 404 (application/json)
+ Body
{
"message": "Campaign not found",
"success": false,
"data": null
}
# Group Templates
## Templates [/templates/]
### Get Templates [GET]
Get a list of templates.
Templates define what email content is sent to targets during campaigns. It contains the subject of the email as well as the HTML and text content of the email.
+ ```id```: 1 (number, required) - Unique identifier
+ ```name```: Example Template (string, required) - Name of template
+ ```subject```: Example email template subject (string) - Subject of email sent to users
+ ```text```: `This is a test message!` (string) - Raw text of email sent to users
+ ```html```: `<html><head></head><body>This is a test message!</body></html>` (string) - HTML of email sent to users
+ ```attachments```: array[Attachment] - The attachments sent with the email template
+ ```modified_date```: `2015-01-01T01:02:03.000000Z` (string) - Date the Template was last modified
You can also attach files or payloads to the emails that you send. These are attached as a list of Attachment objects.
Attachments have the following attributes:
+ ```id```: 1 (required, number) - Unique identifier
+ ```name```: Example Attachment (required) - Filename of Attachment
+ ```content```: Base64 encoded attachment content
+ ```type```: `text/plain` - MIME type of the Attachment
+ Response 200 (application/json)
+ Attributes (array[Template])
+ Response 404 (application/json)
+ Body
[]
### Create New Template [POST]
Create a new template
::: note
**Importing an Existing Email**
What better way to make pixel-perfect emails than by importing an existing email you already have sitting in your inbox?
Using the [Import Email](#import-email) endpoint, you can take a raw email and import it as a template into gophish.
:::
+ Request (application/json)
+ Attributes (Template)
+ Response 201 (application/json)
+ Attributes (Template)
+ Response 400 (application/json)
+ Attributes (BadRequestResponse)
## Template [/templates/{id}]
### Get Template [GET]
Get a template by its ID.
+ Parameters
+ id: `1` (number, required) - The Template ID
+ Response 200 (application/json)
+ Attributes (Template)
+ Response 404 (application/json)
+ Body
{
"message": "Template not found",
"success": false,
"data": null
}
### Delete a Template [DELETE]
Delete a template by its ID.
+ Parameters
+ id: `1` (number, required) - The Template ID
+ Response 200 (application/json)
+ Body
{
"message": "Template deleted successfully!",
"success": true,
"data": null
}
+ Response 404 (application/json)
+ Body
{
"message": "Template not found",
"success": false,
"data": null
}
# Group Groups
## Groups [/groups/]
### Get Groups [GET]
Get a list of groups.
Groups contain the details for one or more users targeted in the simulated phishing campaign. Groups contain the following attributes:
+ ```id```: 1 (required, number) - Unique identifier
+ ```name```: Example Group (required) - Name of the Group
+ ```modified_date```: `2015-01-01T01:02:03.000000Z` (string) - Date the Group was last modified
+ ```targets```: Attributes (array[Target]) (required) - The targets in the group
Each target contains the following attributes:
+ ```id```: 1 (required, number) - Unique identifier
+ ```first_name```: John - First name of Target
+ ```last_name```: Doe - Last name of Target
+ ```email```: john.doe@example.com - Email address of Target
+ ```position```: System Administrator - Company position of the Target
::: note
**Have A Lot of Users to Import?**
If you have all your targets in a CSV file, you can bulk import them into a group using the [Import CSV](#import-group) endpoint.
In the future, we plan to add other importation methods to make setting up groups a breeze.
:::
+ Response 200 (application/json)
+ Attributes (array[Group])
+ Response 404 (application/json)
+ Body
[]
### Create New Group [POST]
Create a new group
+ Request (application/json)
+ Attributes (Group)
+ Response 201 (application/json)
+ Attributes (Group)
+ Response 400 (application/json)
+ Attributes (BadRequestResponse)
## Group [/groups/{id}]
### Get Group [GET]
Get a group by its ID.
+ Parameters
+ id: `1` (number, required) - The Group ID
+ Response 200 (application/json)
+ Attributes (Group)
+ Response 404 (application/json)
+ Body
{
"message": "Group not found",
"success": false,
"data": null
}
### Delete a Group [DELETE]
Delete a Group by its ID.
+ Parameters
+ id: `1` (number, required) - The Template ID
+ Response 200 (application/json)
+ Body
{
"message": "Group deleted successfully!",
"success": true,
"data": null
}
+ Response 404 (application/json)
+ Body
{
"message": "Group not found",
"success": false,
"data": null
}
# Group Sending Profiles
## Sending Profiles [/smtp/]
### Get Sending Profiles [GET]
Get a list of sending profiles.
Sending profiles contain the details for SMTP or other settings used to control how emails are sent in campaigns. Sending profiles contain the following attributes:
+ ```id```: 1 (required, number) - Unique identifier
+ ```name```: Example Profile (string, required) - Name of the Sending Profile
+ ```interface```: SMTP (string) - Interface type of the sending profile. By default, this is "SMTP"
+ ```host```: 1.1.1.1:25 (string, required) - The hostname:port for the SMTP configuration
+ ```username```: foo (string) - The username to authenticate to the SMTP server (optional)
+ ```password```: bar (string) - The password to authenticate to the SMTP server (optional)
+ ```from_address```: Foo Bar <foo.bar@example.com> (string) - The email address to use in the "From" header. This is typically used to spoof email addresses
+ ```ignore_cert_errors```: false (boolean) - Whether or not to disable certificate validation when connecting to the SMTP server via TLS
+ ```modified_date```: `2015-01-01T01:02:03.000000Z` (string) - Date the Group was last modified
::: note
**Receiving Certificate Errors?**
It's common to have an SMTP server that is configured using a self-signed or otherwise untrusted SSL certficate. To avoid errors when connecting to the server, set ```ignore_cert_errors``` to "true".
:::
+ Response 200 (application/json)
+ Attributes (array[SendingProfile])
+ Response 404 (application/json)
+ Body
[]
### Create New Sending Profile [POST]
Create a new sending profile
+ Request (application/json)
+ Attributes (SendingProfile)
+ Response 201 (application/json)
+ Attributes (SendingProfile)
+ Response 400 (application/json)
+ Attributes (BadRequestResponse)
## Sending Profile [/smtp/{id}]
### Get Sending Profile [GET]
Get a sending profile by its ID.
+ Parameters
+ id: `1` (number, required) - The sending profile ID
+ Response 200 (application/json)
+ Attributes (SendingProfile)
+ Response 404 (application/json)
+ Body
{
"message": "SMTP not found",
"success": false,
"data": null
}
### Delete a Sending Profile [DELETE]
Delete a Sending Profile by its ID.
+ Parameters
+ id: `1` (number, required) - The Sending Profile ID
+ Response 200 (application/json)
+ Body
{
"message": "SMTP deleted successfully!",
"success": true,
"data": null
}
+ Response 404 (application/json)
+ Body
{
"message": "SMTP not found",
"success": false,
"data": null
}
# Group Pages
## Pages [/pages/]
### Get Pages [GET]
Get a list of pages.
Pages are the HTML page that a user lands on after clicking on a phishing link.
+ ```id```: 1 (required, number) - Unique identifier
+ ```name```: Example Page (required, string) - Name of Page
+ ```html```: `<html><head></head><body>This is a test message!</body></html>` (required, string) - HTML of the landing page users hit when clicking links in the email template
+ ```modified_date```: `2015-01-01T01:02:03.000000Z` (string) - Date the Page was last modified
::: note
**Importing a Site**
Let gophish do the hard work for you in importing a site. By using the [Import Site](#import-site) endpoint, you can simply give gophish a URL and have the site imported for you.
:::
+ Response 200 (application/json)
+ Attributes (array[Page])
+ Response 404 (application/json)
+ Body
[]
### Create New Page [POST]
Create a new page
+ Request (application/json)
+ Attributes (Page)
+ Response 201 (application/json)
+ Attributes (Page)
+ Response 400 (application/json)
+ Attributes (BadRequestResponse)
## Page [/pages/{id}]
### Get Page [GET]
Get a page by its ID.
+ Parameters
+ id: `1` (number, required) - The Page ID
+ Response 200 (application/json)
+ Attributes (Page)
+ Response 404 (application/json)
+ Body
{
"message": "Page not found",
"success": false,
"data": null
}
### Put Page [PUT]
Modify a page by its ID.
+ Request
+ Attributes (Page)
+ Response 200 (application/json)
+ Attributes (Page)
+ Response 404 (application/json)
+ Body
{
"message": "Page not found",
"success": false,
"data": null
}
+ Response 400 (application/json)
+ Attributes (BadRequestResponse)
### Delete a Page [DELETE]
Delete a page by its ID.
+ Parameters
+ id: `1` (number, required) - The Page ID
+ Response 200 (application/json)
+ Body
{
"message": "Page deleted successfully!",
"success": true,
"data": null
}
+ Response 404 (application/json)
+ Body
{
"message": "Page not found",
"success": false,
"data": null
}
# Group Import
Import functions facilitate the ability to import emails, groups and more using simple interfaces.
## Group [/import/group]
### Import a Group [POST]
This endpoint allows you to import a group from a CSV.
The fields expected in the CSV are as follows:
+ First Name
+ Last Name
+ Position
+ Email
+ Company
+ Request (multipart/form-data; boundary=----BOUNDARY)
+ Body
------BOUNDARY
Content-Disposition: form-data; name="files[]"; filename="filename.csv"
Content-Type: application/vnd.ms-excel
[File Content]
------BOUNDARY
+ Response 201 (application/json)
+ Attributes (array[Target])
+ Response 400 (application/json)
+ Attributes (BadRequestResponse)
## Email [/import/email]
### Import an Email [POST]
This endpoint allows you to parse and import an email in RFC 5322 format.
You can use this endpoint to easily import an email that you have received legitimately to re-use it for simulated phishing.
+ Request (text/plain)
+ Body
MIME-Version: 1.0
Date: Fri, 25 Dec 2015 21:22:28 -0600
Subject: Foo Bar
From: John Doe <john.doe@example.com>
To: Jane Doe <jane.doe@example.com>
Content-Type: multipart/alternative; boundary=14dae9473639dc6b2a0527c4945f
--14dae9473639dc6b2a0527c4945f
Content-Type: text/plain; charset=UTF-8
Foo bar
--14dae9473639dc6b2a0527c4945f
Content-Type: text/html; charset=UTF-8
<div dir="ltr">Foo bar</div>
--14dae9473639dc6b2a0527c4945f--
+ Response 201 (application/json)
+ Attributes (ImportEmailResponse)
+ Response 400 (application/json)
+ Attributes (BadRequestResponse)
## Site [/import/site]
### Import a Site [POST]
Imports a site via the URL. This causes gophish to reach out to the site and pull down the HTML of the URL given.
To keep styles, images, and Javascript setup and working, gophish adds a ```base``` tag to the returned HTML pointing to the original site.
+ Request (application/json)
+ Attributes (ImportSiteRequest)
+ Response 201 (application/json)
+ Attributes (ImportSiteResponse)
+ Response 400 (application/json)
+ Attributes (BadRequestResponse)
# Data Structures
## Target (object)
+ id: 1 (number, required) - Unique identifier
+ first_name: John - First name of Target
+ last_name: Doe - Last name of Target
+ email: john.doe@example.com - Email address of Target
+ position: System Administrator - Company position of the Target
## Group (object)
+ id: 1 (number, required) - Unique identifier
+ name: Example Group (required) - Name of the Group
+ modified_date: `2015-01-01T01:02:03.000000Z` (string) - Date the Group was last modified
+ targets: array[Target] (required) - The targets in the group
## Attachment (object)
+ id: 1 (number, required) - Unique identifier
+ name: Example Attachment (string, required) - Filename of Attachment
+ content: (string, required) - Base64 encoded attachment content
+ type: `text/plain` (string, required) - MIME type of the Attachment
## Template (object)
+ id: 1 (number, required) - Unique identifier
+ name: Example Template (string, required) - Name of template
+ subject: Example email template subject (string) - Subject of email sent to users
+ text: `This is a test message!` (string) - Raw text of email sent to users
+ html: `<html><head></head><body>This is a test message!</body></html>`(string) - HTML of email sent to users
+ attachments: (array[Attachment]) - The attachments sent with the email template
+ modified_date: `2015-01-01T01:02:03.000000Z` (string) - Date the Template was last modified
## Page (object)
+ id: 1 (number, required) - Unique identifier
+ name: Example Page (string, required) - Name of Page
+ html: `<html><head></head><body>This is a test message!</body></html>` (required, string) - HTML of the landing page users hit when clicking links in the email template
+ modified_date: `2015-01-01T01:02:03.000000Z` (string) - Date the Page was last modified
## Result (object)
+ id: 1 (number, required) - Unique identifier
+ email: foo@example.com - The email address of the target
+ first_name: John - First name of the target
+ last_name: Doe - Last name of the target
+ status: Email Sent - The status of the result
+ ip: 1.2.3.4 - The IP address that created the event (if any)
+ latitude: 0.00000 (number) - The latitude of the IP address
+ longitude: 0.00000 (number) - The longitude of the IP address
## Event (object)
+ id: 1 (number, required) - Unique identifier
+ email: foo@example.com (required) - The email address of the target
+ time: `2015-01-01T01:02:03.000000Z` (string) - Date the event was generated
+ message: Campaign Created (string) - The description of the event
## SendingProfile (object)
+ id: 1 (number, required) - Unique identifier
+ host: smtp.example.com:25 (required) - The hostname and port for the SMTP server
+ username: foo (string, required) - The username used for SMTP authentication
+ password: bar (string, required) - The password used for SMTP authentication
+ from_address: John Doe <foo@example.com> (string, required) - The "From" address to spoof
+ ignore_cert_errors: false (boolean) - Whether or not to ignore certificate errors
## Campaign (object)
+ id: 1 (number, required) - Unique identifier
+ name: Example Campaign (required) - Title of Campaign
+ created_date: `2015-01-01T01:02:03.000000Z` (string) - Date the Campaign was created
+ completed_date: `2015-01-01T01:02:03.000000Z` (string) - Date the Campaign was completed
+ template: (Template) (required) - Email template to use in Campaign
+ page: (Page) (required) - Landing page for users who click the phishing link
+ status: Emails Sent (required, string) - The current status of the campaign
+ results: (array[Result]) - The results of the campaign
+ timeline: (array[Event]) - The event timeline
+ smtp: (SendingProfile) - The Sending Profile settings used in the campaign
+ url: http://foo.bar (string, required) - The URL used in the Template sent to users
## ImportSiteRequest (object)
+ url: http://foo.bar (string, required) - The URL to be retrieved
## ImportSiteResponse (object)
+ html: `<html><head></head><body>This is a test message!</body></html>` (string, required) - HTML of the requested URL.
## ImportEmailResponse (object)
+ text: Foo bar (string) - The email text part
+ html: "\u003cdiv\u003eFoo bar\u003c/div\u003e" (string) - The email HTML part
+ subject: Foo Bar (string) - The email subject
## BadRequestResponse (object)
+ message: Error message (string) - The detailed error message
+ success: false (boolean) - The success status of the request
+ data: Any associated data

142
templates/landing_pages.html
View File

@ -17,10 +17,13 @@
</li>
<li><a href="/settings">Settings</a>
</li>
<li><hr></li>
<li><a href="https://gophish.gitbooks.io/user-guide/content/">User Guide</a>
<li>
<hr>
</li>
<li><a href="/api/">API Documentation</a>
<li>
<a href="https://docs.getgophish.com/user-guide/">User Guide</a>
</li>
<li><a href="https://docs.getgophish.com/api-documentation/">API Documentation</a>
</li>
</ul>
</div>
@ -32,7 +35,8 @@
</h1>
<div id="flashes" class="row"></div>
<div class="row">
<button type="button" class="btn btn-primary" onclick="edit(-1)" data-toggle="modal" data-target="#modal"><i class="fa fa-plus"></i> New Page</button>
<button type="button" class="btn btn-primary" onclick="edit(-1)" data-toggle="modal" data-target="#modal"><i
class="fa fa-plus"></i> New Page</button>
</div>
&nbsp;
<div id="loading">
@ -59,83 +63,89 @@
</div>
<!-- Modal -->
<div class="modal fade" id="modal" tabindex="-1" role="dialog" aria-labelledby="modalLabel">
<div class="modal-dialog" role="document">
<div class="modal-content">
<!-- New Template Modal -->
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close" onclick="dismiss()"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title" id="modalLabel">New Landing Page</h4>
</div>
<div class="modal-body">
<div class="row" id="modal.flashes"></div>
<label class="control-label" for="name">Name:</label>
<div class="form-group">
<input type="text" class="form-control" placeholder="Page name" id="name" autofocus/>
<div class="modal-dialog" role="document">
<div class="modal-content">
<!-- New Template Modal -->
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close" onclick="dismiss()"><span
aria-hidden="true">&times;</span></button>
<h4 class="modal-title" id="modalLabel">New Landing Page</h4>
</div>
<div class="form-group">
<button class="btn btn-danger" data-toggle="modal" data-target="#importSiteModal"><i class="fa fa-globe"></i> Import Site</button>
</div>
<!-- Nav tabs -->
<ul class="nav nav-tabs" role="tablist">
<li class="active" role="html"><a href="#html" aria-controls="html" role="tab" data-toggle="tab">HTML</a></li>
</ul>
<!-- Tab panes -->
<div class="tab-content">
<div role="tabpanel" class="tab-pane active" id="html">
<textarea id="html_editor"></textarea>
</div>
</div>
<div class="checkbox checkbox-primary">
<input id="capture_credentials_checkbox" type="checkbox">
<label for="capture_credentials_checkbox">Capture Submitted Data <i class="fa fa-question-circle" data-toggle="tooltip" data-placement="right" title="If the landing page contains a form, submitted input (except passwords!) will be captured."></i></label>
</div>
<div class="checkbox checkbox-primary" id="capture_passwords">
<input id="capture_passwords_checkbox" type="checkbox">
<label for="capture_passwords_checkbox">Capture Passwords</label>
<div class="alert alert-warning">
<i class="fa fa-exclamation-circle"></i> <b>Warning:</b> Credentials are currently <b>not encrypted</b>. This means that captured passwords are stored in the database as cleartext. Be careful with this!
</div>
</div>
<div id="redirect_url">
<label class="control-label" for="redirect_url_input">Redirect to: <i class="fa fa-question-circle" data-toggle="tooltip" data-placement="right" title="This option lets you redirect the user to a page after credentials are submitted."></i></label>
<div class="modal-body">
<div class="row" id="modal.flashes"></div>
<label class="control-label" for="name">Name:</label>
<div class="form-group">
<input id="redirect_url_input" class="form-control" placeholder="http://example.com"/>
<input type="text" class="form-control" placeholder="Page name" id="name" autofocus />
</div>
<div class="form-group">
<button class="btn btn-danger" data-toggle="modal" data-target="#importSiteModal"><i class="fa fa-globe"></i>
Import Site</button>
</div>
<!-- Nav tabs -->
<ul class="nav nav-tabs" role="tablist">
<li class="active" role="html"><a href="#html" aria-controls="html" role="tab" data-toggle="tab">HTML</a></li>
</ul>
<!-- Tab panes -->
<div class="tab-content">
<div role="tabpanel" class="tab-pane active" id="html">
<textarea id="html_editor"></textarea>
</div>
</div>
<div class="checkbox checkbox-primary">
<input id="capture_credentials_checkbox" type="checkbox">
<label for="capture_credentials_checkbox">Capture Submitted Data <i class="fa fa-question-circle"
data-toggle="tooltip" data-placement="right" title="If the landing page contains a form, submitted input (except passwords!) will be captured."></i></label>
</div>
<div class="checkbox checkbox-primary" id="capture_passwords">
<input id="capture_passwords_checkbox" type="checkbox">
<label for="capture_passwords_checkbox">Capture Passwords</label>
<div class="alert alert-warning">
<i class="fa fa-exclamation-circle"></i> <b>Warning:</b> Credentials are currently <b>not
encrypted</b>. This means that captured passwords are stored in the database as cleartext.
Be careful with this!
</div>
</div>
<div id="redirect_url">
<label class="control-label" for="redirect_url_input">Redirect to: <i class="fa fa-question-circle"
data-toggle="tooltip" data-placement="right" title="This option lets you redirect the user to a page after credentials are submitted."></i></label>
<div class="form-group">
<input id="redirect_url_input" class="form-control" placeholder="http://example.com" />
</div>
</div>
</div>
</div>
<div class="modal-footer">
<button type="button" data-dismiss="modal" class="btn btn-default" onclick="dismiss()">Cancel</button>
<button type="button" class="btn btn-primary" id="modalSubmit">Save Page</button>
<div class="modal-footer">
<button type="button" data-dismiss="modal" class="btn btn-default" onclick="dismiss()">Cancel</button>
<button type="button" class="btn btn-primary" id="modalSubmit">Save Page</button>
</div>
</div>
</div>
</div>
</div>
<!-- Modal -->
<div class="modal fade" id="importSiteModal" tabindex="-1" role="dialog" aria-labelledby="importSiteModalLabel">
<div class="modal-dialog" role="document">
<div class="modal-content">
<!-- New Template Modal -->
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title" id="importSiteModalLabel">Import Site</h4>
</div>
<div class="modal-body">
<div class="row" id="modal.flashes"></div>
<label class="control-label" for="url">URL:</label>
<div class="form-group">
<input type="text" class="form-control" placeholder="http://google.com" id="url" autofocus/>
<div class="modal-dialog" role="document">
<div class="modal-content">
<!-- New Template Modal -->
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
<h4 class="modal-title" id="importSiteModalLabel">Import Site</h4>
</div>
<div class="modal-body">
<div class="row" id="modal.flashes"></div>
<label class="control-label" for="url">URL:</label>
<div class="form-group">
<input type="text" class="form-control" placeholder="http://google.com" id="url" autofocus />
</div>
</div>
<div class="modal-footer">
<button type="button" data-dismiss="modal" class="btn btn-default">Cancel</button>
<button type="button" class="btn btn-primary" id="modalSubmit" onclick="importSite()">Import</button>
</div>
</div>
<div class="modal-footer">
<button type="button" data-dismiss="modal" class="btn btn-default">Cancel</button>
<button type="button" class="btn btn-primary" id="modalSubmit" onclick="importSite()">Import</button>
</div>
</div>
</div>
</div>
{{end}}
{{define "scripts"}}
<script src="/js/src/vendor/ckeditor/ckeditor.js"></script>
<script src="/js/src/vendor/ckeditor/adapters/jquery.js"></script>
<script src="/js/dist/app/landing_pages.min.js"></script>
{{end}}
{{end}}

49
templates/sending_profiles.html
View File

@ -17,10 +17,13 @@
</li>
<li><a href="/settings">Settings</a>
</li>
<li><hr></li>
<li><a href="https://gophish.gitbooks.io/user-guide/content/">User Guide</a>
<li>
<hr>
</li>
<li><a href="/api/">API Documentation</a>
<li>
<a href="https://docs.getgophish.com/user-guide/">User Guide</a>
</li>
<li><a href="https://docs.getgophish.com/api-documentation/">API Documentation</a>
</li>
</ul>
</div>
@ -32,7 +35,8 @@
</h1>
<div id="flashes" class="row"></div>
<div class="row">
<button type="button" class="btn btn-primary" onclick="edit(-1)" data-toggle="modal" data-target="#modal"><i class="fa fa-plus"></i> New Profile</button>
<button type="button" class="btn btn-primary" onclick="edit(-1)" data-toggle="modal" data-target="#modal"><i
class="fa fa-plus"></i> New Profile</button>
</div>
&nbsp;
<div id="loading">
@ -64,27 +68,30 @@
<div class="modal-content">
<!-- New Template Modal -->
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close" onclick="dismiss()"><span aria-hidden="true">&times;</span></button>
<button type="button" class="close" data-dismiss="modal" aria-label="Close" onclick="dismiss()"><span
aria-hidden="true">&times;</span></button>
<h4 class="modal-title" id="profileModalLabel">New Sending Profile</h4>
</div>
<div class="modal-body">
<div class="row" id="modal.flashes"></div>
<div class="form-group">
<label class="control-label" for="name">Name:</label>
<input type="text" class="form-control" placeholder="Profile name" id="name" autofocus/>
<input type="text" class="form-control" placeholder="Profile name" id="name" autofocus />
<label class="control-label" for="interface_type">Interface Type:</label>
<input type="text" class="form-control" value="SMTP" id="interface_type" disabled/>
<input type="text" class="form-control" value="SMTP" id="interface_type" disabled />
<label class="control-label" for="from">From:</label>
<input type="text" class="form-control" placeholder="First Last <test@example.com>" id="from" required/>
<input type="text" class="form-control" placeholder="First Last <test@example.com>" id="from"
required />
<label class="control-label" for="host">Host:</label>
<input type="text" class="form-control" placeholder="smtp.example.com:25" id="host" required/>
<input type="text" class="form-control" placeholder="smtp.example.com:25" id="host" required />
<label class="control-label" for="username">Username:</label>
<input type="text" class="form-control" placeholder="Username" id="username"/>
<input type="text" class="form-control" placeholder="Username" id="username" />
<label class="control-label" for="password">Password:</label>
<input type="password" class="form-control" placeholder="Password" id="password"/>
<input type="password" class="form-control" placeholder="Password" id="password" />
<div class="checkbox checkbox-primary">
<input id="ignore_cert_errors" type="checkbox" checked>
<label for="ignore_cert_errors">Ignore Certificate Errors <i class="fa fa-question-circle" data-toggle="tooltip" data-placement="right" title="Ignore common certificate errors such as self-signed certs (exposes you to MiTM attacks - use carefully!)"></i></label>
<label for="ignore_cert_errors">Ignore Certificate Errors <i class="fa fa-question-circle"
data-toggle="tooltip" data-placement="right" title="Ignore common certificate errors such as self-signed certs (exposes you to MiTM attacks - use carefully!)"></i></label>
</div>
<label class="control-label" for="headersForm">Email Headers:</label>
<form id="headersForm">
@ -92,10 +99,11 @@
<input type="text" class="form-control" name="headerKey" id="headerKey" placeholder="X-Custom-Header">
</div>
<div class="col-md-4">
<input type="text" class="form-control" name="headerValue" id="headerValue" placeholder="{{"{{"}}.URL{{"}}"}}-gophish">
<input type="text" class="form-control" name="headerValue" id="headerValue" placeholder='{{"{{"}}.URL{{"}}"}}-gophish'>
</div>
<div class="col-md-2">
<button class="btn btn-danger btn-headers" type="submit"><i class="fa fa-plus"></i> Add Custom Header</button>
<button class="btn btn-danger btn-headers" type="submit"><i class="fa fa-plus"></i> Add
Custom Header</button>
</div>
</form>
<br />
@ -107,11 +115,12 @@
<th>Value</th>
<th class="no-sort"></th>
</tr>
</thead>
</thead>
<tbody>
</tbody>
</table>
<button type="button" data-toggle="modal" data-target="#sendTestEmailModal" class="btn btn-primary"><i class="fa fa-envelope"></i> Send Test Email</button>
<button type="button" data-toggle="modal" data-target="#sendTestEmailModal" class="btn btn-primary"><i
class="fa fa-envelope"></i> Send Test Email</button>
</div>
</div>
<div class="modal-footer">
@ -153,12 +162,12 @@
</div>
<div class="modal-footer">
<button type="button" data-dismiss="modal" class="btn btn-default">Cancel</button>
<button type="button" class="btn btn-primary" id="sendTestModalSubmit" onclick="sendTestEmail()"><i class="fa fa-envelope"></i> Send</button>
<button type="button" class="btn btn-primary" id="sendTestModalSubmit" onclick="sendTestEmail()"><i
class="fa fa-envelope"></i> Send</button>
</div>
</div>
</div>
</div>
{{end}}
{{define "scripts"}}
{{end}} {{define "scripts"}}
<script src="/js/dist/app/sending_profiles.min.js"></script>
{{end}}
{{end}}

24
templates/settings.html
View File

@ -20,9 +20,10 @@
<li>
<hr>
</li>
<li><a href="https://gophish.gitbooks.io/user-guide/content/">User Guide</a>
<li>
<a href="https://docs.getgophish.com/user-guide/">User Guide</a>
</li>
<li><a href="/api/">API Documentation</a>
<li><a href="https://docs.getgophish.com/api-documentation/">API Documentation</a>
</li>
</ul>
</div>
@ -35,31 +36,33 @@
<div id="flashes" class="row"></div>
<!-- Nav tabs -->
<ul class="nav nav-tabs" role="tablist">
<li class="active" role="mainSettings"><a href="#mainSettings" aria-controls="mainSettings" role="tab" data-toggle="tab">Account Settings</a></li>
<li class="active" role="mainSettings"><a href="#mainSettings" aria-controls="mainSettings" role="tab"
data-toggle="tab">Account Settings</a></li>
<li role="uiSettings"><a href="#uiSettings" aria-controls="uiSettings" role="tab" data-toggle="tab">UI Settings</a></li>
</ul>
<!-- Tab Panes -->
<div class="tab-content">
<div role="tabpanel" class="tab-pane active" id="mainSettings">
<br/>
<br />
<div class="row">
<label class="col-sm-2 control-label form-label">Gophish version</label>
<div class="col-md-6">
<label class="form-label">{{.Version}}</label>
</div>
</div>
<br/>
<br />
<div class="row">
<label class="col-sm-2 control-label form-label">Register a New User</label>
<div class="col-md-6">
<a href="/register" class="btn btn-primary"><i class="fa fa-plus"></i> Add User</a>
</div>
</div>
<br/>
<br />
<div class="row">
<label for="api_key" class="col-sm-2 control-label form-label">API Key:</label>
<div class="col-md-6">
<input type="text" id="api_key" onclick="this.select();" value="{{.User.ApiKey}}" class="form-control" readonly/>
<input type="text" id="api_key" onclick="this.select();" value="{{.User.ApiKey}}" class="form-control"
readonly />
</div>
<form id="apiResetForm">
<button class="btn btn-primary"><i class="fa fa-refresh" type="submit"></i> Reset</button>
@ -92,17 +95,18 @@
<div class="row">
<label for="confirm_new_password" class="col-sm-2 control-label form-label">Confirm New Password:</label>
<div class="col-md-6">
<input type="password" id="confirm_new_password" name="confirm_new_password" autocomplete="off" class="form-control" />
<input type="password" id="confirm_new_password" name="confirm_new_password" autocomplete="off"
class="form-control" />
</div>
</div>
<input type="hidden" name="csrf_token" value="{{.Token}}" />
<br />
<button class="btn btn-primary" type="submit"><i class="fa fa-save"></i> Save</button>
</form>
<br/>
<br />
</div>
<div role="tabpanel" class="tab-pane" id="uiSettings">
<br/>
<br />
<div class="checkbox checkbox-primary">
<input id="use_map" type="checkbox">
<label for="use_map">Show campaign results map</label>

23
templates/templates.html
View File

@ -17,10 +17,13 @@
</li>
<li><a href="/settings">Settings</a>
</li>
<li><hr></li>
<li><a href="https://gophish.gitbooks.io/user-guide/content/">User Guide</a>
<li>
<hr>
</li>
<li><a href="/api/">API Documentation</a>
<li>
<a href="https://docs.getgophish.com/user-guide/">User Guide</a>
</li>
<li><a href="https://docs.getgophish.com/api-documentation/">API Documentation</a>
</li>
</ul>
</div>
@ -34,7 +37,8 @@
</div>
<div id="flashes" class="row"></div>
<div class="row">
<button type="button" class="btn btn-primary" onclick="edit(-1)" data-toggle="modal" data-target="#modal"><i class="fa fa-plus"></i> New Template</button>
<button type="button" class="btn btn-primary" onclick="edit(-1)" data-toggle="modal" data-target="#modal"><i
class="fa fa-plus"></i> New Template</button>
</div>
&nbsp;
<div id="loading">
@ -65,17 +69,20 @@
<div class="modal-content">
<!-- New Template Modal -->
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close" onclick="dismiss()"><span aria-hidden="true">&times;</span></button>
<button type="button" class="close" data-dismiss="modal" aria-label="Close" onclick="dismiss()"><span
aria-hidden="true">&times;</span></button>
<h4 class="modal-title" id="templateModalLabel">New Template</h4>
</div>
<div class="modal-body">
<div class="row" id="modal.flashes"></div>
<label class="control-label" for="name">Name:</label>
<div class="form-group">
<input type="text" class="form-control" ng-model="template.name" placeholder="Template name" id="name" autofocus/>
<input type="text" class="form-control" ng-model="template.name" placeholder="Template name" id="name"
autofocus />
</div>
<div class="form-group">
<button class="btn btn-danger" data-toggle="modal" data-target="#importEmailModal"><i class="fa fa-envelope"></i> Import Email</button>
<button class="btn btn-danger" data-toggle="modal" data-target="#importEmailModal"><i class="fa fa-envelope"></i>
Import Email</button>
</div>
<label class="control-label" for="subject">Subject:</label>
<div class="form-group">
@ -158,4 +165,4 @@
<script src="/js/src/vendor/ckeditor/ckeditor.js"></script>
<script src="/js/src/vendor/ckeditor/adapters/jquery.js"></script>
<script src="/js/dist/app/templates.min.js"></script>
{{end}}
{{end}}

14
templates/users.html
View File

@ -28,10 +28,10 @@
<hr>
</li>
<li>
<a href="https://gophish.gitbooks.io/user-guide/content/">User Guide</a>
<a href="https://docs.getgophish.com/user-guide/">User Guide</a>
</li>
<li>
<a href="/api/">API Documentation</a>
<a href="https://docs.getgophish.com/api-documentation/">API Documentation</a>
</li>
</ul>
</div>
@ -86,10 +86,12 @@
<div class="row" id="modal.flashes"></div>
<label class="control-label" for="name">Name:</label>
<div class="form-group">
<input type="text" class="form-control" ng-model="group.name" placeholder="Group name" id="name" autofocus/>
<input type="text" class="form-control" ng-model="group.name" placeholder="Group name" id="name"
autofocus />
</div>
<div class="form-group">
<span class="btn btn-danger btn-file" data-toggle="tooltip" data-placement="right" title="Supports CSV files" id="fileUpload">
<span class="btn btn-danger btn-file" data-toggle="tooltip" data-placement="right" title="Supports CSV files"
id="fileUpload">
<i class="fa fa-plus"></i> Bulk Import Users
<input type="file" id="csvupload" multiple>
</span>
@ -125,8 +127,8 @@
<th>Email</th>
<th>Position</th>
<th class="no-sort"></th>
<tbody>
</tbody>
<tbody>
</tbody>
</table>
</div>
<div class="modal-footer">