mirror of https://github.com/gophish/gophish
Moved documentation links to point to docs.getgophish.com.
parent
d6cbc1a936
commit
abafe3526b
|
@ -9,7 +9,6 @@ import (
|
|||
"net/http"
|
||||
"strconv"
|
||||
"strings"
|
||||
"text/template"
|
||||
"time"
|
||||
|
||||
"github.com/PuerkitoBio/goquery"
|
||||
|
@ -33,19 +32,6 @@ func init() {
|
|||
go Worker.Start()
|
||||
}
|
||||
|
||||
// API (/api) provides access to api documentation
|
||||
func API(w http.ResponseWriter, r *http.Request) {
|
||||
switch {
|
||||
case r.Method == "GET":
|
||||
templates := template.New("template")
|
||||
_, err := templates.ParseFiles("templates/docs.html")
|
||||
if err != nil {
|
||||
log.Error(err)
|
||||
}
|
||||
template.Must(templates, err).ExecuteTemplate(w, "base", nil)
|
||||
}
|
||||
}
|
||||
|
||||
// API (/api/reset) resets a user's API key
|
||||
func API_Reset(w http.ResponseWriter, r *http.Request) {
|
||||
switch {
|
||||
|
|
|
@ -36,7 +36,6 @@ func CreateAdminRouter() http.Handler {
|
|||
// Create the API routes
|
||||
api := router.PathPrefix("/api").Subrouter()
|
||||
api = api.StrictSlash(true)
|
||||
api.HandleFunc("/", Use(API, mid.RequireLogin))
|
||||
api.HandleFunc("/reset", Use(API_Reset, mid.RequireAPIKey))
|
||||
api.HandleFunc("/campaigns/", Use(API_Campaigns, mid.RequireAPIKey))
|
||||
api.HandleFunc("/campaigns/summary", Use(API_Campaigns_Summary, mid.RequireAPIKey))
|
||||
|
|
|
@ -28,10 +28,10 @@
|
|||
<hr>
|
||||
</li>
|
||||
<li>
|
||||
<a href="https://gophish.gitbooks.io/user-guide/content/">User Guide</a>
|
||||
<a href="https://docs.getgophish.com/user-guide/">User Guide</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="/api/">API Documentation</a>
|
||||
<a href="https://docs.getgophish.com/api-documentation/">API Documentation</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
@ -50,8 +50,8 @@
|
|||
<i class="fa fa-arrow-circle-o-left fa-lg"></i> Back
|
||||
</a>
|
||||
<div class="btn-group">
|
||||
<button type="button" id="exportButton" class="btn btn-primary dropdown-toggle" data-toggle="dropdown" aria-haspopup="true"
|
||||
aria-expanded="true">
|
||||
<button type="button" id="exportButton" class="btn btn-primary dropdown-toggle" data-toggle="dropdown"
|
||||
aria-haspopup="true" aria-expanded="true">
|
||||
<i class="fa fa-file-excel-o"></i> Export CSV
|
||||
<i class="fa fa-caret-down"></i>
|
||||
</button>
|
||||
|
|
|
@ -28,10 +28,10 @@
|
|||
<hr>
|
||||
</li>
|
||||
<li>
|
||||
<a href="https://gophish.gitbooks.io/user-guide/content/">User Guide</a>
|
||||
<a href="https://docs.getgophish.com/user-guide/">User Guide</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="/api/">API Documentation</a>
|
||||
<a href="https://docs.getgophish.com/api-documentation/">API Documentation</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
|
|
@ -28,10 +28,10 @@
|
|||
<hr>
|
||||
</li>
|
||||
<li>
|
||||
<a href="https://gophish.gitbooks.io/user-guide/content/">User Guide</a>
|
||||
<a href="https://docs.getgophish.com/user-guide/">User Guide</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="/api/">API Documentation</a>
|
||||
<a href="https://docs.getgophish.com/api-documentation/">API Documentation</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
|
1938
templates/docs.html
1938
templates/docs.html
File diff suppressed because one or more lines are too long
|
@ -1,747 +0,0 @@
|
|||
FORMAT: 1A
|
||||
HOST: http://localhost:3333/api
|
||||
|
||||
# Gophish API
|
||||
Gophish was built from the ground-up with a JSON API that makes it easy for developers and sysadmins to automate simulated phishing campaigns.
|
||||
|
||||
These docs describe how to use the [gophish](https://github.com/gophish/gophish) API.
|
||||
|
||||
::: note
|
||||
## Authorization
|
||||
All API requests require the use of a generated API key. You can find your API key, or generate a new one, by navigating to the /settings endpoint, or clicking the "Settings" sidebar item.
|
||||
|
||||
When making requests, simply append the ```api_key=[API_KEY]``` as a GET parameter to authorize yourself to the API.
|
||||
|
||||
```http
|
||||
GET /api/campaigns/?api_key=12345678901234567890123456789012
|
||||
```
|
||||
|
||||
If no API key is provided, you'll receive the following response when attempting to make requests to API endpoints:
|
||||
|
||||
```json
|
||||
{
|
||||
"message": "API Key not set",
|
||||
"success": false,
|
||||
"data": null
|
||||
}
|
||||
```
|
||||
:::
|
||||
|
||||
# Group Campaigns
|
||||
## Campaigns [/campaigns/]
|
||||
|
||||
### Get Campaigns [GET]
|
||||
Get a list of campaigns.
|
||||
|
||||
Campaigns object contain the resources needed for gophish to launch and track a simulated phishing campaign.
|
||||
|
||||
Campaigns have the following attributes:
|
||||
|
||||
+ ```id``` : 1 (number, required) - Unique identifier
|
||||
+ ```name``` : Example Campaign (string, required) - Title of Campaign
|
||||
+ ```created_date``` : 2015-1-1T01:02:03.000000Z (datetime) - Date the Campaign was created
|
||||
+ ```completed_date``` : 2015-1-1T01:02:03.000000Z (datetime) - Date the Campaign was completed
|
||||
+ ```template``` : [Template](#templates)
|
||||
+ ```page``` : [Page](#pages) (required) - Landing page for users who click the phishing link
|
||||
+ ```status``` : Emails Sent (string) - The current status of the campaign
|
||||
+ ```results``` : array[Result] - List of Results for the campaign
|
||||
+ ```timeline``` : array[Event] - List of Events for the campaign
|
||||
+ ```smtp``` : [SendingProfile](#sending-profiles)
|
||||
+ ```url``` : http://foo.bar (required, string) - The URL used in the Template sent to us
|
||||
ers
|
||||
|
||||
The results of the campaign are stored in the ```results``` field. Each result has the following attributes:
|
||||
|
||||
+ ```id``` : 1 (number, required) - Unique identifier
|
||||
+ ```email``` : foo@example.com - Email address of the target
|
||||
+ ```first_name``` : John - First name of the target
|
||||
+ ```last_name``` : Doe - Last name of the target
|
||||
+ ```status``` : Email Sent - The status of the result
|
||||
+ ```ip``` : 1.2.3.4 - The IP address that created the event (if any)
|
||||
+ ```latitude``` : 0.0000- The latitude of the IP address
|
||||
+ ```longitude``` : 0.0000 - The longitude of the IP address
|
||||
|
||||
Each campaign also keeps a timeline of events that occur, such as clicking a link, opening an email, etc. These events each have the following attributes:
|
||||
|
||||
+ ```email``` : foo@example.com - Email address of the target
|
||||
+ ```time``` : 2015-1-1T01:02:03.000000Z (datetime) - The timestamp the event was created
|
||||
+ ```message``` : Campaign Created (string) - The event message
|
||||
|
||||
+ Response 200 (application/json)
|
||||
|
||||
+ Attributes (array[Campaign])
|
||||
|
||||
+ Response 404 (application/json)
|
||||
|
||||
+ Body
|
||||
|
||||
[]
|
||||
|
||||
### Create New Campaign [POST]
|
||||
Create a new campaign.
|
||||
|
||||
+ Attributes (Campaign)
|
||||
|
||||
+ Request (application/json)
|
||||
|
||||
+ Response 201 (application/json)
|
||||
|
||||
+ Attributes (Campaign)
|
||||
|
||||
+ Response 400 (application/json)
|
||||
|
||||
+ Attributes (BadRequestResponse)
|
||||
|
||||
## Campaign [/campaigns/{id}]
|
||||
### Get Campaign [GET]
|
||||
Get a campaign by its ID.
|
||||
|
||||
+ Parameters
|
||||
|
||||
+ id: `1` (number, required) - The Campaign ID
|
||||
|
||||
+ Response 200 (application/json)
|
||||
|
||||
+ Attributes (Campaign)
|
||||
|
||||
+ Response 404 (application/json)
|
||||
|
||||
+ Body
|
||||
|
||||
{
|
||||
"message": "Campaign not found",
|
||||
"success": false,
|
||||
"data": null
|
||||
}
|
||||
|
||||
### Delete a Campaign [DELETE]
|
||||
Delete a campaign by its ID.
|
||||
|
||||
+ Parameters
|
||||
|
||||
+ id: `1` (number, required) - The Campaign ID
|
||||
|
||||
+ Response 200 (application/json)
|
||||
|
||||
+ Body
|
||||
|
||||
{
|
||||
"message": "Campaign deleted successfully!",
|
||||
"success": true,
|
||||
"data": null
|
||||
}
|
||||
|
||||
+ Response 404 (application/json)
|
||||
|
||||
+ Body
|
||||
|
||||
{
|
||||
"message": "Campaign not found",
|
||||
"success": false,
|
||||
"data": null
|
||||
}
|
||||
|
||||
# Group Templates
|
||||
## Templates [/templates/]
|
||||
### Get Templates [GET]
|
||||
Get a list of templates.
|
||||
|
||||
Templates define what email content is sent to targets during campaigns. It contains the subject of the email as well as the HTML and text content of the email.
|
||||
|
||||
+ ```id```: 1 (number, required) - Unique identifier
|
||||
+ ```name```: Example Template (string, required) - Name of template
|
||||
+ ```subject```: Example email template subject (string) - Subject of email sent to users
|
||||
+ ```text```: `This is a test message!` (string) - Raw text of email sent to users
|
||||
+ ```html```: `<html><head></head><body>This is a test message!</body></html>` (string) - HTML of email sent to users
|
||||
+ ```attachments```: array[Attachment] - The attachments sent with the email template
|
||||
+ ```modified_date```: `2015-01-01T01:02:03.000000Z` (string) - Date the Template was last modified
|
||||
|
||||
You can also attach files or payloads to the emails that you send. These are attached as a list of Attachment objects.
|
||||
|
||||
Attachments have the following attributes:
|
||||
|
||||
+ ```id```: 1 (required, number) - Unique identifier
|
||||
+ ```name```: Example Attachment (required) - Filename of Attachment
|
||||
+ ```content```: Base64 encoded attachment content
|
||||
+ ```type```: `text/plain` - MIME type of the Attachment
|
||||
|
||||
+ Response 200 (application/json)
|
||||
|
||||
+ Attributes (array[Template])
|
||||
|
||||
+ Response 404 (application/json)
|
||||
|
||||
+ Body
|
||||
|
||||
[]
|
||||
|
||||
### Create New Template [POST]
|
||||
Create a new template
|
||||
|
||||
::: note
|
||||
**Importing an Existing Email**
|
||||
|
||||
What better way to make pixel-perfect emails than by importing an existing email you already have sitting in your inbox?
|
||||
|
||||
Using the [Import Email](#import-email) endpoint, you can take a raw email and import it as a template into gophish.
|
||||
:::
|
||||
|
||||
+ Request (application/json)
|
||||
|
||||
+ Attributes (Template)
|
||||
|
||||
+ Response 201 (application/json)
|
||||
|
||||
+ Attributes (Template)
|
||||
|
||||
+ Response 400 (application/json)
|
||||
|
||||
+ Attributes (BadRequestResponse)
|
||||
|
||||
## Template [/templates/{id}]
|
||||
### Get Template [GET]
|
||||
Get a template by its ID.
|
||||
|
||||
+ Parameters
|
||||
|
||||
+ id: `1` (number, required) - The Template ID
|
||||
|
||||
+ Response 200 (application/json)
|
||||
|
||||
+ Attributes (Template)
|
||||
|
||||
+ Response 404 (application/json)
|
||||
|
||||
+ Body
|
||||
|
||||
{
|
||||
"message": "Template not found",
|
||||
"success": false,
|
||||
"data": null
|
||||
}
|
||||
|
||||
### Delete a Template [DELETE]
|
||||
Delete a template by its ID.
|
||||
|
||||
+ Parameters
|
||||
|
||||
+ id: `1` (number, required) - The Template ID
|
||||
|
||||
+ Response 200 (application/json)
|
||||
|
||||
+ Body
|
||||
|
||||
{
|
||||
"message": "Template deleted successfully!",
|
||||
"success": true,
|
||||
"data": null
|
||||
}
|
||||
|
||||
+ Response 404 (application/json)
|
||||
|
||||
+ Body
|
||||
|
||||
{
|
||||
"message": "Template not found",
|
||||
"success": false,
|
||||
"data": null
|
||||
}
|
||||
|
||||
# Group Groups
|
||||
## Groups [/groups/]
|
||||
|
||||
### Get Groups [GET]
|
||||
Get a list of groups.
|
||||
|
||||
Groups contain the details for one or more users targeted in the simulated phishing campaign. Groups contain the following attributes:
|
||||
|
||||
+ ```id```: 1 (required, number) - Unique identifier
|
||||
+ ```name```: Example Group (required) - Name of the Group
|
||||
+ ```modified_date```: `2015-01-01T01:02:03.000000Z` (string) - Date the Group was last modified
|
||||
+ ```targets```: Attributes (array[Target]) (required) - The targets in the group
|
||||
|
||||
Each target contains the following attributes:
|
||||
|
||||
+ ```id```: 1 (required, number) - Unique identifier
|
||||
+ ```first_name```: John - First name of Target
|
||||
+ ```last_name```: Doe - Last name of Target
|
||||
+ ```email```: john.doe@example.com - Email address of Target
|
||||
+ ```position```: System Administrator - Company position of the Target
|
||||
|
||||
::: note
|
||||
**Have A Lot of Users to Import?**
|
||||
|
||||
If you have all your targets in a CSV file, you can bulk import them into a group using the [Import CSV](#import-group) endpoint.
|
||||
|
||||
In the future, we plan to add other importation methods to make setting up groups a breeze.
|
||||
:::
|
||||
|
||||
+ Response 200 (application/json)
|
||||
|
||||
+ Attributes (array[Group])
|
||||
|
||||
+ Response 404 (application/json)
|
||||
|
||||
+ Body
|
||||
|
||||
[]
|
||||
|
||||
### Create New Group [POST]
|
||||
Create a new group
|
||||
|
||||
+ Request (application/json)
|
||||
|
||||
+ Attributes (Group)
|
||||
|
||||
+ Response 201 (application/json)
|
||||
|
||||
+ Attributes (Group)
|
||||
|
||||
+ Response 400 (application/json)
|
||||
|
||||
+ Attributes (BadRequestResponse)
|
||||
|
||||
## Group [/groups/{id}]
|
||||
### Get Group [GET]
|
||||
Get a group by its ID.
|
||||
|
||||
+ Parameters
|
||||
|
||||
+ id: `1` (number, required) - The Group ID
|
||||
|
||||
+ Response 200 (application/json)
|
||||
|
||||
+ Attributes (Group)
|
||||
|
||||
+ Response 404 (application/json)
|
||||
|
||||
+ Body
|
||||
|
||||
{
|
||||
"message": "Group not found",
|
||||
"success": false,
|
||||
"data": null
|
||||
}
|
||||
|
||||
### Delete a Group [DELETE]
|
||||
Delete a Group by its ID.
|
||||
|
||||
+ Parameters
|
||||
|
||||
+ id: `1` (number, required) - The Template ID
|
||||
|
||||
+ Response 200 (application/json)
|
||||
|
||||
+ Body
|
||||
|
||||
{
|
||||
"message": "Group deleted successfully!",
|
||||
"success": true,
|
||||
"data": null
|
||||
}
|
||||
|
||||
+ Response 404 (application/json)
|
||||
|
||||
+ Body
|
||||
|
||||
{
|
||||
"message": "Group not found",
|
||||
"success": false,
|
||||
"data": null
|
||||
}
|
||||
|
||||
# Group Sending Profiles
|
||||
## Sending Profiles [/smtp/]
|
||||
|
||||
### Get Sending Profiles [GET]
|
||||
Get a list of sending profiles.
|
||||
|
||||
Sending profiles contain the details for SMTP or other settings used to control how emails are sent in campaigns. Sending profiles contain the following attributes:
|
||||
|
||||
+ ```id```: 1 (required, number) - Unique identifier
|
||||
+ ```name```: Example Profile (string, required) - Name of the Sending Profile
|
||||
+ ```interface```: SMTP (string) - Interface type of the sending profile. By default, this is "SMTP"
|
||||
+ ```host```: 1.1.1.1:25 (string, required) - The hostname:port for the SMTP configuration
|
||||
+ ```username```: foo (string) - The username to authenticate to the SMTP server (optional)
|
||||
+ ```password```: bar (string) - The password to authenticate to the SMTP server (optional)
|
||||
+ ```from_address```: Foo Bar <foo.bar@example.com> (string) - The email address to use in the "From" header. This is typically used to spoof email addresses
|
||||
+ ```ignore_cert_errors```: false (boolean) - Whether or not to disable certificate validation when connecting to the SMTP server via TLS
|
||||
+ ```modified_date```: `2015-01-01T01:02:03.000000Z` (string) - Date the Group was last modified
|
||||
|
||||
::: note
|
||||
**Receiving Certificate Errors?**
|
||||
|
||||
It's common to have an SMTP server that is configured using a self-signed or otherwise untrusted SSL certficate. To avoid errors when connecting to the server, set ```ignore_cert_errors``` to "true".
|
||||
:::
|
||||
|
||||
+ Response 200 (application/json)
|
||||
|
||||
+ Attributes (array[SendingProfile])
|
||||
|
||||
+ Response 404 (application/json)
|
||||
|
||||
+ Body
|
||||
|
||||
[]
|
||||
|
||||
### Create New Sending Profile [POST]
|
||||
Create a new sending profile
|
||||
|
||||
+ Request (application/json)
|
||||
|
||||
+ Attributes (SendingProfile)
|
||||
|
||||
+ Response 201 (application/json)
|
||||
|
||||
+ Attributes (SendingProfile)
|
||||
|
||||
+ Response 400 (application/json)
|
||||
|
||||
+ Attributes (BadRequestResponse)
|
||||
|
||||
## Sending Profile [/smtp/{id}]
|
||||
### Get Sending Profile [GET]
|
||||
Get a sending profile by its ID.
|
||||
|
||||
+ Parameters
|
||||
|
||||
+ id: `1` (number, required) - The sending profile ID
|
||||
|
||||
+ Response 200 (application/json)
|
||||
|
||||
+ Attributes (SendingProfile)
|
||||
|
||||
+ Response 404 (application/json)
|
||||
|
||||
+ Body
|
||||
|
||||
{
|
||||
"message": "SMTP not found",
|
||||
"success": false,
|
||||
"data": null
|
||||
}
|
||||
|
||||
### Delete a Sending Profile [DELETE]
|
||||
Delete a Sending Profile by its ID.
|
||||
|
||||
+ Parameters
|
||||
|
||||
+ id: `1` (number, required) - The Sending Profile ID
|
||||
|
||||
+ Response 200 (application/json)
|
||||
|
||||
+ Body
|
||||
|
||||
{
|
||||
"message": "SMTP deleted successfully!",
|
||||
"success": true,
|
||||
"data": null
|
||||
}
|
||||
|
||||
+ Response 404 (application/json)
|
||||
|
||||
+ Body
|
||||
|
||||
{
|
||||
"message": "SMTP not found",
|
||||
"success": false,
|
||||
"data": null
|
||||
}
|
||||
|
||||
# Group Pages
|
||||
## Pages [/pages/]
|
||||
### Get Pages [GET]
|
||||
Get a list of pages.
|
||||
Pages are the HTML page that a user lands on after clicking on a phishing link.
|
||||
|
||||
+ ```id```: 1 (required, number) - Unique identifier
|
||||
+ ```name```: Example Page (required, string) - Name of Page
|
||||
+ ```html```: `<html><head></head><body>This is a test message!</body></html>` (required, string) - HTML of the landing page users hit when clicking links in the email template
|
||||
+ ```modified_date```: `2015-01-01T01:02:03.000000Z` (string) - Date the Page was last modified
|
||||
|
||||
::: note
|
||||
**Importing a Site**
|
||||
|
||||
Let gophish do the hard work for you in importing a site. By using the [Import Site](#import-site) endpoint, you can simply give gophish a URL and have the site imported for you.
|
||||
:::
|
||||
|
||||
+ Response 200 (application/json)
|
||||
|
||||
+ Attributes (array[Page])
|
||||
|
||||
+ Response 404 (application/json)
|
||||
|
||||
+ Body
|
||||
|
||||
[]
|
||||
|
||||
### Create New Page [POST]
|
||||
Create a new page
|
||||
|
||||
+ Request (application/json)
|
||||
|
||||
+ Attributes (Page)
|
||||
|
||||
+ Response 201 (application/json)
|
||||
|
||||
+ Attributes (Page)
|
||||
|
||||
+ Response 400 (application/json)
|
||||
|
||||
+ Attributes (BadRequestResponse)
|
||||
|
||||
## Page [/pages/{id}]
|
||||
### Get Page [GET]
|
||||
Get a page by its ID.
|
||||
|
||||
+ Parameters
|
||||
|
||||
+ id: `1` (number, required) - The Page ID
|
||||
|
||||
+ Response 200 (application/json)
|
||||
|
||||
+ Attributes (Page)
|
||||
|
||||
+ Response 404 (application/json)
|
||||
|
||||
+ Body
|
||||
|
||||
{
|
||||
"message": "Page not found",
|
||||
"success": false,
|
||||
"data": null
|
||||
}
|
||||
|
||||
### Put Page [PUT]
|
||||
Modify a page by its ID.
|
||||
|
||||
+ Request
|
||||
|
||||
+ Attributes (Page)
|
||||
|
||||
+ Response 200 (application/json)
|
||||
|
||||
+ Attributes (Page)
|
||||
|
||||
+ Response 404 (application/json)
|
||||
|
||||
+ Body
|
||||
|
||||
{
|
||||
"message": "Page not found",
|
||||
"success": false,
|
||||
"data": null
|
||||
}
|
||||
|
||||
+ Response 400 (application/json)
|
||||
|
||||
+ Attributes (BadRequestResponse)
|
||||
|
||||
### Delete a Page [DELETE]
|
||||
Delete a page by its ID.
|
||||
|
||||
+ Parameters
|
||||
|
||||
+ id: `1` (number, required) - The Page ID
|
||||
|
||||
+ Response 200 (application/json)
|
||||
|
||||
+ Body
|
||||
|
||||
{
|
||||
"message": "Page deleted successfully!",
|
||||
"success": true,
|
||||
"data": null
|
||||
}
|
||||
|
||||
+ Response 404 (application/json)
|
||||
|
||||
+ Body
|
||||
|
||||
{
|
||||
"message": "Page not found",
|
||||
"success": false,
|
||||
"data": null
|
||||
}
|
||||
|
||||
# Group Import
|
||||
Import functions facilitate the ability to import emails, groups and more using simple interfaces.
|
||||
|
||||
## Group [/import/group]
|
||||
|
||||
### Import a Group [POST]
|
||||
This endpoint allows you to import a group from a CSV.
|
||||
|
||||
The fields expected in the CSV are as follows:
|
||||
|
||||
+ First Name
|
||||
+ Last Name
|
||||
+ Position
|
||||
+ Email
|
||||
+ Company
|
||||
|
||||
+ Request (multipart/form-data; boundary=----BOUNDARY)
|
||||
|
||||
+ Body
|
||||
|
||||
------BOUNDARY
|
||||
Content-Disposition: form-data; name="files[]"; filename="filename.csv"
|
||||
Content-Type: application/vnd.ms-excel
|
||||
|
||||
[File Content]
|
||||
------BOUNDARY
|
||||
|
||||
+ Response 201 (application/json)
|
||||
|
||||
+ Attributes (array[Target])
|
||||
|
||||
+ Response 400 (application/json)
|
||||
|
||||
+ Attributes (BadRequestResponse)
|
||||
|
||||
## Email [/import/email]
|
||||
|
||||
### Import an Email [POST]
|
||||
This endpoint allows you to parse and import an email in RFC 5322 format.
|
||||
|
||||
You can use this endpoint to easily import an email that you have received legitimately to re-use it for simulated phishing.
|
||||
|
||||
+ Request (text/plain)
|
||||
|
||||
+ Body
|
||||
|
||||
MIME-Version: 1.0
|
||||
Date: Fri, 25 Dec 2015 21:22:28 -0600
|
||||
Subject: Foo Bar
|
||||
From: John Doe <john.doe@example.com>
|
||||
To: Jane Doe <jane.doe@example.com>
|
||||
Content-Type: multipart/alternative; boundary=14dae9473639dc6b2a0527c4945f
|
||||
|
||||
--14dae9473639dc6b2a0527c4945f
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
|
||||
Foo bar
|
||||
|
||||
--14dae9473639dc6b2a0527c4945f
|
||||
Content-Type: text/html; charset=UTF-8
|
||||
|
||||
<div dir="ltr">Foo bar</div>
|
||||
|
||||
--14dae9473639dc6b2a0527c4945f--
|
||||
|
||||
+ Response 201 (application/json)
|
||||
|
||||
+ Attributes (ImportEmailResponse)
|
||||
|
||||
+ Response 400 (application/json)
|
||||
|
||||
+ Attributes (BadRequestResponse)
|
||||
|
||||
## Site [/import/site]
|
||||
|
||||
### Import a Site [POST]
|
||||
Imports a site via the URL. This causes gophish to reach out to the site and pull down the HTML of the URL given.
|
||||
|
||||
To keep styles, images, and Javascript setup and working, gophish adds a ```base``` tag to the returned HTML pointing to the original site.
|
||||
|
||||
+ Request (application/json)
|
||||
|
||||
+ Attributes (ImportSiteRequest)
|
||||
|
||||
+ Response 201 (application/json)
|
||||
|
||||
+ Attributes (ImportSiteResponse)
|
||||
|
||||
+ Response 400 (application/json)
|
||||
|
||||
+ Attributes (BadRequestResponse)
|
||||
|
||||
# Data Structures
|
||||
|
||||
## Target (object)
|
||||
+ id: 1 (number, required) - Unique identifier
|
||||
+ first_name: John - First name of Target
|
||||
+ last_name: Doe - Last name of Target
|
||||
+ email: john.doe@example.com - Email address of Target
|
||||
+ position: System Administrator - Company position of the Target
|
||||
|
||||
## Group (object)
|
||||
+ id: 1 (number, required) - Unique identifier
|
||||
+ name: Example Group (required) - Name of the Group
|
||||
+ modified_date: `2015-01-01T01:02:03.000000Z` (string) - Date the Group was last modified
|
||||
+ targets: array[Target] (required) - The targets in the group
|
||||
|
||||
## Attachment (object)
|
||||
+ id: 1 (number, required) - Unique identifier
|
||||
+ name: Example Attachment (string, required) - Filename of Attachment
|
||||
+ content: (string, required) - Base64 encoded attachment content
|
||||
+ type: `text/plain` (string, required) - MIME type of the Attachment
|
||||
|
||||
## Template (object)
|
||||
+ id: 1 (number, required) - Unique identifier
|
||||
+ name: Example Template (string, required) - Name of template
|
||||
+ subject: Example email template subject (string) - Subject of email sent to users
|
||||
+ text: `This is a test message!` (string) - Raw text of email sent to users
|
||||
+ html: `<html><head></head><body>This is a test message!</body></html>`(string) - HTML of email sent to users
|
||||
+ attachments: (array[Attachment]) - The attachments sent with the email template
|
||||
+ modified_date: `2015-01-01T01:02:03.000000Z` (string) - Date the Template was last modified
|
||||
|
||||
## Page (object)
|
||||
+ id: 1 (number, required) - Unique identifier
|
||||
+ name: Example Page (string, required) - Name of Page
|
||||
+ html: `<html><head></head><body>This is a test message!</body></html>` (required, string) - HTML of the landing page users hit when clicking links in the email template
|
||||
+ modified_date: `2015-01-01T01:02:03.000000Z` (string) - Date the Page was last modified
|
||||
|
||||
## Result (object)
|
||||
+ id: 1 (number, required) - Unique identifier
|
||||
+ email: foo@example.com - The email address of the target
|
||||
+ first_name: John - First name of the target
|
||||
+ last_name: Doe - Last name of the target
|
||||
+ status: Email Sent - The status of the result
|
||||
+ ip: 1.2.3.4 - The IP address that created the event (if any)
|
||||
+ latitude: 0.00000 (number) - The latitude of the IP address
|
||||
+ longitude: 0.00000 (number) - The longitude of the IP address
|
||||
|
||||
## Event (object)
|
||||
+ id: 1 (number, required) - Unique identifier
|
||||
+ email: foo@example.com (required) - The email address of the target
|
||||
+ time: `2015-01-01T01:02:03.000000Z` (string) - Date the event was generated
|
||||
+ message: Campaign Created (string) - The description of the event
|
||||
|
||||
## SendingProfile (object)
|
||||
+ id: 1 (number, required) - Unique identifier
|
||||
+ host: smtp.example.com:25 (required) - The hostname and port for the SMTP server
|
||||
+ username: foo (string, required) - The username used for SMTP authentication
|
||||
+ password: bar (string, required) - The password used for SMTP authentication
|
||||
+ from_address: John Doe <foo@example.com> (string, required) - The "From" address to spoof
|
||||
+ ignore_cert_errors: false (boolean) - Whether or not to ignore certificate errors
|
||||
|
||||
## Campaign (object)
|
||||
+ id: 1 (number, required) - Unique identifier
|
||||
+ name: Example Campaign (required) - Title of Campaign
|
||||
+ created_date: `2015-01-01T01:02:03.000000Z` (string) - Date the Campaign was created
|
||||
+ completed_date: `2015-01-01T01:02:03.000000Z` (string) - Date the Campaign was completed
|
||||
+ template: (Template) (required) - Email template to use in Campaign
|
||||
+ page: (Page) (required) - Landing page for users who click the phishing link
|
||||
+ status: Emails Sent (required, string) - The current status of the campaign
|
||||
+ results: (array[Result]) - The results of the campaign
|
||||
+ timeline: (array[Event]) - The event timeline
|
||||
+ smtp: (SendingProfile) - The Sending Profile settings used in the campaign
|
||||
+ url: http://foo.bar (string, required) - The URL used in the Template sent to users
|
||||
|
||||
## ImportSiteRequest (object)
|
||||
+ url: http://foo.bar (string, required) - The URL to be retrieved
|
||||
|
||||
## ImportSiteResponse (object)
|
||||
+ html: `<html><head></head><body>This is a test message!</body></html>` (string, required) - HTML of the requested URL.
|
||||
|
||||
## ImportEmailResponse (object)
|
||||
+ text: Foo bar (string) - The email text part
|
||||
+ html: "\u003cdiv\u003eFoo bar\u003c/div\u003e" (string) - The email HTML part
|
||||
+ subject: Foo Bar (string) - The email subject
|
||||
|
||||
## BadRequestResponse (object)
|
||||
+ message: Error message (string) - The detailed error message
|
||||
+ success: false (boolean) - The success status of the request
|
||||
+ data: Any associated data
|
||||
|
|
@ -17,10 +17,13 @@
|
|||
</li>
|
||||
<li><a href="/settings">Settings</a>
|
||||
</li>
|
||||
<li><hr></li>
|
||||
<li><a href="https://gophish.gitbooks.io/user-guide/content/">User Guide</a>
|
||||
<li>
|
||||
<hr>
|
||||
</li>
|
||||
<li><a href="/api/">API Documentation</a>
|
||||
<li>
|
||||
<a href="https://docs.getgophish.com/user-guide/">User Guide</a>
|
||||
</li>
|
||||
<li><a href="https://docs.getgophish.com/api-documentation/">API Documentation</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
@ -32,7 +35,8 @@
|
|||
</h1>
|
||||
<div id="flashes" class="row"></div>
|
||||
<div class="row">
|
||||
<button type="button" class="btn btn-primary" onclick="edit(-1)" data-toggle="modal" data-target="#modal"><i class="fa fa-plus"></i> New Page</button>
|
||||
<button type="button" class="btn btn-primary" onclick="edit(-1)" data-toggle="modal" data-target="#modal"><i
|
||||
class="fa fa-plus"></i> New Page</button>
|
||||
</div>
|
||||
|
||||
<div id="loading">
|
||||
|
@ -63,7 +67,8 @@
|
|||
<div class="modal-content">
|
||||
<!-- New Template Modal -->
|
||||
<div class="modal-header">
|
||||
<button type="button" class="close" data-dismiss="modal" aria-label="Close" onclick="dismiss()"><span aria-hidden="true">×</span></button>
|
||||
<button type="button" class="close" data-dismiss="modal" aria-label="Close" onclick="dismiss()"><span
|
||||
aria-hidden="true">×</span></button>
|
||||
<h4 class="modal-title" id="modalLabel">New Landing Page</h4>
|
||||
</div>
|
||||
<div class="modal-body">
|
||||
|
@ -73,7 +78,8 @@
|
|||
<input type="text" class="form-control" placeholder="Page name" id="name" autofocus />
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<button class="btn btn-danger" data-toggle="modal" data-target="#importSiteModal"><i class="fa fa-globe"></i> Import Site</button>
|
||||
<button class="btn btn-danger" data-toggle="modal" data-target="#importSiteModal"><i class="fa fa-globe"></i>
|
||||
Import Site</button>
|
||||
</div>
|
||||
<!-- Nav tabs -->
|
||||
<ul class="nav nav-tabs" role="tablist">
|
||||
|
@ -87,17 +93,21 @@
|
|||
</div>
|
||||
<div class="checkbox checkbox-primary">
|
||||
<input id="capture_credentials_checkbox" type="checkbox">
|
||||
<label for="capture_credentials_checkbox">Capture Submitted Data <i class="fa fa-question-circle" data-toggle="tooltip" data-placement="right" title="If the landing page contains a form, submitted input (except passwords!) will be captured."></i></label>
|
||||
<label for="capture_credentials_checkbox">Capture Submitted Data <i class="fa fa-question-circle"
|
||||
data-toggle="tooltip" data-placement="right" title="If the landing page contains a form, submitted input (except passwords!) will be captured."></i></label>
|
||||
</div>
|
||||
<div class="checkbox checkbox-primary" id="capture_passwords">
|
||||
<input id="capture_passwords_checkbox" type="checkbox">
|
||||
<label for="capture_passwords_checkbox">Capture Passwords</label>
|
||||
<div class="alert alert-warning">
|
||||
<i class="fa fa-exclamation-circle"></i> <b>Warning:</b> Credentials are currently <b>not encrypted</b>. This means that captured passwords are stored in the database as cleartext. Be careful with this!
|
||||
<i class="fa fa-exclamation-circle"></i> <b>Warning:</b> Credentials are currently <b>not
|
||||
encrypted</b>. This means that captured passwords are stored in the database as cleartext.
|
||||
Be careful with this!
|
||||
</div>
|
||||
</div>
|
||||
<div id="redirect_url">
|
||||
<label class="control-label" for="redirect_url_input">Redirect to: <i class="fa fa-question-circle" data-toggle="tooltip" data-placement="right" title="This option lets you redirect the user to a page after credentials are submitted."></i></label>
|
||||
<label class="control-label" for="redirect_url_input">Redirect to: <i class="fa fa-question-circle"
|
||||
data-toggle="tooltip" data-placement="right" title="This option lets you redirect the user to a page after credentials are submitted."></i></label>
|
||||
<div class="form-group">
|
||||
<input id="redirect_url_input" class="form-control" placeholder="http://example.com" />
|
||||
</div>
|
||||
|
|
|
@ -17,10 +17,13 @@
|
|||
</li>
|
||||
<li><a href="/settings">Settings</a>
|
||||
</li>
|
||||
<li><hr></li>
|
||||
<li><a href="https://gophish.gitbooks.io/user-guide/content/">User Guide</a>
|
||||
<li>
|
||||
<hr>
|
||||
</li>
|
||||
<li><a href="/api/">API Documentation</a>
|
||||
<li>
|
||||
<a href="https://docs.getgophish.com/user-guide/">User Guide</a>
|
||||
</li>
|
||||
<li><a href="https://docs.getgophish.com/api-documentation/">API Documentation</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
@ -32,7 +35,8 @@
|
|||
</h1>
|
||||
<div id="flashes" class="row"></div>
|
||||
<div class="row">
|
||||
<button type="button" class="btn btn-primary" onclick="edit(-1)" data-toggle="modal" data-target="#modal"><i class="fa fa-plus"></i> New Profile</button>
|
||||
<button type="button" class="btn btn-primary" onclick="edit(-1)" data-toggle="modal" data-target="#modal"><i
|
||||
class="fa fa-plus"></i> New Profile</button>
|
||||
</div>
|
||||
|
||||
<div id="loading">
|
||||
|
@ -64,7 +68,8 @@
|
|||
<div class="modal-content">
|
||||
<!-- New Template Modal -->
|
||||
<div class="modal-header">
|
||||
<button type="button" class="close" data-dismiss="modal" aria-label="Close" onclick="dismiss()"><span aria-hidden="true">×</span></button>
|
||||
<button type="button" class="close" data-dismiss="modal" aria-label="Close" onclick="dismiss()"><span
|
||||
aria-hidden="true">×</span></button>
|
||||
<h4 class="modal-title" id="profileModalLabel">New Sending Profile</h4>
|
||||
</div>
|
||||
<div class="modal-body">
|
||||
|
@ -75,7 +80,8 @@
|
|||
<label class="control-label" for="interface_type">Interface Type:</label>
|
||||
<input type="text" class="form-control" value="SMTP" id="interface_type" disabled />
|
||||
<label class="control-label" for="from">From:</label>
|
||||
<input type="text" class="form-control" placeholder="First Last <test@example.com>" id="from" required/>
|
||||
<input type="text" class="form-control" placeholder="First Last <test@example.com>" id="from"
|
||||
required />
|
||||
<label class="control-label" for="host">Host:</label>
|
||||
<input type="text" class="form-control" placeholder="smtp.example.com:25" id="host" required />
|
||||
<label class="control-label" for="username">Username:</label>
|
||||
|
@ -84,7 +90,8 @@
|
|||
<input type="password" class="form-control" placeholder="Password" id="password" />
|
||||
<div class="checkbox checkbox-primary">
|
||||
<input id="ignore_cert_errors" type="checkbox" checked>
|
||||
<label for="ignore_cert_errors">Ignore Certificate Errors <i class="fa fa-question-circle" data-toggle="tooltip" data-placement="right" title="Ignore common certificate errors such as self-signed certs (exposes you to MiTM attacks - use carefully!)"></i></label>
|
||||
<label for="ignore_cert_errors">Ignore Certificate Errors <i class="fa fa-question-circle"
|
||||
data-toggle="tooltip" data-placement="right" title="Ignore common certificate errors such as self-signed certs (exposes you to MiTM attacks - use carefully!)"></i></label>
|
||||
</div>
|
||||
<label class="control-label" for="headersForm">Email Headers:</label>
|
||||
<form id="headersForm">
|
||||
|
@ -92,10 +99,11 @@
|
|||
<input type="text" class="form-control" name="headerKey" id="headerKey" placeholder="X-Custom-Header">
|
||||
</div>
|
||||
<div class="col-md-4">
|
||||
<input type="text" class="form-control" name="headerValue" id="headerValue" placeholder="{{"{{"}}.URL{{"}}"}}-gophish">
|
||||
<input type="text" class="form-control" name="headerValue" id="headerValue" placeholder='{{"{{"}}.URL{{"}}"}}-gophish'>
|
||||
</div>
|
||||
<div class="col-md-2">
|
||||
<button class="btn btn-danger btn-headers" type="submit"><i class="fa fa-plus"></i> Add Custom Header</button>
|
||||
<button class="btn btn-danger btn-headers" type="submit"><i class="fa fa-plus"></i> Add
|
||||
Custom Header</button>
|
||||
</div>
|
||||
</form>
|
||||
<br />
|
||||
|
@ -111,7 +119,8 @@
|
|||
<tbody>
|
||||
</tbody>
|
||||
</table>
|
||||
<button type="button" data-toggle="modal" data-target="#sendTestEmailModal" class="btn btn-primary"><i class="fa fa-envelope"></i> Send Test Email</button>
|
||||
<button type="button" data-toggle="modal" data-target="#sendTestEmailModal" class="btn btn-primary"><i
|
||||
class="fa fa-envelope"></i> Send Test Email</button>
|
||||
</div>
|
||||
</div>
|
||||
<div class="modal-footer">
|
||||
|
@ -153,12 +162,12 @@
|
|||
</div>
|
||||
<div class="modal-footer">
|
||||
<button type="button" data-dismiss="modal" class="btn btn-default">Cancel</button>
|
||||
<button type="button" class="btn btn-primary" id="sendTestModalSubmit" onclick="sendTestEmail()"><i class="fa fa-envelope"></i> Send</button>
|
||||
<button type="button" class="btn btn-primary" id="sendTestModalSubmit" onclick="sendTestEmail()"><i
|
||||
class="fa fa-envelope"></i> Send</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{{end}}
|
||||
{{define "scripts"}}
|
||||
{{end}} {{define "scripts"}}
|
||||
<script src="/js/dist/app/sending_profiles.min.js"></script>
|
||||
{{end}}
|
|
@ -20,9 +20,10 @@
|
|||
<li>
|
||||
<hr>
|
||||
</li>
|
||||
<li><a href="https://gophish.gitbooks.io/user-guide/content/">User Guide</a>
|
||||
<li>
|
||||
<a href="https://docs.getgophish.com/user-guide/">User Guide</a>
|
||||
</li>
|
||||
<li><a href="/api/">API Documentation</a>
|
||||
<li><a href="https://docs.getgophish.com/api-documentation/">API Documentation</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
@ -35,7 +36,8 @@
|
|||
<div id="flashes" class="row"></div>
|
||||
<!-- Nav tabs -->
|
||||
<ul class="nav nav-tabs" role="tablist">
|
||||
<li class="active" role="mainSettings"><a href="#mainSettings" aria-controls="mainSettings" role="tab" data-toggle="tab">Account Settings</a></li>
|
||||
<li class="active" role="mainSettings"><a href="#mainSettings" aria-controls="mainSettings" role="tab"
|
||||
data-toggle="tab">Account Settings</a></li>
|
||||
<li role="uiSettings"><a href="#uiSettings" aria-controls="uiSettings" role="tab" data-toggle="tab">UI Settings</a></li>
|
||||
</ul>
|
||||
<!-- Tab Panes -->
|
||||
|
@ -59,7 +61,8 @@
|
|||
<div class="row">
|
||||
<label for="api_key" class="col-sm-2 control-label form-label">API Key:</label>
|
||||
<div class="col-md-6">
|
||||
<input type="text" id="api_key" onclick="this.select();" value="{{.User.ApiKey}}" class="form-control" readonly/>
|
||||
<input type="text" id="api_key" onclick="this.select();" value="{{.User.ApiKey}}" class="form-control"
|
||||
readonly />
|
||||
</div>
|
||||
<form id="apiResetForm">
|
||||
<button class="btn btn-primary"><i class="fa fa-refresh" type="submit"></i> Reset</button>
|
||||
|
@ -92,7 +95,8 @@
|
|||
<div class="row">
|
||||
<label for="confirm_new_password" class="col-sm-2 control-label form-label">Confirm New Password:</label>
|
||||
<div class="col-md-6">
|
||||
<input type="password" id="confirm_new_password" name="confirm_new_password" autocomplete="off" class="form-control" />
|
||||
<input type="password" id="confirm_new_password" name="confirm_new_password" autocomplete="off"
|
||||
class="form-control" />
|
||||
</div>
|
||||
</div>
|
||||
<input type="hidden" name="csrf_token" value="{{.Token}}" />
|
||||
|
|
|
@ -17,10 +17,13 @@
|
|||
</li>
|
||||
<li><a href="/settings">Settings</a>
|
||||
</li>
|
||||
<li><hr></li>
|
||||
<li><a href="https://gophish.gitbooks.io/user-guide/content/">User Guide</a>
|
||||
<li>
|
||||
<hr>
|
||||
</li>
|
||||
<li><a href="/api/">API Documentation</a>
|
||||
<li>
|
||||
<a href="https://docs.getgophish.com/user-guide/">User Guide</a>
|
||||
</li>
|
||||
<li><a href="https://docs.getgophish.com/api-documentation/">API Documentation</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
@ -34,7 +37,8 @@
|
|||
</div>
|
||||
<div id="flashes" class="row"></div>
|
||||
<div class="row">
|
||||
<button type="button" class="btn btn-primary" onclick="edit(-1)" data-toggle="modal" data-target="#modal"><i class="fa fa-plus"></i> New Template</button>
|
||||
<button type="button" class="btn btn-primary" onclick="edit(-1)" data-toggle="modal" data-target="#modal"><i
|
||||
class="fa fa-plus"></i> New Template</button>
|
||||
</div>
|
||||
|
||||
<div id="loading">
|
||||
|
@ -65,17 +69,20 @@
|
|||
<div class="modal-content">
|
||||
<!-- New Template Modal -->
|
||||
<div class="modal-header">
|
||||
<button type="button" class="close" data-dismiss="modal" aria-label="Close" onclick="dismiss()"><span aria-hidden="true">×</span></button>
|
||||
<button type="button" class="close" data-dismiss="modal" aria-label="Close" onclick="dismiss()"><span
|
||||
aria-hidden="true">×</span></button>
|
||||
<h4 class="modal-title" id="templateModalLabel">New Template</h4>
|
||||
</div>
|
||||
<div class="modal-body">
|
||||
<div class="row" id="modal.flashes"></div>
|
||||
<label class="control-label" for="name">Name:</label>
|
||||
<div class="form-group">
|
||||
<input type="text" class="form-control" ng-model="template.name" placeholder="Template name" id="name" autofocus/>
|
||||
<input type="text" class="form-control" ng-model="template.name" placeholder="Template name" id="name"
|
||||
autofocus />
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<button class="btn btn-danger" data-toggle="modal" data-target="#importEmailModal"><i class="fa fa-envelope"></i> Import Email</button>
|
||||
<button class="btn btn-danger" data-toggle="modal" data-target="#importEmailModal"><i class="fa fa-envelope"></i>
|
||||
Import Email</button>
|
||||
</div>
|
||||
<label class="control-label" for="subject">Subject:</label>
|
||||
<div class="form-group">
|
||||
|
|
|
@ -28,10 +28,10 @@
|
|||
<hr>
|
||||
</li>
|
||||
<li>
|
||||
<a href="https://gophish.gitbooks.io/user-guide/content/">User Guide</a>
|
||||
<a href="https://docs.getgophish.com/user-guide/">User Guide</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="/api/">API Documentation</a>
|
||||
<a href="https://docs.getgophish.com/api-documentation/">API Documentation</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
@ -86,10 +86,12 @@
|
|||
<div class="row" id="modal.flashes"></div>
|
||||
<label class="control-label" for="name">Name:</label>
|
||||
<div class="form-group">
|
||||
<input type="text" class="form-control" ng-model="group.name" placeholder="Group name" id="name" autofocus/>
|
||||
<input type="text" class="form-control" ng-model="group.name" placeholder="Group name" id="name"
|
||||
autofocus />
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<span class="btn btn-danger btn-file" data-toggle="tooltip" data-placement="right" title="Supports CSV files" id="fileUpload">
|
||||
<span class="btn btn-danger btn-file" data-toggle="tooltip" data-placement="right" title="Supports CSV files"
|
||||
id="fileUpload">
|
||||
<i class="fa fa-plus"></i> Bulk Import Users
|
||||
<input type="file" id="csvupload" multiple>
|
||||
</span>
|
||||
|
|
Loading…
Reference in New Issue