Milan Bharanya 2023-09-21 13:57:21 -06:00 committed by GitHub
commit bde7da60dc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 57 additions and 15 deletions

View File

@ -19,5 +19,17 @@
"logging": { "logging": {
"filename": "", "filename": "",
"level": "" "level": ""
},
"attachments": {
"plain_text_file_list": [
".txt",
".html",
".ics",
".ps1",
".bat",
".vbs",
".sh",
".py"
]
} }
} }

View File

@ -26,6 +26,11 @@ type PhishServer struct {
KeyPath string `json:"key_path"` KeyPath string `json:"key_path"`
} }
// Attachments represents the handling of attachments in emails
type Attachments struct {
PlainTextFileList []string `json:"plain_text_file_list"`
}
// Config represents the configuration information. // Config represents the configuration information.
type Config struct { type Config struct {
AdminConf AdminServer `json:"admin_server"` AdminConf AdminServer `json:"admin_server"`
@ -37,6 +42,7 @@ type Config struct {
TestFlag bool `json:"test_flag"` TestFlag bool `json:"test_flag"`
ContactAddress string `json:"contact_address"` ContactAddress string `json:"contact_address"`
Logging *log.Config `json:"logging"` Logging *log.Config `json:"logging"`
Attachments Attachments `json:"attachments"`
} }
// Version contains the current gophish version // Version contains the current gophish version

View File

@ -26,7 +26,19 @@ var validConfig = []byte(`{
"db_name": "sqlite3", "db_name": "sqlite3",
"db_path": "gophish.db", "db_path": "gophish.db",
"migrations_prefix": "db/db_", "migrations_prefix": "db/db_",
"contact_address": "" "contact_address": "",
"attachments": {
"plain_text_file_list": [
".txt",
".html",
".ics",
".ps1",
".bat",
".vbs",
".sh",
".py"
]
}
}`) }`)
func createTemporaryConfig(t *testing.T) *os.File { func createTemporaryConfig(t *testing.T) *os.File {

View File

@ -61,6 +61,21 @@ func (a *Attachment) ApplyTemplate(ptx PhishingTemplateContext) (io.Reader, erro
// "application/vnd.openxmlformats-officedocument.wordprocessingml.document" // "application/vnd.openxmlformats-officedocument.wordprocessingml.document"
fileExtension := filepath.Ext(a.Name) fileExtension := filepath.Ext(a.Name)
if array_contains(conf.Attachments.PlainTextFileList, fileExtension) {
b, err := ioutil.ReadAll(decodedAttachment)
if err != nil {
return nil, err
}
processedAttachment, err := ExecuteTemplate(string(b), ptx)
if err != nil {
return nil, err
}
if processedAttachment == string(b) {
a.vanillaFile = true
}
return strings.NewReader(processedAttachment), nil
}
switch fileExtension { switch fileExtension {
case ".docx", ".docm", ".pptx", ".xlsx", ".xlsm": case ".docx", ".docm", ".pptx", ".xlsx", ".xlsm":
@ -136,21 +151,18 @@ func (a *Attachment) ApplyTemplate(ptx PhishingTemplateContext) (io.Reader, erro
zipWriter.Close() zipWriter.Close()
return bytes.NewReader(newZipArchive.Bytes()), err return bytes.NewReader(newZipArchive.Bytes()), err
case ".txt", ".html", ".ics":
b, err := ioutil.ReadAll(decodedAttachment)
if err != nil {
return nil, err
}
processedAttachment, err := ExecuteTemplate(string(b), ptx)
if err != nil {
return nil, err
}
if processedAttachment == string(b) {
a.vanillaFile = true
}
return strings.NewReader(processedAttachment), nil
default: default:
return decodedAttachment, nil // Default is to simply return the file return decodedAttachment, nil // Default is to simply return the file
} }
} }
func array_contains(s []string, str string) bool {
for _, v := range s {
if v == str {
return true
}
}
return false
}