Commit Graph

194 Commits (0b73100e009ee8e93cf54521b092451da43d968f)

Author SHA1 Message Date
Glenn Wilkinson 0b73100e00 Fixed logic bug to determine if file contains template variables 2020-12-07 22:16:31 +01:00
Glenn Wilkinson aabf8925ad Small fixes 2020-11-20 15:27:25 +01:00
Glenn Wilkinson 304aa3b6b7 Attempt at keeping objects as Readers 2020-08-29 20:27:17 +01:00
Glenn Wilkinson b02670d207 Updated validation function 2020-08-28 21:53:27 +01:00
Glenn Wilkinson ad20017981 Converted .docx test file to base64 2020-08-28 20:13:20 +01:00
Glenn Wilkinson df530b3d61 Added unit tests for attachment variables 2020-08-17 19:50:18 +01:00
Glenn Wilkinson af0a630ea3 Added attachment validation 2020-08-16 22:34:13 +01:00
Glenn Wilkinson 291f20dc03 Fixed by-reference issues when iterating over attachments 2020-08-16 21:49:59 +01:00
Glenn Wilkinson 7196ba2497 Moved attachment parsing logic to attachment.go and removed cache map 2020-08-16 14:38:37 +01:00
Glenn Wilkinson 9a3ecd5c89 Added support for templating attachments 2020-08-15 17:03:52 +01:00
Glenn Wilkinson 0558da90fe
Added support to allow invalid IMAP certificates (#1909)
This commit allows self-signed certificates to be used in upstream IMAP connections.
2020-08-08 15:03:42 -05:00
Stuart Small afa00e2a9c
Add ability to provide initial API key on service standup (#1883) 2020-07-01 22:06:31 -05:00
Jordan Wright bf76f86ea4 Adds environment variable to set the initial admin password
This change adds a `GOPHISH_INITIAL_ADMIN_PASSWORD` environment variable so that system administrators can set the initial admin password rather than having it randomly generated. This is especially useful in automated deployment scenarios, or scenarios using Docker (ref #1876, #1874)
2020-06-25 08:31:28 -05:00
Jordan Wright bb7de8df3e
Initial Implementation of a Password Policy (#1867)
This PR adds the initial work to implement a password policy as defined in #1538.

Specifically, this implements the following

* Rate limiting for the login handler
* Implementing the ability for system admins to require a user to reset their password
* Implementing a password policy that requires passwords to be a minimum of 8 characters
* Removes the default password (gophish) for admin users to instead have the password randomly generated when Gophish first starts up
* Adds a password strength meter when choosing a new password

Fixes #1538
2020-06-19 22:03:51 -05:00
Jordan Wright ec8b17238e General code cleanup as part of an effort to integrate staticcheck into our CI pipeline. 2020-05-25 21:46:36 -05:00
Jordan Wright 0961e22126 Removed unneeded print statement 2020-05-25 20:55:00 -05:00
Jordan Wright 6251ea6a02
Fixing issues - get values from non objects (#1773)
After calls to get Template, Page, and SMTP, if the objects aren't found then we're currently trying to display error message using the name values of the non objects. This changes this behavior such that we use the name values from the campaign object to give better log messages.
2020-03-05 07:31:19 -06:00
Jordan Wright 8162a80cb1
Improve the Performance of Sending Emails (#1753)
Adding the ability to cache campaigns on maillogs to greatly improve generation time (and, by extension, sending speed and memory usage).
2020-02-29 20:19:54 -06:00
Jordan Wright be459e47bf
Refactoring tests to remove stretchr/testify dependency 2020-02-01 21:44:50 -06:00
Jordan Wright 3d525525ea Added campaign ID to the webhook JSON payload 2020-01-30 07:09:04 -06:00
Jordan Wright 0620671de6 Adding benchmarks for maillog.Generate. Ref #1726 2020-01-25 22:09:43 -06:00
Jordan Wright 947bb4ccba Adjusting SMTP TLS config to use just the hostname instead of the hostname+port when validating certificates. Fixes #1709 2020-01-21 07:21:56 -06:00
Glenn Wilkinson 9de32746ee Added IMAP support for checking reported emails (#1612)
Initial support of managing reporting through IMAP.

Co-Authored-By: Jordan Wright <jmwright798@gmail.com>
2020-01-18 11:58:34 -06:00
Jordan Wright 546da4ee7d Removing unneeded query to improve group performance.
As mentioned in #1702, the query in `insertTargetIntoGroup` isn't needed, since both instances where it's used we already know that the target isn't in the group. This means it's safe to remove that query, improving performance dramatically.

Before:

```
BenchmarkPostGroup100-4     	      81	  12629754 ns/op	 2989993 B/op	   52918 allocs/op
BenchmarkPostGroup1000-4    	       6	 189527792 ns/op	29891818 B/op	  528082 allocs/op
BenchmarkPostGroup10000-4   	       1	6203645806 ns/op	299253648 B/op	 5282859 allocs/op
BenchmarkPutGroup100-4      	     100	  10221833 ns/op	 2589165 B/op	   46078 allocs/op
BenchmarkPutGroup1000-4     	       7	 162692432 ns/op	25812440 B/op	  458425 allocs/op
BenchmarkPutGroup10000-4    	       1	7596445084 ns/op	260385808 B/op	 4581569 allocs/op
```

After:

```
BenchmarkPostGroup100-4     	     133	   8848973 ns/op	 2354605 B/op	   42322 allocs/op
BenchmarkPostGroup1000-4    	       9	 112557410 ns/op	23549206 B/op	  422184 allocs/op
BenchmarkPostGroup10000-4   	       1	3414209403 ns/op	235635952 B/op	 4222090 allocs/op
BenchmarkPutGroup100-4      	     147	   8094333 ns/op	 2271297 B/op	   40777 allocs/op
BenchmarkPutGroup1000-4     	       9	 125092124 ns/op	22635067 B/op	  405421 allocs/op
BenchmarkPutGroup10000-4    	       1	5712591900 ns/op	228592920 B/op	 4051316 allocs/op
```
2020-01-16 20:41:13 -06:00
JoseW3b 91d798336f Get send_by_date (#1720)
Get send_by_date field when query on GetCampaignSummary and GetCampaignSummaries
2020-01-15 22:02:19 -06:00
Jordan Wright 01287e0dd5 Minor cleanup on webhook feature integration
- Ran gofmt
- Rebuilt minified static files
- Updated validation payload
2019-12-15 22:07:55 -06:00
Alex Maslakov 28cd7a238e Add Webhook Support
Adds support for managing outgoing webhooks. Closes #1602
2019-12-15 20:27:21 -06:00
Jordan Wright 44f88401bb
Performance Improvements for Campaign and Group Creation (#1686)
This commit significantly improves the performance of campaign and group creation by changing database access to use transactions.

It should also make things more consistent with campaign creation. Specifically, this will ensure that the entire campaign gets created before emails start sending, while I anticipate this will fix #1643, #1080, (possibly) #1677, and #1552.
2019-12-02 23:00:11 -06:00
Michael Eder 1aab1a34ba 1624 - Return API Key on Password Change (#1663)
Updates the user model to return the user’s API key for easier administration.
2019-11-16 12:18:03 -06:00
SamSutt c5dc71662a Bugfix Issue 1570 (#1640)
Relating to the Issue (https://github.com/gophish/gophish/issues/1570), this could be an easy fix.
2019-10-29 08:21:54 -05:00
Christian Schwartz 26d99b5a65 Add support for encrypted connections to mysql (#1460) 2019-06-03 22:04:54 -05:00
Jordan Wright 84096b8724
Implement User Management API (#1473)
This implements the first pass for a user management API allowing users with the `ModifySystem` permission to create, modify, and delete users. In addition to this, any user is able to use the API to view or modify their own account information.
2019-05-31 13:58:18 -05:00
Chris Zietlow 8d95ceb31a Update Sending Profile Message-ID headers (#1417) (#1441)
Adds a default message-ID header to outbound emails.
2019-04-23 17:31:30 -05:00
gfrancqu af4c8f61da Wait for db (#1402)
Added a loop that attempts to connect to the configured database.
2019-03-27 22:48:31 -05:00
Jordan Wright ba8ceb81da
Initial commit of RBAC support. (#1366)
* Initial commit of RBAC support. Closes #1333
2019-02-19 20:33:50 -06:00
Jordan Wright 53b3a98521 Deleting maillogs when a campaign is completed to prevent accidental future emails from being sent. Fixes #719 2018-12-15 22:09:15 -06:00
Jordan Wright c14be36e05 Delete maillogs if a campaign is deleted. Fixes #1318 2018-12-15 21:47:40 -06:00
Jordan Wright a73ac4ab7c Fixed various minor linting issues 2018-12-15 21:38:51 -06:00
Jordan Wright 47f0049c30
Refactor servers (#1321)
* Refactoring servers to support custom workers and graceful shutdown.
* Refactoring workers to support custom mailers.
* Refactoring mailer to be an interface, with proper instances instead of a single global instance
* Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition.
* Cleaning up API middleware to be simpler
* Moving template parameters to separate struct
* Changed LoadConfig to return config object
* Cleaned up some error handling, removing uninitialized global error in models package
* Changed static file serving to use the unindexed package
2018-12-15 15:42:32 -06:00
Jordan Wright 7fd0657a91
Support Re-enabling CapturePasswords for Landing Pages (#1271)
Fixed a bug when marking the capture password, saving and unmarking the capture password, the attribute does not comeback and the password will never be captured again for this template.
2018-11-11 12:34:26 -06:00
Jordan Wright 326649b177 Updating redirect URL to support template values. Fixes #1235 2018-10-15 16:42:05 -05:00
Jordan Wright d6cbc1a936 Minor cleanup for campaign results 2018-10-08 10:49:21 -05:00
Jordan Wright 81da804761 Properly returning 404 error if the requested sending profile isn't found. 2018-10-07 12:37:15 -05:00
Jordan Wright f39014bbfc Moved template validation into separate function, and added validation for pages 2018-09-09 11:33:51 -05:00
Jordan Wright 0c5925aeec Fixed template validation to better support the all the possible template tags. Fixes #1189 2018-09-08 18:04:21 -05:00
Jordan Wright 15e57b6cd0 Add {{.BaseURL}} template tag to provide the root URL for static files. Fixes #1182 2018-09-03 20:28:32 -05:00
Jordan Wright 7dcf30f277
Add Support for Timed Campaigns (#1184)
This builds on the work from @c-f in #1090 to fully add support for "timed" campaigns, in which the emails are spaced apart as opposed to all being sent at once.
2018-09-02 11:17:52 -05:00
Jordan Wright 9f334281ab Added X-Mailer and X-Gophish-Contact headers (Ref: #1057) 2018-06-18 21:37:59 -05:00
Jordan Wright 1efb71d1e9 Added transparency handler to return information JSON when a "+" is appended to a valid result ID (ref #1057) 2018-06-09 20:58:05 -05:00
Jordan Wright ebb6cd61b2 Implemented the ability to preview landing pages when sending a test email. 2018-06-08 21:20:52 -05:00