Commit Graph

158 Commits (23f0c21555d8922281efd67afc974fb76382765a)

Author SHA1 Message Date
Jordan Wright 5d23263898
Moved logging to logrus package. Not perfect yet (still want to update the access logs), but should set the foundation to make better logging in the future. 2018-05-03 19:07:41 -05:00
Jordan Wright 5f3c94d0cf
Add support for authenticating to the API via an Authorization Bearer token. 2018-04-21 12:19:58 -05:00
Jordan Wright 3a7a62e9d6
Changed /api/reset to require API key instead of just requiring a valid session. Fixes #1028 2018-03-29 20:59:26 -05:00
Jordan Wright 2131c17c33
Fixing SSRF by requiring an API key for all import endpoints. Fixes #1026 2018-03-26 21:04:22 -05:00
Jordan Wright eb2f0e38c7
Better handling of template errors when rendering the phishing page. Fixes #1008. 2018-03-22 21:29:07 -05:00
Jordan Wright f21536da7c
Adding "Report Email" Support (#1014)
Adds the capability to report phishing campaigns using an email client extension.

**Note: Gophish does not currently provide an email client extension out of the box. This is simply a mechanism to let existing email client add-ons send report status information to Gophish, and have that information reflected in the dashboard.**
2018-03-18 22:03:00 -05:00
Jordan Wright c9ff8714a0
Moved rid parameter to a separate constant. Fixes #911 2018-02-22 23:02:27 -06:00
Jordan Wright aa8c770e73 Adding "next" parameter to support redirecting after successful login. 2017-12-10 21:40:46 -06:00
Jordan Wright 227da5c7b9 Change failed login status code to 401. Fixes #833 2017-12-10 18:11:32 -06:00
Jordan Wright 76ece15b71
Email refactoring (#878)
The initial pass at refactoring the way we send emails.
2017-12-09 15:42:07 -06:00
Jordan Wright 26d2ca7344 Fixed some validation weirdness when sending a test email. Fixes #739 2017-09-05 22:35:54 -05:00
Jordan Wright 58a57589bd Updates all datetimes to use UTC on the backend. This includes a DB migration to convert existing dates.
Fixes #316
2017-08-28 22:48:49 -05:00
Jordan Wright e42302ebf9 Moved phishing handlers into separate file and added a ton of tests. 2017-06-08 23:41:38 -05:00
Jordan Wright 871114a17d Cleaning up RobotsHandler 2017-04-27 18:14:14 -05:00
Matt D 5f5c8141c9 Add robots.txt handler (#604)
Disallow all robots from accessing the phishing server, to prevent phishing materials from being indexed during campaigns.
2017-04-27 18:04:22 -05:00
Jordan Wright d67dcc889a Don't overwrite status to email opened if the user has already clicked the link or submitted data. Fixes #529 2017-02-23 23:23:05 -06:00
Jordan Wright 7453fd3b48 Added summary routes for groups.
Routes:
/api/groups/summary
/api/groups/:id/summary

The UI is now using these routes for the "Users & Groups" page.
2017-01-14 17:26:04 -06:00
Jordan Wright 8738ebbb35 Added campaign summary routes:
/api/campaigns/summary
/api/campaigns/:id/summary

This is part of #505
2017-01-05 21:48:54 -06:00
Jordan Wright 9982769d0f Making result statuses more granular as part of #505 2017-01-05 17:40:45 -06:00
Jordan Wright a05ee944a6 Added a route to allow paths in URL and still enable tracking. Fixes #498 2016-12-26 16:23:07 -06:00
Jordan Wright f195a8c7d9 Now recording address and user-agent when tracking pixel is requested. Fixes #427 2016-11-20 23:22:58 -06:00
Jordan Wright f12af50d46 Adding support for Mysql (#442)
Thanks, @svigne1!

Fixes #53
2016-11-19 10:37:22 -06:00
Jordan Wright 8f62e77884 Removed unused Location header 2016-11-19 09:16:59 -06:00
Jordan Wright 770bff192a Merge branch 'master' of https://github.com/gophish/gophish 2016-09-15 00:27:31 -05:00
Jordan Wright 7740bb3e95 Added ability to use {{.URL}} and {{.From}} in landing pages 2016-09-15 00:27:10 -05:00
s vignesh 208b3e098c Fixing Memory Leak When Importing a Site 2016-09-15 01:03:55 -04:00
Jordan Wright 103fd72cc8 Fixing context issues with Go 1.7. 2016-09-14 22:24:51 -05:00
Jordan Wright ac62f33e80 Now capturing IP and User Agent information in event logs. Fixes #280 2016-08-08 18:28:19 -05:00
Jordan Wright 33df3c3868 Added the version to the settings page. 2016-08-06 18:58:34 -05:00
Jordan Wright 576aa469e9 Adding the ability to replay credentials from the campaign results page 2016-08-06 18:06:18 -05:00
Jordan Wright 2eb2bf90a1 Added ability to use template values in Landing Pages. Fixes #327 2016-07-24 19:37:14 -05:00
Jordan Wright 1dbf061d87 Implement the ability to complete a campaign. Fixes #290.
First implementation of new alert format.
2016-07-11 22:11:40 -05:00
Rob Cutmore 97c9bd16d1 Fix comments for group API functions 2016-06-23 06:04:35 -04:00
Jordan Wright c5d6792bba Added /campaigns/:id/results endpoint to return campaign summary and make results page much quicker.
Fixes 282.
2016-06-07 22:31:55 -05:00
Jordan Wright 082023aae0 Adding the ability to schedule campaigns. Fixes #21 2016-06-07 21:42:09 -05:00
Jordan Wright 1933eb7ff1 Adding better error handling for SMTP server
JSBeautify sending_profiles.js
2016-05-30 14:53:32 -05:00
Jordan Wright 49b0646454 Fixed static file handling on phishing server + documentation. Fixes #164 2016-03-23 14:11:47 -05:00
Jordan Wright b10c4b3d3a Now returning valid tracking image. Fixes #202 2016-03-18 23:35:07 -05:00
Jordan Wright 52b9eda3b2 Added support for redirect URL's after creds are submitted. Fixes #210 2016-03-18 20:19:13 -05:00
Jordan Wright cfba48a824 Added the ability to convert links on email import to point to the landing page. Fixes #201 2016-03-10 20:35:33 -06:00
Jordan Wright c979dbd58d Added support for X-Forwarded-For. Fixes #203 2016-03-10 18:54:30 -06:00
Jordan Wright 219d546a8d Ignoring SSL cert issues when importing a site. Fixes #200 2016-03-09 18:55:39 -06:00
Jordan Wright d43a888b26 Updating gorm constructs to support gorm v1.0 released yesterday. 2016-03-08 22:37:55 -06:00
Jordan Wright 6b61b24f68 Merge branch 'master' into 78-store-smtp-settings
# Conflicts:
#	models/models_test.go
#	static/js/app/landing_pages.js
2016-02-28 22:08:39 -06:00
William Woodson 7ca63f55be gofmt, because that is a thing 2016-02-27 08:37:02 -06:00
William Woodson 80fc04924d Added handling to /util/send_test_email to use default on empty template and accept a validated SMTP object from send test email workflow on sending profiles page 2016-02-27 08:32:10 -06:00
Jordan Wright b0dd96d088 Merge branch 'master' into 124-capture-passwords 2016-02-25 20:02:15 -06:00
Jordan Wright 44fa8127fc Adding the ability to capture submitted data via the UI. Fixes #124 2016-02-25 19:58:49 -06:00
Jordan Wright 553ead7d68 Moved fmt prints to Logger prints 2016-02-21 22:18:34 -06:00
Jordan Wright 7bf2c00356 gofmt'ing 2016-02-21 21:09:14 -06:00