Commit Graph

93 Commits (535fbf487b7f002847376c67346cd3f89d4971d7)

Author SHA1 Message Date
Jordan Wright 2131c17c33
Fixing SSRF by requiring an API key for all import endpoints. Fixes #1026 2018-03-26 21:04:22 -05:00
Jordan Wright aa8c770e73 Adding "next" parameter to support redirecting after successful login. 2017-12-10 21:40:46 -06:00
Jordan Wright 227da5c7b9 Change failed login status code to 401. Fixes #833 2017-12-10 18:11:32 -06:00
Jordan Wright e42302ebf9 Moved phishing handlers into separate file and added a ton of tests. 2017-06-08 23:41:38 -05:00
Jordan Wright 871114a17d Cleaning up RobotsHandler 2017-04-27 18:14:14 -05:00
Matt D 5f5c8141c9 Add robots.txt handler (#604)
Disallow all robots from accessing the phishing server, to prevent phishing materials from being indexed during campaigns.
2017-04-27 18:04:22 -05:00
Jordan Wright d67dcc889a Don't overwrite status to email opened if the user has already clicked the link or submitted data. Fixes #529 2017-02-23 23:23:05 -06:00
Jordan Wright 7453fd3b48 Added summary routes for groups.
Routes:
/api/groups/summary
/api/groups/:id/summary

The UI is now using these routes for the "Users & Groups" page.
2017-01-14 17:26:04 -06:00
Jordan Wright 8738ebbb35 Added campaign summary routes:
/api/campaigns/summary
/api/campaigns/:id/summary

This is part of #505
2017-01-05 21:48:54 -06:00
Jordan Wright 9982769d0f Making result statuses more granular as part of #505 2017-01-05 17:40:45 -06:00
Jordan Wright a05ee944a6 Added a route to allow paths in URL and still enable tracking. Fixes #498 2016-12-26 16:23:07 -06:00
Jordan Wright f195a8c7d9 Now recording address and user-agent when tracking pixel is requested. Fixes #427 2016-11-20 23:22:58 -06:00
Jordan Wright 7740bb3e95 Added ability to use {{.URL}} and {{.From}} in landing pages 2016-09-15 00:27:10 -05:00
Jordan Wright 103fd72cc8 Fixing context issues with Go 1.7. 2016-09-14 22:24:51 -05:00
Jordan Wright ac62f33e80 Now capturing IP and User Agent information in event logs. Fixes #280 2016-08-08 18:28:19 -05:00
Jordan Wright 33df3c3868 Added the version to the settings page. 2016-08-06 18:58:34 -05:00
Jordan Wright 2eb2bf90a1 Added ability to use template values in Landing Pages. Fixes #327 2016-07-24 19:37:14 -05:00
Jordan Wright 1dbf061d87 Implement the ability to complete a campaign. Fixes #290.
First implementation of new alert format.
2016-07-11 22:11:40 -05:00
Jordan Wright c5d6792bba Added /campaigns/:id/results endpoint to return campaign summary and make results page much quicker.
Fixes 282.
2016-06-07 22:31:55 -05:00
Jordan Wright 49b0646454 Fixed static file handling on phishing server + documentation. Fixes #164 2016-03-23 14:11:47 -05:00
Jordan Wright b10c4b3d3a Now returning valid tracking image. Fixes #202 2016-03-18 23:35:07 -05:00
Jordan Wright 52b9eda3b2 Added support for redirect URL's after creds are submitted. Fixes #210 2016-03-18 20:19:13 -05:00
Jordan Wright c979dbd58d Added support for X-Forwarded-For. Fixes #203 2016-03-10 18:54:30 -06:00
Jordan Wright 7bf2c00356 gofmt'ing 2016-02-21 21:09:14 -06:00
William Woodson 12823468d3 Fixed page titles for several routes 2016-02-20 17:46:22 -06:00
William Woodson 828e42bc3b Created routes, template, js for sending_profiles page 2016-02-20 17:24:08 -06:00
Jordan Wright 3d9e447992 Removing support for empty passwords - fixes #149 2016-02-13 16:37:12 -06:00
Jordan Wright fdfeafa1ec Restricted registration to only logged in users. Fixes #137 2016-02-09 22:19:06 -06:00
Jordan Wright 62ffbcceda Added check on email open to avoid overwriting the click/data submit events. Fixes #119 2016-02-08 19:50:21 -06:00
Jordan Wright 94e43fe557 Initial commit - adding db migration as well as the logic to add the payload 2016-01-31 19:50:41 -06:00
Jordan Wright e4d6e68147 Added ability to send a test email before launching a campaign 2016-01-24 20:03:53 -06:00
William Woodson 3a0fa4f93f Update bcrypt dependency and code moved to gophish group 2016-01-10 11:04:03 -06:00
Jordan Wright c6cd018536 Added IP, Lat and Lon to models.Result. Closes #47
Added basic mapping on campaign results. Closes #51
2016-01-04 00:04:10 -06:00
Jordan Wright 01c3da611b PhishHandler now loads landing page content. Fixes #37
Now supports autocomplete for modal typeahead. Fixes #40
Users can now specify landing pages in campaigns. Fixes #39
Implemented "Email Opened" status. Fixes #38
2015-10-22 22:29:10 -05:00
Jordan Wright 47619a8426 Fixing CSRF Exceptions 2015-10-03 15:55:06 -05:00
Jordan Wright 906c4e8a93 Adjusted CSRF whitelisted paths so remove dependency on / in path.
Fixes #31
2015-10-03 15:16:11 -05:00
unknown fc2aa71e91 Fixed settings - can now reset password, api key. 2015-08-15 16:03:39 -05:00
unknown 0e496bdf73 Migrated settings (at least it loads).
Working on making the template syntax consistent across all the files, cleaning them up, etc.
2015-06-21 16:10:47 -05:00
unknown e1eadc3892 Re-organizing files to use Jquery instead of Angular 2015-06-15 16:49:16 -05:00
unknown 7af35237a7 Working on tracking and email handling - want to make it as smooth as possible
Removed flash that shouldn't have been on the campaigns page
Added small time delay to prevent connection overload - might remove it later, but it'll be tricky
2015-06-12 23:12:43 -05:00
unknown 03b25f5fee Cleaning up a bit of controllers.js #12
Working on site clone and email import
2015-06-12 18:22:17 -05:00
unknown 66dbe2e799 Cleaned up error messages - *all* errors in JSON format
Cleaned up flashes - fixes #13
Added specified errors - more to come soon
Added Campaign validation
Added Group validation
Cleaned up the way angular errors are handled. Will double check, but for the most part fixes #11
Results are now shown on the webui with most recent shown first
Added comments, additional cleanup, etc.
2015-02-21 00:11:22 -06:00
unknown 759f86447d Working on importing emails from source (still doesn't work yet!) 2015-02-15 21:53:30 -06:00
unknown 4211abe78b Previewing Landing pages in a different window seems to work now.
Working on getting some site clone functionality working.
2015-02-08 18:37:07 -06:00
unknown f21d40d77a Registration works again.
Additional cleanup, removing unused code
2015-02-07 17:30:22 -06:00
unknown 669d96d279 More work implementing pages.
More cleanup - changing *all* API errors to be returned via JSON
Fixed bug where /api/pages/ was not csrf exempt
Changed db column/table names to be more user friendly in the case of acronyms (Id, SMTP, etc.)
2015-02-07 14:31:41 -06:00
unknown c8be0ddb74 Still working on pages integration. Added skeleton for page HTML previewing in a new browser.
Additional cleanup, documentation
Changed return values for /api/templates and /api/pages to return empty array [] if no results (like /api/campaigns was already doing)
2015-02-07 10:41:53 -06:00
unknown c318424ac0 Starting to integrate landing page functionality (still not working).
Also did some minor cleanup.
2015-02-06 20:24:10 -06:00
unknown d567153d2a Time to get back to work - starting with some simple comment fixes. 2015-01-28 17:56:56 -06:00
Jordan cc2ae713e5 Made models more consistent
Added UserId field to result (for use in looking up campaign when result is clicked)
2014-07-06 21:34:02 -05:00