Jordan Wright
2131c17c33
Fixing SSRF by requiring an API key for all import endpoints. Fixes #1026
2018-03-26 21:04:22 -05:00
Jordan Wright
aa8c770e73
Adding "next" parameter to support redirecting after successful login.
2017-12-10 21:40:46 -06:00
Jordan Wright
227da5c7b9
Change failed login status code to 401. Fixes #833
2017-12-10 18:11:32 -06:00
Jordan Wright
e42302ebf9
Moved phishing handlers into separate file and added a ton of tests.
2017-06-08 23:41:38 -05:00
Jordan Wright
871114a17d
Cleaning up RobotsHandler
2017-04-27 18:14:14 -05:00
Matt D
5f5c8141c9
Add robots.txt handler ( #604 )
...
Disallow all robots from accessing the phishing server, to prevent phishing materials from being indexed during campaigns.
2017-04-27 18:04:22 -05:00
Jordan Wright
d67dcc889a
Don't overwrite status to email opened if the user has already clicked the link or submitted data. Fixes #529
2017-02-23 23:23:05 -06:00
Jordan Wright
7453fd3b48
Added summary routes for groups.
...
Routes:
/api/groups/summary
/api/groups/:id/summary
The UI is now using these routes for the "Users & Groups" page.
2017-01-14 17:26:04 -06:00
Jordan Wright
8738ebbb35
Added campaign summary routes:
...
/api/campaigns/summary
/api/campaigns/:id/summary
This is part of #505
2017-01-05 21:48:54 -06:00
Jordan Wright
9982769d0f
Making result statuses more granular as part of #505
2017-01-05 17:40:45 -06:00
Jordan Wright
a05ee944a6
Added a route to allow paths in URL and still enable tracking. Fixes #498
2016-12-26 16:23:07 -06:00
Jordan Wright
f195a8c7d9
Now recording address and user-agent when tracking pixel is requested. Fixes #427
2016-11-20 23:22:58 -06:00
Jordan Wright
7740bb3e95
Added ability to use {{.URL}} and {{.From}} in landing pages
2016-09-15 00:27:10 -05:00
Jordan Wright
103fd72cc8
Fixing context issues with Go 1.7.
2016-09-14 22:24:51 -05:00
Jordan Wright
ac62f33e80
Now capturing IP and User Agent information in event logs. Fixes #280
2016-08-08 18:28:19 -05:00
Jordan Wright
33df3c3868
Added the version to the settings page.
2016-08-06 18:58:34 -05:00
Jordan Wright
2eb2bf90a1
Added ability to use template values in Landing Pages. Fixes #327
2016-07-24 19:37:14 -05:00
Jordan Wright
1dbf061d87
Implement the ability to complete a campaign. Fixes #290 .
...
First implementation of new alert format.
2016-07-11 22:11:40 -05:00
Jordan Wright
c5d6792bba
Added /campaigns/:id/results endpoint to return campaign summary and make results page much quicker.
...
Fixes 282.
2016-06-07 22:31:55 -05:00
Jordan Wright
49b0646454
Fixed static file handling on phishing server + documentation. Fixes #164
2016-03-23 14:11:47 -05:00
Jordan Wright
b10c4b3d3a
Now returning valid tracking image. Fixes #202
2016-03-18 23:35:07 -05:00
Jordan Wright
52b9eda3b2
Added support for redirect URL's after creds are submitted. Fixes #210
2016-03-18 20:19:13 -05:00
Jordan Wright
c979dbd58d
Added support for X-Forwarded-For. Fixes #203
2016-03-10 18:54:30 -06:00
Jordan Wright
7bf2c00356
gofmt'ing
2016-02-21 21:09:14 -06:00
William Woodson
12823468d3
Fixed page titles for several routes
2016-02-20 17:46:22 -06:00
William Woodson
828e42bc3b
Created routes, template, js for sending_profiles page
2016-02-20 17:24:08 -06:00
Jordan Wright
3d9e447992
Removing support for empty passwords - fixes #149
2016-02-13 16:37:12 -06:00
Jordan Wright
fdfeafa1ec
Restricted registration to only logged in users. Fixes #137
2016-02-09 22:19:06 -06:00
Jordan Wright
62ffbcceda
Added check on email open to avoid overwriting the click/data submit events. Fixes #119
2016-02-08 19:50:21 -06:00
Jordan Wright
94e43fe557
Initial commit - adding db migration as well as the logic to add the payload
2016-01-31 19:50:41 -06:00
Jordan Wright
e4d6e68147
Added ability to send a test email before launching a campaign
2016-01-24 20:03:53 -06:00
William Woodson
3a0fa4f93f
Update bcrypt dependency and code moved to gophish group
2016-01-10 11:04:03 -06:00
Jordan Wright
c6cd018536
Added IP, Lat and Lon to models.Result. Closes #47
...
Added basic mapping on campaign results. Closes #51
2016-01-04 00:04:10 -06:00
Jordan Wright
01c3da611b
PhishHandler now loads landing page content. Fixes #37
...
Now supports autocomplete for modal typeahead. Fixes #40
Users can now specify landing pages in campaigns. Fixes #39
Implemented "Email Opened" status. Fixes #38
2015-10-22 22:29:10 -05:00
Jordan Wright
47619a8426
Fixing CSRF Exceptions
2015-10-03 15:55:06 -05:00
Jordan Wright
906c4e8a93
Adjusted CSRF whitelisted paths so remove dependency on / in path.
...
Fixes #31
2015-10-03 15:16:11 -05:00
unknown
fc2aa71e91
Fixed settings - can now reset password, api key.
2015-08-15 16:03:39 -05:00
unknown
0e496bdf73
Migrated settings (at least it loads).
...
Working on making the template syntax consistent across all the files, cleaning them up, etc.
2015-06-21 16:10:47 -05:00
unknown
e1eadc3892
Re-organizing files to use Jquery instead of Angular
2015-06-15 16:49:16 -05:00
unknown
7af35237a7
Working on tracking and email handling - want to make it as smooth as possible
...
Removed flash that shouldn't have been on the campaigns page
Added small time delay to prevent connection overload - might remove it later, but it'll be tricky
2015-06-12 23:12:43 -05:00
unknown
03b25f5fee
Cleaning up a bit of controllers.js #12
...
Working on site clone and email import
2015-06-12 18:22:17 -05:00
unknown
66dbe2e799
Cleaned up error messages - *all* errors in JSON format
...
Cleaned up flashes - fixes #13
Added specified errors - more to come soon
Added Campaign validation
Added Group validation
Cleaned up the way angular errors are handled. Will double check, but for the most part fixes #11
Results are now shown on the webui with most recent shown first
Added comments, additional cleanup, etc.
2015-02-21 00:11:22 -06:00
unknown
759f86447d
Working on importing emails from source (still doesn't work yet!)
2015-02-15 21:53:30 -06:00
unknown
4211abe78b
Previewing Landing pages in a different window seems to work now.
...
Working on getting some site clone functionality working.
2015-02-08 18:37:07 -06:00
unknown
f21d40d77a
Registration works again.
...
Additional cleanup, removing unused code
2015-02-07 17:30:22 -06:00
unknown
669d96d279
More work implementing pages.
...
More cleanup - changing *all* API errors to be returned via JSON
Fixed bug where /api/pages/ was not csrf exempt
Changed db column/table names to be more user friendly in the case of acronyms (Id, SMTP, etc.)
2015-02-07 14:31:41 -06:00
unknown
c8be0ddb74
Still working on pages integration. Added skeleton for page HTML previewing in a new browser.
...
Additional cleanup, documentation
Changed return values for /api/templates and /api/pages to return empty array [] if no results (like /api/campaigns was already doing)
2015-02-07 10:41:53 -06:00
unknown
c318424ac0
Starting to integrate landing page functionality (still not working).
...
Also did some minor cleanup.
2015-02-06 20:24:10 -06:00
unknown
d567153d2a
Time to get back to work - starting with some simple comment fixes.
2015-01-28 17:56:56 -06:00
Jordan
cc2ae713e5
Made models more consistent
...
Added UserId field to result (for use in looking up campaign when result is clicked)
2014-07-06 21:34:02 -05:00