cristiancmoises
/
gophish
mirror of https://github.com/gophish/gophish
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
811 Commits
25 Branches
17 Tags
118 MiB
Commit Graph

334 Commits (7cde2bcba1fc5b9c68f2a2d7eeb82482599d905b)

Author SHA1 Message Date
Fabricio Leonardo Sodano Pascazi 7cde2bcba1
Use location instead of campaign listener URL 
The campaign listener URL can be anything (for instance an URL shortener), but when performing an admin function, it should refer to the admin URL itself.
 2023-02-27 16:17:39 +11:00
Glenn Wilkinson 06e95c1fb8 Minified campaigns.js #2482 2022-09-14 11:29:18 +01:00
Vivek Kekuda 53537a221a
Fix resource selection during campaign copy (#2482) 
Clear the selection of resource (template, page, profile) whenever the original
resource is deleted and there is only one currently available resource present
in the DB while copying a campaign. Without this fix, the only available
resource is shown as the original resource, instead of showing [Deleted].
 2022-09-14 12:26:29 +02:00
Glenn Wilkinson 3863ad31b9 Fixed issue with sorting by login date of users 2022-08-26 23:09:14 +02:00
Glenn Wilkinson 32c0502999 Minified missing sending_profile file (741201b) 2022-08-24 18:00:00 +02:00
Glenn Wilkinson 90cd444dcb Minified template.js resolving #2545 2022-08-09 15:24:29 +01:00
Glenn Wilkinson d0ff3829e5 Disallow deleting of admin user from the UI (#2487) 2022-06-01 17:01:55 +01:00
Glenn Wilkinson 0c255bbe92 Disallow changing of admin username from the UI (#2487) 2022-06-01 16:40:04 +01:00
Jake Walker 704e6d56b3
Fix modal titles saying new when editing existing content (#2318) 2022-04-15 16:28:19 +02:00
ptitdoc bb516ef7ab
986 custom envelope sender remerge (#2334) 
* Adds the ability to specify an envelope sender in templates (#986)

Authored-by: ChessSpider <ChessSpider@users.noreply.github.com>
Authored-by: Olivier MEDOC <o_medoc@yahoo.fr>
Authored-by: ptitdoc <ptitdoc@free.fr>
 2022-03-25 16:24:49 +01:00
Glenn Wilkinson 741201b7f0 Added JS for Fix sending profile form (#2389) 2022-02-16 15:30:38 +00:00
Mark Steward 1f95efcb7b
Fix sending profile form (#2389) 
Credentials no longer suggested in the Search box in 'Sending Profiles'
 2022-02-07 17:12:55 +01:00
Glenn Wilkinson ced5261678
Added functionality to lock accounts (+bug fix) (#2060) 
* Added functionality to lock accounts

* Fixed typo and added test case for locked account
 2020-12-07 08:56:05 -06:00
Jordan Wright 3c490dbadb Updated JS from #1976 2020-09-30 22:00:15 -05:00
Glenn Wilkinson b53cff0c98
Added functionality to display last user login (#1967) 
Added functionality to display last login time for each user in the User Management page.
 2020-09-30 21:06:08 -05:00
Jordan Wright c1d3c7cd75 Modified frontend reporting logic to be more flexible with campaigns that include a path in their URL. 
Fixes #1985
 2020-09-23 21:15:19 -05:00
Jordan Wright 735880c398 Creating minified JS file from chnages in #1909 2020-08-08 15:04:59 -05:00
Glenn Wilkinson 0558da90fe
Added support to allow invalid IMAP certificates (#1909) 
This commit allows self-signed certificates to be used in upstream IMAP connections.
 2020-08-08 15:03:42 -05:00
Jordan Wright 90fed5a575 Added escaping for error message in sending profile hostname 2020-08-06 22:21:41 -05:00
Jordan Wright b684fb4ebd Fixing issue where campaigns aren't showing up in the archived tab if they have been marked as completed. 
Fixes #1892
 2020-07-25 14:47:37 -05:00
Jordan Wright 19ef924d89 Properly escaping server output when a request is made to ping a malicious webhook URL. 
Fixes #1901
 2020-07-24 23:04:55 -05:00
Jordan Wright b25f5ac5e4 Updated PapaParse config to prevent CSV injection. 
I've updated the PapaParse JS library to the latest version from the master branch which supports the `escapeForumlae` option in order to prevent malicious event entries from being parsed and executed by the Gophish user's spreadsheet software.

When a new PapaParse release is created, I'll update this code to use the updated minified file.
 2020-07-24 22:44:24 -05:00
Jordan Wright 4e9b94b641 Fixed validation when setting IMAP hostname 2020-07-17 22:40:10 -05:00
Jordan Wright bb7de8df3e
Initial Implementation of a Password Policy (#1867) 
This PR adds the initial work to implement a password policy as defined in #1538.

Specifically, this implements the following

* Rate limiting for the login handler
* Implementing the ability for system admins to require a user to reset their password
* Implementing a password policy that requires passwords to be a minimum of 8 characters
* Removes the default password (gophish) for admin users to instead have the password randomly generated when Gophish first starts up
* Adds a password strength meter when choosing a new password

Fixes #1538
 2020-06-19 22:03:51 -05:00
Jordan Wright ec8b17238e General code cleanup as part of an effort to integrate staticcheck into our CI pipeline. 2020-05-25 21:46:36 -05:00
Jordan Wright b57210f6e7 Rebuilt JS files from #1812 2020-05-24 22:24:57 -05:00
Jordan Wright b29544c208 Rebuilding JS files from #1838 2020-05-23 12:56:18 -05:00
Prasoon Dwivedi 353639e168
Use GroupsSummary to create and copy campaign (#1838) 
The Groups (get all groups and associated targets) call is used while
loading the modal for creating and copying a campaign. As the Groups API gets
all the associated targets for a groups as well, it slows the system
considerably if there are large number of groups and targets (~200
groups each with ~100-10000 targets).
As targets are not really needed in this workflow, this call can be
replaced by the GroupsSummary call.
 2020-05-23 12:51:43 -05:00
Jordan Wright 726e3c96ac Rebuilding JS files from #1830 2020-05-08 21:02:05 -05:00
Prasoon Dwivedi 40b77840f5
Add favicon (#1831) 
Added favicon image and corrected the path to the favicon
 2020-05-08 21:00:22 -05:00
Prasoon Dwivedi 116c2a7e7e
Load datatable rows all at once (#1830) 
This change modifies how we populate DataTables to draw the table only once vs. drawing it when we add each new row. This should result in tables loading quicker.
 2020-05-03 22:03:58 -05:00
Glenn Wilkinson 38a6a77c9c
Added ability to allow admin to 'su' to other accounts (#1812) 
* Added ability to allow admin to 'su' to other accounts

* Naming convention and user message modifications

* Removed debug statement
 2020-04-27 18:19:20 -05:00
Jordan Wright 118d9899d6 Updated minified scripts from #1772 2020-03-15 12:41:19 -05:00
Paul Werther c0be58aa3d
Add "mark as reported" to results table (#1772) 
This commit adds the ability to mark a result as reported directly from the campaign results view.
 2020-03-15 12:38:51 -05:00
Jordan Wright 2e3aacd22d
Remove Unused Variable (#1774) 
The timeline_series_data variable is created twice before using it. This resolves that.
 2020-03-05 07:28:17 -06:00
Jordan Wright ecb6d46914 Rebuilding minified JS to support #1722 2020-01-18 12:49:34 -06:00
Glenn Wilkinson 9de32746ee Added IMAP support for checking reported emails (#1612) 
Initial support of managing reporting through IMAP.

Co-Authored-By: Jordan Wright <jmwright798@gmail.com>
 2020-01-18 11:58:34 -06:00
Jordan Wright 01287e0dd5 Minor cleanup on webhook feature integration 
- Ran gofmt
- Rebuilt minified static files
- Updated validation payload
 2019-12-15 22:07:55 -06:00
Alex Maslakov 28cd7a238e Add Webhook Support 
Adds support for managing outgoing webhooks. Closes #1602
 2019-12-15 20:27:21 -06:00
Jordan Wright 6222c5e180
Upgrade SweetAlert2 Dependency (#1583) 
Upgrades the SweetAlert2 dependency to version 8.x.x.

Co-authored-by: Glenn Wilkinson <glenn.wilkinson@gmail.com>
 2019-09-10 19:49:23 -05:00
David Maciejak 24fe998a3a Fix multiple XSS issues in User Management Page (#1547) 
If the user name is embedding some JS code, it will be executed on the client side. Note: gophish/static/js/dist/app/users.min.js will need to be regenerated too.
 2019-08-23 21:07:15 -05:00
Jordan Wright a1a2de13a4 Added a check to ensure the target details are correct if manually created. 
Fixes #1475
 2019-05-31 19:31:16 -05:00
Jordan Wright 84096b8724
Implement User Management API (#1473) 
This implements the first pass for a user management API allowing users with the `ModifySystem` permission to create, modify, and delete users. In addition to this, any user is able to use the API to view or modify their own account information.
 2019-05-31 13:58:18 -05:00
Jordan Wright 6ca2b76ceb
Update Javascript Dependencies (#1440) 
* updated devDependencies, migrated gulpfile.js to gulp 4.0 syntax (#1438)

* Rebuilding JS dependencies with new gulp config. Updated yarn.lock.

Co-authored-by: Christian Schwartz <christian.schwartz@gmail.com>
 2019-04-21 16:34:52 -05:00
Jordan Wright 2eb4f4d348
Move API key to Bearer Token (#1439) 
* Moved api_key from URL to authorization header in requests (#1434)

* Fixing some minor formatting and rebuilding minified JS
 2019-04-21 15:21:36 -05:00
Jordan Wright 3cec2dabbf
Add Archived Campaigns View (#1367) 
* Adding archived view for campaigns (#1334)

* Formatted the code, did some very minor cleanup, and rebuilt the minified JS

Closes #448
 2019-02-19 21:30:18 -06:00
Jordan Wright ba8ceb81da
Initial commit of RBAC support. (#1366) 
* Initial commit of RBAC support. Closes #1333
 2019-02-19 20:33:50 -06:00
Jordan Wright 4ec9f07859 Updating campaign datepicker format to match other date formats. Fixes #1288 2018-12-30 14:26:35 -06:00
Jordan Wright b4ff771b3a Added autocomplete for template tags to the editor for email templates and landing pages. 2018-12-30 00:02:41 -06:00
Jordan Wright 60133b45e8 Updated CKEditor to 4.11.1 2018-12-27 17:23:59 -06:00