cristiancmoises
/
gophish
mirror of https://github.com/gophish/gophish
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
814 Commits
25 Branches
17 Tags
118 MiB
Commit Graph

75 Commits (908886f2cd9567ddd0523d43532e33e4df8fd200)

Author SHA1 Message Date
Glenn Wilkinson 8e79294413 Added error handling to in-app reporting mechanism 2023-09-15 15:45:30 +01:00
Vivek Kekuda 53537a221a
Fix resource selection during campaign copy (#2482) 
Clear the selection of resource (template, page, profile) whenever the original
resource is deleted and there is only one currently available resource present
in the DB while copying a campaign. Without this fix, the only available
resource is shown as the original resource, instead of showing [Deleted].
 2022-09-14 12:26:29 +02:00
Glenn Wilkinson 3863ad31b9 Fixed issue with sorting by login date of users 2022-08-26 23:09:14 +02:00
Glenn Wilkinson d0ff3829e5 Disallow deleting of admin user from the UI (#2487) 2022-06-01 17:01:55 +01:00
Glenn Wilkinson 0c255bbe92 Disallow changing of admin username from the UI (#2487) 2022-06-01 16:40:04 +01:00
Jake Walker 704e6d56b3
Fix modal titles saying new when editing existing content (#2318) 2022-04-15 16:28:19 +02:00
ptitdoc bb516ef7ab
986 custom envelope sender remerge (#2334) 
* Adds the ability to specify an envelope sender in templates (#986)

Authored-by: ChessSpider <ChessSpider@users.noreply.github.com>
Authored-by: Olivier MEDOC <o_medoc@yahoo.fr>
Authored-by: ptitdoc <ptitdoc@free.fr>
 2022-03-25 16:24:49 +01:00
Mark Steward 1f95efcb7b
Fix sending profile form (#2389) 
Credentials no longer suggested in the Search box in 'Sending Profiles'
 2022-02-07 17:12:55 +01:00
Glenn Wilkinson ced5261678
Added functionality to lock accounts (+bug fix) (#2060) 
* Added functionality to lock accounts

* Fixed typo and added test case for locked account
 2020-12-07 08:56:05 -06:00
Glenn Wilkinson b53cff0c98
Added functionality to display last user login (#1967) 
Added functionality to display last login time for each user in the User Management page.
 2020-09-30 21:06:08 -05:00
Jordan Wright c1d3c7cd75 Modified frontend reporting logic to be more flexible with campaigns that include a path in their URL. 
Fixes #1985
 2020-09-23 21:15:19 -05:00
Glenn Wilkinson 0558da90fe
Added support to allow invalid IMAP certificates (#1909) 
This commit allows self-signed certificates to be used in upstream IMAP connections.
 2020-08-08 15:03:42 -05:00
Jordan Wright 90fed5a575 Added escaping for error message in sending profile hostname 2020-08-06 22:21:41 -05:00
Jordan Wright b684fb4ebd Fixing issue where campaigns aren't showing up in the archived tab if they have been marked as completed. 
Fixes #1892
 2020-07-25 14:47:37 -05:00
Jordan Wright 19ef924d89 Properly escaping server output when a request is made to ping a malicious webhook URL. 
Fixes #1901
 2020-07-24 23:04:55 -05:00
Jordan Wright b25f5ac5e4 Updated PapaParse config to prevent CSV injection. 
I've updated the PapaParse JS library to the latest version from the master branch which supports the `escapeForumlae` option in order to prevent malicious event entries from being parsed and executed by the Gophish user's spreadsheet software.

When a new PapaParse release is created, I'll update this code to use the updated minified file.
 2020-07-24 22:44:24 -05:00
Jordan Wright 4e9b94b641 Fixed validation when setting IMAP hostname 2020-07-17 22:40:10 -05:00
Jordan Wright bb7de8df3e
Initial Implementation of a Password Policy (#1867) 
This PR adds the initial work to implement a password policy as defined in #1538.

Specifically, this implements the following

* Rate limiting for the login handler
* Implementing the ability for system admins to require a user to reset their password
* Implementing a password policy that requires passwords to be a minimum of 8 characters
* Removes the default password (gophish) for admin users to instead have the password randomly generated when Gophish first starts up
* Adds a password strength meter when choosing a new password

Fixes #1538
 2020-06-19 22:03:51 -05:00
Jordan Wright ec8b17238e General code cleanup as part of an effort to integrate staticcheck into our CI pipeline. 2020-05-25 21:46:36 -05:00
Prasoon Dwivedi 353639e168
Use GroupsSummary to create and copy campaign (#1838) 
The Groups (get all groups and associated targets) call is used while
loading the modal for creating and copying a campaign. As the Groups API gets
all the associated targets for a groups as well, it slows the system
considerably if there are large number of groups and targets (~200
groups each with ~100-10000 targets).
As targets are not really needed in this workflow, this call can be
replaced by the GroupsSummary call.
 2020-05-23 12:51:43 -05:00
Prasoon Dwivedi 116c2a7e7e
Load datatable rows all at once (#1830) 
This change modifies how we populate DataTables to draw the table only once vs. drawing it when we add each new row. This should result in tables loading quicker.
 2020-05-03 22:03:58 -05:00
Glenn Wilkinson 38a6a77c9c
Added ability to allow admin to 'su' to other accounts (#1812) 
* Added ability to allow admin to 'su' to other accounts

* Naming convention and user message modifications

* Removed debug statement
 2020-04-27 18:19:20 -05:00
Paul Werther c0be58aa3d
Add "mark as reported" to results table (#1772) 
This commit adds the ability to mark a result as reported directly from the campaign results view.
 2020-03-15 12:38:51 -05:00
Jordan Wright 2e3aacd22d
Remove Unused Variable (#1774) 
The timeline_series_data variable is created twice before using it. This resolves that.
 2020-03-05 07:28:17 -06:00
Glenn Wilkinson 9de32746ee Added IMAP support for checking reported emails (#1612) 
Initial support of managing reporting through IMAP.

Co-Authored-By: Jordan Wright <jmwright798@gmail.com>
 2020-01-18 11:58:34 -06:00
Alex Maslakov 28cd7a238e Add Webhook Support 
Adds support for managing outgoing webhooks. Closes #1602
 2019-12-15 20:27:21 -06:00
Jordan Wright 6222c5e180
Upgrade SweetAlert2 Dependency (#1583) 
Upgrades the SweetAlert2 dependency to version 8.x.x.

Co-authored-by: Glenn Wilkinson <glenn.wilkinson@gmail.com>
 2019-09-10 19:49:23 -05:00
David Maciejak 24fe998a3a Fix multiple XSS issues in User Management Page (#1547) 
If the user name is embedding some JS code, it will be executed on the client side. Note: gophish/static/js/dist/app/users.min.js will need to be regenerated too.
 2019-08-23 21:07:15 -05:00
Jordan Wright a1a2de13a4 Added a check to ensure the target details are correct if manually created. 
Fixes #1475
 2019-05-31 19:31:16 -05:00
Jordan Wright 84096b8724
Implement User Management API (#1473) 
This implements the first pass for a user management API allowing users with the `ModifySystem` permission to create, modify, and delete users. In addition to this, any user is able to use the API to view or modify their own account information.
 2019-05-31 13:58:18 -05:00
Jordan Wright 2eb4f4d348
Move API key to Bearer Token (#1439) 
* Moved api_key from URL to authorization header in requests (#1434)

* Fixing some minor formatting and rebuilding minified JS
 2019-04-21 15:21:36 -05:00
Jordan Wright 3cec2dabbf
Add Archived Campaigns View (#1367) 
* Adding archived view for campaigns (#1334)

* Formatted the code, did some very minor cleanup, and rebuilt the minified JS

Closes #448
 2019-02-19 21:30:18 -06:00
Jordan Wright ba8ceb81da
Initial commit of RBAC support. (#1366) 
* Initial commit of RBAC support. Closes #1333
 2019-02-19 20:33:50 -06:00
Jordan Wright 4ec9f07859 Updating campaign datepicker format to match other date formats. Fixes #1288 2018-12-30 14:26:35 -06:00
Jordan Wright b4ff771b3a Added autocomplete for template tags to the editor for email templates and landing pages. 2018-12-30 00:02:41 -06:00
Jordan Wright 60133b45e8 Updated CKEditor to 4.11.1 2018-12-27 17:23:59 -06:00
Jordan Wright 191ec6e436 Added the CKEditor link dialog fixes to the email templates 2018-12-27 15:04:24 -06:00
Jordan Wright ea97d6257d Cleaned up CKEditor link dialog to be more simple. Related to #1327 2018-12-27 14:54:04 -06:00
Jordan Wright 3b248d25c7
Make Campaign Results Pie Chart Consistent with Dashboard (#1272) 2018-11-11 15:37:49 -06:00
Jordan Wright 468da007d5 Added result ID to campaign results view. Fixes #1239 2018-10-18 15:05:59 -05:00
Jordan Wright ebc099b6c2 Changed modals to avoid exiting when the user clicks outside them. Fixes #1236 2018-10-15 10:40:57 -05:00
Jordan Wright a0c1860a0a Fixed bug when copying campaign. 
Fixes #549
Fixes #898
 2018-10-03 15:00:08 -05:00
Jordan Wright c9e800dda7 Updated campaigns.js to automatically default dropdown values if only one option is available. 2018-09-09 15:08:52 -05:00
Jordan Wright de3c3a2e9c Fixed ability to sort campaign results by reported status. Fixes #1157 2018-09-02 12:18:41 -05:00
Jordan Wright fa1d4d74b0 Added sweetalert2 delete dialogs to all objects for consistency. 2018-09-02 12:11:06 -05:00
Jordan Wright 7dcf30f277
Add Support for Timed Campaigns (#1184) 
This builds on the work from @c-f in #1090 to fully add support for "timed" campaigns, in which the emails are spaced apart as opposed to all being sent at once.
 2018-09-02 11:17:52 -05:00
Jordan Wright f09b448ec1 Added device details to clicked link and submitted data events. Fixes #1009 2018-06-12 20:37:09 -05:00
Jordan Wright b2bd879318 Implemented view change to HTML WSYWIG view when HTML is imported for landing pages and email templates. Fixes #1100 2018-06-11 20:16:28 -05:00
Jordan Wright 35a8f13990 Improved group CSV parsing. Added ability to download CSV template from the group modal. 2018-06-09 13:22:11 -05:00
Jordan Wright 222399c5f6 De-emphasized campaign report icon while we don't have clients available. 2018-05-24 20:32:08 -05:00