Jordan Wright
9e9776bdb3
Adding the ability to cache campaigns on maillogs to greatly improve generation time (and, by extension, sending speed).
...
This is the initial commit that aims to improve the speed of sending emails. Ref #1726 .
2020-01-27 22:18:20 -06:00
Jordan Wright
0620671de6
Adding benchmarks for maillog.Generate. Ref #1726
2020-01-25 22:09:43 -06:00
Jordan Wright
947bb4ccba
Adjusting SMTP TLS config to use just the hostname instead of the hostname+port when validating certificates. Fixes #1709
2020-01-21 07:21:56 -06:00
Jordan Wright
c553d7d925
Bumping version to 0.9.0
2020-01-18 13:04:12 -06:00
Jordan Wright
ecb6d46914
Rebuilding minified JS to support #1722
2020-01-18 12:49:34 -06:00
Glenn Wilkinson
9de32746ee
Added IMAP support for checking reported emails ( #1612 )
...
Initial support of managing reporting through IMAP.
Co-Authored-By: Jordan Wright <jmwright798@gmail.com>
2020-01-18 11:58:34 -06:00
Jordan Wright
caede2e40b
Refactoring Logging ( #1722 )
...
* Added ParseLevel to set log level (#1671 )
* Moved logger config into the logger package for better decoupling. Added logging tests.
Co-authored-by: Amal Alkhamees <Amalkh5@users.noreply.github.com>
2020-01-16 22:21:58 -06:00
Jordan Wright
546da4ee7d
Removing unneeded query to improve group performance.
...
As mentioned in #1702 , the query in `insertTargetIntoGroup` isn't needed, since both instances where it's used we already know that the target isn't in the group. This means it's safe to remove that query, improving performance dramatically.
Before:
```
BenchmarkPostGroup100-4 81 12629754 ns/op 2989993 B/op 52918 allocs/op
BenchmarkPostGroup1000-4 6 189527792 ns/op 29891818 B/op 528082 allocs/op
BenchmarkPostGroup10000-4 1 6203645806 ns/op 299253648 B/op 5282859 allocs/op
BenchmarkPutGroup100-4 100 10221833 ns/op 2589165 B/op 46078 allocs/op
BenchmarkPutGroup1000-4 7 162692432 ns/op 25812440 B/op 458425 allocs/op
BenchmarkPutGroup10000-4 1 7596445084 ns/op 260385808 B/op 4581569 allocs/op
```
After:
```
BenchmarkPostGroup100-4 133 8848973 ns/op 2354605 B/op 42322 allocs/op
BenchmarkPostGroup1000-4 9 112557410 ns/op 23549206 B/op 422184 allocs/op
BenchmarkPostGroup10000-4 1 3414209403 ns/op 235635952 B/op 4222090 allocs/op
BenchmarkPutGroup100-4 147 8094333 ns/op 2271297 B/op 40777 allocs/op
BenchmarkPutGroup1000-4 9 125092124 ns/op 22635067 B/op 405421 allocs/op
BenchmarkPutGroup10000-4 1 5712591900 ns/op 228592920 B/op 4051316 allocs/op
```
2020-01-16 20:41:13 -06:00
JoseW3b
91d798336f
Get send_by_date ( #1720 )
...
Get send_by_date field when query on GetCampaignSummary and GetCampaignSummaries
2020-01-15 22:02:19 -06:00
Jordan Wright
da4e468c1f
Deleted unneeded .DS_Store file that was accidentally merged as part of #1642 .
2020-01-14 23:19:33 -06:00
Chris Zietlow
f570a611db
Fix webhooks db migration. ( #1697 )
2019-12-18 17:57:13 -06:00
Jordan Wright
9d430c90ab
Added gofmt requirement to CI
2019-12-15 22:13:19 -06:00
Jordan Wright
01287e0dd5
Minor cleanup on webhook feature integration
...
- Ran gofmt
- Rebuilt minified static files
- Updated validation payload
2019-12-15 22:07:55 -06:00
Alex Maslakov
28cd7a238e
Add Webhook Support
...
Adds support for managing outgoing webhooks. Closes #1602
2019-12-15 20:27:21 -06:00
Jordan Wright
699532f256
Remove support for Go 1.9.
...
It appears that the MySQL driver dropped support for Go 1.9. Until we have vendoring in place (will happen soon!) we must follow suit and drop support for Go v1.9. This still allows us to support the latest three versions of Go.
2019-12-11 20:06:04 -06:00
Jordan Wright
79e680e675
Updates the tls.Config of the phishing and admin servers to support TLS 1.2 as the minimum TLS version. This addresses #1691 and #1689 .
...
I am making this change since Microsoft, Google, and Apple have all chosen to deprecate TLS 1.0 and TLS 1.1 in early 2020. In late 2018, the companies recorded that less than 1.4 percent (max) of their connections used < TLS 1.2.
Output before change:
```
docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.internal:3333
Testing protocols via sockets except NPN+ALPN
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 offered (deprecated)
TLS 1.1 offered (deprecated)
TLS 1.2 offered (OK)
TLS 1.3 offered (OK): final
NPN/SPDY h2, http/1.1 (advertised)
ALPN/HTTP2 h2, http/1.1 (offered)
```
Output after change:
```
docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.internal:3333
Testing protocols via sockets except NPN+ALPN
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
TLS 1.2 offered (OK)
TLS 1.3 offered (OK): final
NPN/SPDY h2, http/1.1 (advertised)
ALPN/HTTP2 h2, http/1.1 (offered)
```
2019-12-11 19:52:41 -06:00
Jordan Wright
44f88401bb
Performance Improvements for Campaign and Group Creation ( #1686 )
...
This commit significantly improves the performance of campaign and group creation by changing database access to use transactions.
It should also make things more consistent with campaign creation. Specifically, this will ensure that the entire campaign gets created before emails start sending, while I anticipate this will fix #1643 , #1080 , (possibly) #1677 , and #1552 .
2019-12-02 23:00:11 -06:00
Jordan Wright
c2f579a2c5
Updated the Dockerfile to allow the gophish binary to bind to privileged ports. Fixes #1660 .
2019-11-23 21:28:32 -06:00
Michael Eder
1aab1a34ba
1624 - Return API Key on Password Change ( #1663 )
...
Updates the user model to return the user’s API key for easier administration.
2019-11-16 12:18:03 -06:00
dependabot[bot]
e812ea0dfb
Bump lodash from 4.17.11 to 4.17.15 ( #1509 )
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.11 to 4.17.15.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.15 )
Signed-off-by: dependabot[bot] <support@github.com>
2019-11-12 20:06:35 -06:00
dependabot[bot]
38876339c0
Bump mixin-deep from 1.3.1 to 1.3.2 ( #1654 )
...
Bumps [mixin-deep](https://github.com/jonschlinkert/mixin-deep ) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/jonschlinkert/mixin-deep/releases )
- [Commits](https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2 )
Signed-off-by: dependabot[bot] <support@github.com>
2019-11-09 21:21:15 -06:00
SamSutt
c5dc71662a
Bugfix Issue 1570 ( #1640 )
...
Relating to the Issue (https://github.com/gophish/gophish/issues/1570 ), this could be an easy fix.
2019-10-29 08:21:54 -05:00
Glenn Wilkinson
28252bcb56
Will exit on port binding failure ( #1635 )
2019-10-28 21:38:59 -05:00
quelsan
3227437f52
Improved Dockerfile and run script ( #1579 )
...
The Dockerfile has also been rebuilt to use an unprivileged user instead
of root.
The run script adds more options and changes the method the
configuration is overwritten, which may help in situations where the
configuration is not owned by the unprivileged user.
2019-10-06 20:18:06 -07:00
Gábor Lipták
c3e90183c8
Add Go 1.13 to Travis ( #1610 )
2019-10-04 16:30:48 -07:00
Jordan Wright
6222c5e180
Upgrade SweetAlert2 Dependency ( #1583 )
...
Upgrades the SweetAlert2 dependency to version 8.x.x.
Co-authored-by: Glenn Wilkinson <glenn.wilkinson@gmail.com>
2019-09-10 19:49:23 -05:00
David Maciejak
20295bd96a
Remove the Top Navigation Menu
...
The top navigation menu is redundant to the sidebar. We’re opting to remove it so that we are free to update the sidebar to be more complex over time.
2019-08-29 07:36:04 -05:00
David Maciejak
24fe998a3a
Fix multiple XSS issues in User Management Page ( #1547 )
...
If the user name is embedding some JS code, it will be executed on the client side. Note: gophish/static/js/dist/app/users.min.js will need to be regenerated too.
2019-08-23 21:07:15 -05:00
Jordan Wright
f95e9554c7
Add CORS support for Reporting Handler ( #1529 )
...
* Added response headers for CORS and server identification (#1517 )
Co-Authored-By: Glenn Wilkinson <glenn.wilkinson@gmail.com>
2019-08-03 20:55:25 -05:00
dependabot[bot]
1f16c7237d
Bump lodash from 4.17.11 to 4.17.14 ( #1507 )
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.11 to 4.17.14.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.14 )
Signed-off-by: dependabot[bot] <support@github.com>
2019-07-18 23:29:45 -05:00
dependabot[bot]
d30e9e2e2f
Bump lodash.merge from 4.6.1 to 4.6.2 ( #1508 )
...
Bumps [lodash.merge](https://github.com/lodash/lodash ) from 4.6.1 to 4.6.2.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/commits )
Signed-off-by: dependabot[bot] <support@github.com>
2019-07-18 23:29:10 -05:00
Christian Schwartz
26d99b5a65
Add support for encrypted connections to mysql ( #1460 )
2019-06-03 22:04:54 -05:00
Jordan Wright
a1a2de13a4
Added a check to ensure the target details are correct if manually created.
...
Fixes #1475
2019-05-31 19:31:16 -05:00
Jordan Wright
84096b8724
Implement User Management API ( #1473 )
...
This implements the first pass for a user management API allowing users with the `ModifySystem` permission to create, modify, and delete users. In addition to this, any user is able to use the API to view or modify their own account information.
2019-05-31 13:58:18 -05:00
Gábor Lipták
faadf0c850
Add Go 1.12 to Travis ( #1472 )
2019-05-31 13:42:15 -05:00
David Maciejak
de21f608d6
Prevent adding an empty recipient ( #1448 )
2019-05-30 11:46:45 -05:00
Will Woodson
27553ccc1f
Add Dockerfile ( #1437 )
...
Added dockerfile
2019-04-25 20:19:18 -05:00
Chris Zietlow
8d95ceb31a
Update Sending Profile Message-ID headers ( #1417 ) ( #1441 )
...
Adds a default message-ID header to outbound emails.
2019-04-23 17:31:30 -05:00
Jordan Wright
6ca2b76ceb
Update Javascript Dependencies ( #1440 )
...
* updated devDependencies, migrated gulpfile.js to gulp 4.0 syntax (#1438 )
* Rebuilding JS dependencies with new gulp config. Updated yarn.lock.
Co-authored-by: Christian Schwartz <christian.schwartz@gmail.com>
2019-04-21 16:34:52 -05:00
Jordan Wright
2eb4f4d348
Move API key to Bearer Token ( #1439 )
...
* Moved api_key from URL to authorization header in requests (#1434 )
* Fixing some minor formatting and rebuilding minified JS
2019-04-21 15:21:36 -05:00
gfrancqu
af4c8f61da
Wait for db ( #1402 )
...
Added a loop that attempts to connect to the configured database.
2019-03-27 22:48:31 -05:00
Jordan Wright
5c753465d1
Quick fix: Forgot to remove api_test.go
2019-03-26 22:20:35 -05:00
Jordan Wright
e634cbd670
Moving api_test.go to controllers_test.go
2019-03-26 22:19:18 -05:00
Jordan Wright
1e0a78db30
Refactoring API into separate package for easier management. ( #1411 )
2019-03-26 22:17:20 -05:00
Russel Van Tuyl
8b27d852d8
Go min version ( #1386 )
...
The `github.com/jinzhu/gorm` package uses `sync.Map` which requires go version 1.9
2019-03-10 15:52:47 -05:00
Jordan Wright
11493024a0
Changed MySQL column type for redirect_url to "TEXT" to avoid truncation.
...
Fixes #1346
2019-02-19 22:00:16 -06:00
Jordan Wright
8d32bc2fab
Fixed phishing server log output. Fixes #1345
2019-02-19 21:40:26 -06:00
Jordan Wright
3cec2dabbf
Add Archived Campaigns View ( #1367 )
...
* Adding archived view for campaigns (#1334 )
* Formatted the code, did some very minor cleanup, and rebuilt the minified JS
Closes #448
2019-02-19 21:30:18 -06:00
Jordan Wright
ba8ceb81da
Initial commit of RBAC support. ( #1366 )
...
* Initial commit of RBAC support. Closes #1333
2019-02-19 20:33:50 -06:00
Jordan Wright
4ec9f07859
Updating campaign datepicker format to match other date formats. Fixes #1288
2018-12-30 14:26:35 -06:00