cristiancmoises
/
gophish
mirror of https://github.com/gophish/gophish
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
737 Commits
25 Branches
17 Tags
118 MiB
Commit Graph

58 Commits (b25f5ac5e468f6730e377f43c7995e18f8fccc2b)

Author SHA1 Message Date
Jordan Wright b25f5ac5e4 Updated PapaParse config to prevent CSV injection. 
I've updated the PapaParse JS library to the latest version from the master branch which supports the `escapeForumlae` option in order to prevent malicious event entries from being parsed and executed by the Gophish user's spreadsheet software.

When a new PapaParse release is created, I'll update this code to use the updated minified file.
 2020-07-24 22:44:24 -05:00
Jordan Wright 4e9b94b641 Fixed validation when setting IMAP hostname 2020-07-17 22:40:10 -05:00
Jordan Wright bb7de8df3e
Initial Implementation of a Password Policy (#1867) 
This PR adds the initial work to implement a password policy as defined in #1538.

Specifically, this implements the following

* Rate limiting for the login handler
* Implementing the ability for system admins to require a user to reset their password
* Implementing a password policy that requires passwords to be a minimum of 8 characters
* Removes the default password (gophish) for admin users to instead have the password randomly generated when Gophish first starts up
* Adds a password strength meter when choosing a new password

Fixes #1538
 2020-06-19 22:03:51 -05:00
Jordan Wright ec8b17238e General code cleanup as part of an effort to integrate staticcheck into our CI pipeline. 2020-05-25 21:46:36 -05:00
Jordan Wright b57210f6e7 Rebuilt JS files from #1812 2020-05-24 22:24:57 -05:00
Jordan Wright b29544c208 Rebuilding JS files from #1838 2020-05-23 12:56:18 -05:00
Jordan Wright 726e3c96ac Rebuilding JS files from #1830 2020-05-08 21:02:05 -05:00
Jordan Wright 118d9899d6 Updated minified scripts from #1772 2020-03-15 12:41:19 -05:00
Jordan Wright ecb6d46914 Rebuilding minified JS to support #1722 2020-01-18 12:49:34 -06:00
Jordan Wright 01287e0dd5 Minor cleanup on webhook feature integration 
- Ran gofmt
- Rebuilt minified static files
- Updated validation payload
 2019-12-15 22:07:55 -06:00
Jordan Wright 6222c5e180
Upgrade SweetAlert2 Dependency (#1583) 
Upgrades the SweetAlert2 dependency to version 8.x.x.

Co-authored-by: Glenn Wilkinson <glenn.wilkinson@gmail.com>
 2019-09-10 19:49:23 -05:00
Jordan Wright a1a2de13a4 Added a check to ensure the target details are correct if manually created. 
Fixes #1475
 2019-05-31 19:31:16 -05:00
Jordan Wright 84096b8724
Implement User Management API (#1473) 
This implements the first pass for a user management API allowing users with the `ModifySystem` permission to create, modify, and delete users. In addition to this, any user is able to use the API to view or modify their own account information.
 2019-05-31 13:58:18 -05:00
Jordan Wright 6ca2b76ceb
Update Javascript Dependencies (#1440) 
* updated devDependencies, migrated gulpfile.js to gulp 4.0 syntax (#1438)

* Rebuilding JS dependencies with new gulp config. Updated yarn.lock.

Co-authored-by: Christian Schwartz <christian.schwartz@gmail.com>
 2019-04-21 16:34:52 -05:00
Jordan Wright 2eb4f4d348
Move API key to Bearer Token (#1439) 
* Moved api_key from URL to authorization header in requests (#1434)

* Fixing some minor formatting and rebuilding minified JS
 2019-04-21 15:21:36 -05:00
Jordan Wright 3cec2dabbf
Add Archived Campaigns View (#1367) 
* Adding archived view for campaigns (#1334)

* Formatted the code, did some very minor cleanup, and rebuilt the minified JS

Closes #448
 2019-02-19 21:30:18 -06:00
Jordan Wright ba8ceb81da
Initial commit of RBAC support. (#1366) 
* Initial commit of RBAC support. Closes #1333
 2019-02-19 20:33:50 -06:00
Jordan Wright 4ec9f07859 Updating campaign datepicker format to match other date formats. Fixes #1288 2018-12-30 14:26:35 -06:00
Jordan Wright b4ff771b3a Added autocomplete for template tags to the editor for email templates and landing pages. 2018-12-30 00:02:41 -06:00
Jordan Wright 191ec6e436 Added the CKEditor link dialog fixes to the email templates 2018-12-27 15:04:24 -06:00
Jordan Wright ea97d6257d Cleaned up CKEditor link dialog to be more simple. Related to #1327 2018-12-27 14:54:04 -06:00
Jordan Wright 3b248d25c7
Make Campaign Results Pie Chart Consistent with Dashboard (#1272) 2018-11-11 15:37:49 -06:00
Jordan Wright 468da007d5 Added result ID to campaign results view. Fixes #1239 2018-10-18 15:05:59 -05:00
Jordan Wright ebc099b6c2 Changed modals to avoid exiting when the user clicks outside them. Fixes #1236 2018-10-15 10:40:57 -05:00
Jordan Wright c315867cea Removing console debug statements 2018-10-03 15:00:56 -05:00
Jordan Wright a0c1860a0a Fixed bug when copying campaign. 
Fixes #549
Fixes #898
 2018-10-03 15:00:08 -05:00
Jordan Wright c9e800dda7 Updated campaigns.js to automatically default dropdown values if only one option is available. 2018-09-09 15:08:52 -05:00
Jordan Wright de3c3a2e9c Fixed ability to sort campaign results by reported status. Fixes #1157 2018-09-02 12:18:41 -05:00
Jordan Wright fa1d4d74b0 Added sweetalert2 delete dialogs to all objects for consistency. 2018-09-02 12:11:06 -05:00
Jordan Wright 7dcf30f277
Add Support for Timed Campaigns (#1184) 
This builds on the work from @c-f in #1090 to fully add support for "timed" campaigns, in which the emails are spaced apart as opposed to all being sent at once.
 2018-09-02 11:17:52 -05:00
Jordan Wright f09b448ec1 Added device details to clicked link and submitted data events. Fixes #1009 2018-06-12 20:37:09 -05:00
Jordan Wright b2bd879318 Implemented view change to HTML WSYWIG view when HTML is imported for landing pages and email templates. Fixes #1100 2018-06-11 20:16:28 -05:00
Jordan Wright 35a8f13990 Improved group CSV parsing. Added ability to download CSV template from the group modal. 2018-06-09 13:22:11 -05:00
Jordan Wright 222399c5f6 De-emphasized campaign report icon while we don't have clients available. 2018-05-24 20:32:08 -05:00
Jordan Wright 3a7a62e9d6
Changed /api/reset to require API key instead of just requiring a valid session. Fixes #1028 2018-03-29 20:59:26 -05:00
Jordan Wright 2131c17c33
Fixing SSRF by requiring an API key for all import endpoints. Fixes #1026 2018-03-26 21:04:22 -05:00
Jordan Wright 9ba3f04d1e
For now, avoid rendering the "campaign created" events on the timeline to make things more consolidated. Fixes #999 2018-03-22 22:16:59 -05:00
Jordan Wright f21536da7c
Adding "Report Email" Support (#1014) 
Adds the capability to report phishing campaigns using an email client extension.

**Note: Gophish does not currently provide an email client extension out of the box. This is simply a mechanism to let existing email client add-ons send report status information to Gophish, and have that information reflected in the dashboard.**
 2018-03-18 22:03:00 -05:00
Jordan Wright ea558522a0
Events are now displayed with per-second accuracy. Fixes #909 2018-01-13 18:41:08 -06:00
Jordan Wright 8def08f46d
Changed select2 dropdowns to be in alphabetical format. Fixes #899 2018-01-13 18:12:09 -06:00
Jordan Wright 76ece15b71
Email refactoring (#878) 
The initial pass at refactoring the way we send emails.
 2017-12-09 15:42:07 -06:00
Jordan Wright e785af5c0a Disabled turboThreshold to allow campaign timeline renders for campaigns with > 1k events. Fixes #765 
Moved datatables `draw()` functions to the end of a table render, rather than on every row
 2017-09-26 21:29:15 -05:00
Jordan Wright 8433882186 Updated papaparse. Changed export csv name to campaign.name - scope.csv syntax. Fixes #751 2017-09-19 20:33:26 -05:00
Jordan Wright 6f81f1f2e2 Making the results map an optional setting stored in localStorage. Fixes #747 
Also does more formatting fixes for various files.
 2017-09-16 23:30:04 -05:00
Jordan Wright 015ea9bc2d Fixing scrollbar on nested modals. Fixes #598 2017-09-08 22:00:06 -05:00
Jordan Wright ed217cd90e Cleaning up Sending Profile "Send Test Email" modal (plus general formatting cleanup) - Fixes #740 2017-09-05 22:06:22 -05:00
Jordan Wright ac3fe6aeae Fixed issue where imported email wasn't being cleared from modal. Also auto-formatted templates.js 2017-08-28 23:26:51 -05:00
Jordan Wright 58a57589bd Updates all datetimes to use UTC on the backend. This includes a DB migration to convert existing dates. 
Fixes #316
 2017-08-28 22:48:49 -05:00
Jordan Wright 75600f5812 Moved all charts from Chartist to Highcharts. Closes #680. 2017-08-05 21:12:44 -05:00
Jordan Wright ad45915aa2 Fixed recent campaign status colors on the dashboard (regression from 80c68194a6) 2017-06-19 12:34:45 -05:00