Commit Graph

815 Commits (ba90b89c0b8f0f528a213c5d7628ce0c7f56e41d)

Author SHA1 Message Date
ABerberovic ba90b89c0b fixed variable declaration 2023-05-16 21:16:42 +02:00
ABerberovic 61b523938c cleared for merge with official repository 2023-05-16 21:16:42 +02:00
ABerberovic 7237dbe9c5 var "user" in base.html doesn't have to be a tupel anymore 2023-05-16 21:16:42 +02:00
ABerberovic 70397cae7f GUI functions don't send the API-Key in the bearer token anymore. API-Key is only sent from server to client in the settings page 2023-05-16 21:16:30 +02:00
Eicke Hauck 8c122e1ff7 Removed checking of bearer token in favor of the login cookie for authorizing web interface requests 2023-05-16 21:10:45 +02:00
Glenn Wilkinson d2efb18ef1
Updated regex pattern to allow longer TLDs 2022-12-16 17:04:55 +00:00
tcastron 2d08befb6b
Modified "SMTP From" field to avoid SMTP server errors with RFC 5321 (#2669)
Co-authored-by: Thomas Castronovo <thocastronovo@cic.be>
2022-11-29 16:41:10 +00:00
Vivek Kekuda cec2da5128
Fix new records being added on completing a campaign (#2599)
There were new records with name '[Deleted]' being added when a campaign was
completed. This used to happen when the resource associated with a campaign
(template, page, profile) was deleted before marking the campaign as
completed. The save gorm call used to upsert these values and ended up adding
rogue records.
2022-10-13 16:16:37 +01:00
Glenn Wilkinson 095a9ba20c Updated README.md with working source installation instructions (see https://github.com/golang/go/issues/48332) 2022-09-29 13:21:31 +01:00
Glenn Wilkinson b1648f0759 Bumped version to 0.12.1 2022-09-14 11:30:00 +01:00
Glenn Wilkinson 06e95c1fb8 Minified campaigns.js #2482 2022-09-14 11:29:18 +01:00
Vivek Kekuda 53537a221a
Fix resource selection during campaign copy (#2482)
Clear the selection of resource (template, page, profile) whenever the original
resource is deleted and there is only one currently available resource present
in the DB while copying a campaign. Without this fix, the only available
resource is shown as the original resource, instead of showing [Deleted].
2022-09-14 12:26:29 +02:00
Glenn Wilkinson 2b85a2bda5 Updated release workflow to mitigate set-env vulnerability and fix Windows build 2022-09-14 11:06:03 +01:00
Glenn Wilkinson a53665b1b6 Updated formatting and CI to be in line with more recent versions of go 2022-09-12 22:05:34 +01:00
Mark Cabanero 78e9a51168
Add Trusted Origins to CSRF Handler (#2301)
Enables the user to add addresses that they expect incoming connections
to come from. Helpful in cases where TLS termination is handled by a
load balancer upstream, rather than the application itself.
2022-09-06 16:20:19 +02:00
Glenn Wilkinson 3863ad31b9 Fixed issue with sorting by login date of users 2022-08-26 23:09:14 +02:00
Glenn Wilkinson 34f7457294
Update README.md
Updated installation command
2022-08-25 15:28:54 +02:00
Glenn Wilkinson 32c0502999 Minified missing sending_profile file (741201b) 2022-08-24 18:00:00 +02:00
Glenn Wilkinson 6b61426aab Bumped version to 0.12.0 2022-08-12 21:31:43 +02:00
Glenn Wilkinson 90cd444dcb Minified template.js resolving #2545 2022-08-09 15:24:29 +01:00
Glenn Wilkinson 5ef2d75e72 Fixed Account Locked bug, allowing user accounts to be locked 2022-06-11 11:25:56 +01:00
Glenn Wilkinson 6fb77bf3ce Fixed formatting from Custom Envelope PR #2334 2022-06-05 21:18:32 +01:00
Glenn Wilkinson d0ff3829e5 Disallow deleting of admin user from the UI (#2487) 2022-06-01 17:01:55 +01:00
Glenn Wilkinson 0c255bbe92 Disallow changing of admin username from the UI (#2487) 2022-06-01 16:40:04 +01:00
Bálint József Jánvári b7c69662ce
Embed or attach files based on their file extension (#1525)
Embed or attach files based on their file extension:
 * Set 'Content-Disposition: inline' for images
 * Set 'Content-Disposition: attachment' for other files
2022-06-01 17:14:22 +02:00
Jake Walker 704e6d56b3
Fix modal titles saying new when editing existing content (#2318) 2022-04-15 16:28:19 +02:00
ptitdoc bb516ef7ab
986 custom envelope sender remerge (#2334)
* Adds the ability to specify an envelope sender in templates (#986)

Authored-by: ChessSpider <ChessSpider@users.noreply.github.com>
Authored-by: Olivier MEDOC <o_medoc@yahoo.fr>
Authored-by: ptitdoc <ptitdoc@free.fr>
2022-03-25 16:24:49 +01:00
dependabot[bot] e0acb99734
Bump minimist from 1.2.0 to 1.2.5 (#2401)
Bumps [minimist](https://github.com/substack/minimist) from 1.2.0 to 1.2.5.
- [Release notes](https://github.com/substack/minimist/releases)
- [Commits](https://github.com/substack/minimist/compare/1.2.0...1.2.5)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-25 13:10:19 +01:00
dependabot[bot] eb016a437c
Bump copy-props from 2.0.4 to 2.0.5 (#2399)
Bumps [copy-props](https://github.com/gulpjs/copy-props) from 2.0.4 to 2.0.5.
- [Release notes](https://github.com/gulpjs/copy-props/releases)
- [Changelog](https://github.com/gulpjs/copy-props/blob/master/CHANGELOG.md)
- [Commits](https://github.com/gulpjs/copy-props/compare/2.0.4...2.0.5)

---
updated-dependencies:
- dependency-name: copy-props
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-17 15:03:51 +01:00
Kirill 67e304f372
Fix open redirect vulnerability on the login page (#2262) 2022-02-16 17:26:51 +01:00
dependabot[bot] e215132bdf
Bump ajv from 6.10.0 to 6.12.6 (#2395)
Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.10.0 to 6.12.6.
- [Release notes](https://github.com/ajv-validator/ajv/releases)
- [Commits](https://github.com/ajv-validator/ajv/compare/v6.10.0...v6.12.6)

---
updated-dependencies:
- dependency-name: ajv
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-16 16:46:30 +01:00
Glenn Wilkinson 741201b7f0 Added JS for Fix sending profile form (#2389) 2022-02-16 15:30:38 +00:00
Mark Steward 1f95efcb7b
Fix sending profile form (#2389)
Credentials no longer suggested in the Search box in 'Sending Profiles'
2022-02-07 17:12:55 +01:00
Glenn Wilkinson a6627dfc6b
Added support for templating attachments (#1936)
The following attachment types support template variables: docx, docm, pptx, xlsx, xlsm, txt, html, ics.
2022-02-02 15:41:27 +01:00
Bilal Retiat 0646f14c99
Updated the Ansible Playbook (#2138)
* Update Ansible role
* lint Ansible role
* Update Ansible Playbook README
* use python3 packages instead python2
2021-12-23 19:13:43 +01:00
Glenn Wilkinson ceab0509eb
Merge pull request #2296 from gophish/dependabot/npm_and_yarn/tar-4.4.19
Bump tar from 4.4.8 to 4.4.19
2021-12-18 09:49:34 +01:00
Glenn Wilkinson 202ecd3397
Merge pull request #2277 from gophish/dependabot/npm_and_yarn/path-parse-1.0.7
Bump path-parse from 1.0.6 to 1.0.7
2021-12-18 09:49:20 +01:00
Glenn Wilkinson 4b106b3fe2
Merge pull request #2211 from gophish/dependabot/npm_and_yarn/browserslist-4.16.6
Bump browserslist from 4.6.1 to 4.16.6
2021-12-18 09:49:11 +01:00
Glenn Wilkinson 1d18ea7e01
Merge pull request #2196 from gophish/dependabot/npm_and_yarn/hosted-git-info-2.8.9
Bump hosted-git-info from 2.7.1 to 2.8.9
2021-12-18 09:48:50 +01:00
Glenn Wilkinson b3f0bad5ce
Merge pull request #2195 from gophish/dependabot/npm_and_yarn/lodash-4.17.21
Bump lodash from 4.17.19 to 4.17.21
2021-12-18 09:48:41 +01:00
Glenn Wilkinson 12ecfd84cc
Merge pull request #2182 from gophish/dependabot/npm_and_yarn/ssri-6.0.2
Bump ssri from 6.0.1 to 6.0.2
2021-12-18 09:48:33 +01:00
Glenn Wilkinson 4814620cdc
Merge pull request #2157 from gophish/dependabot/npm_and_yarn/y18n-3.2.2
Bump y18n from 3.2.1 to 3.2.2
2021-12-18 09:48:00 +01:00
dependabot[bot] 003d143641
Bump tar from 4.4.8 to 4.4.19
Bumps [tar](https://github.com/npm/node-tar) from 4.4.8 to 4.4.19.
- [Release notes](https://github.com/npm/node-tar/releases)
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-tar/compare/v4.4.8...v4.4.19)

---
updated-dependencies:
- dependency-name: tar
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-09-01 04:00:10 +00:00
dependabot[bot] f89c85f558
Bump path-parse from 1.0.6 to 1.0.7
Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases)
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

---
updated-dependencies:
- dependency-name: path-parse
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-08-10 23:42:11 +00:00
dependabot[bot] 5aa3a858cb
Bump browserslist from 4.6.1 to 4.16.6
Bumps [browserslist](https://github.com/browserslist/browserslist) from 4.6.1 to 4.16.6.
- [Release notes](https://github.com/browserslist/browserslist/releases)
- [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md)
- [Commits](https://github.com/browserslist/browserslist/compare/4.6.1...4.16.6)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-25 07:33:27 +00:00
dependabot[bot] 82fd6adf68
Bump hosted-git-info from 2.7.1 to 2.8.9
Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.7.1 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases)
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md)
- [Commits](https://github.com/npm/hosted-git-info/compare/v2.7.1...v2.8.9)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-10 07:08:01 +00:00
dependabot[bot] 5fc6ba6bef
Bump lodash from 4.17.19 to 4.17.21
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.19 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.19...4.17.21)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-08 15:03:26 +00:00
dependabot[bot] a5b3b134ba
Bump ssri from 6.0.1 to 6.0.2
Bumps [ssri](https://github.com/npm/ssri) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/npm/ssri/releases)
- [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md)
- [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2)

Signed-off-by: dependabot[bot] <support@github.com>
2021-04-29 18:52:25 +00:00
dependabot[bot] f722065018
Bump y18n from 3.2.1 to 3.2.2
Bumps [y18n](https://github.com/yargs/y18n) from 3.2.1 to 3.2.2.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Signed-off-by: dependabot[bot] <support@github.com>
2021-03-30 15:39:51 +00:00
dependabot[bot] db63ee978d
Bump yargs-parser from 5.0.0 to 5.0.1 (#2151) 2021-03-28 15:40:31 -05:00