Glenn Wilkinson
d046da81a5
Initial work on reported emails
2020-07-09 09:19:31 +01:00
Alex Maslakov
28cd7a238e
Add Webhook Support
...
Adds support for managing outgoing webhooks. Closes #1602
2019-12-15 20:27:21 -06:00
Jordan Wright
79e680e675
Updates the tls.Config of the phishing and admin servers to support TLS 1.2 as the minimum TLS version. This addresses #1691 and #1689 .
...
I am making this change since Microsoft, Google, and Apple have all chosen to deprecate TLS 1.0 and TLS 1.1 in early 2020. In late 2018, the companies recorded that less than 1.4 percent (max) of their connections used < TLS 1.2.
Output before change:
```
docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.internal:3333
Testing protocols via sockets except NPN+ALPN
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 offered (deprecated)
TLS 1.1 offered (deprecated)
TLS 1.2 offered (OK)
TLS 1.3 offered (OK): final
NPN/SPDY h2, http/1.1 (advertised)
ALPN/HTTP2 h2, http/1.1 (offered)
```
Output after change:
```
docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.internal:3333
Testing protocols via sockets except NPN+ALPN
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
TLS 1.2 offered (OK)
TLS 1.3 offered (OK): final
NPN/SPDY h2, http/1.1 (advertised)
ALPN/HTTP2 h2, http/1.1 (offered)
```
2019-12-11 19:52:41 -06:00
Glenn Wilkinson
28252bcb56
Will exit on port binding failure ( #1635 )
2019-10-28 21:38:59 -05:00
Jordan Wright
84096b8724
Implement User Management API ( #1473 )
...
This implements the first pass for a user management API allowing users with the `ModifySystem` permission to create, modify, and delete users. In addition to this, any user is able to use the API to view or modify their own account information.
2019-05-31 13:58:18 -05:00
Jordan Wright
1e0a78db30
Refactoring API into separate package for easier management. ( #1411 )
2019-03-26 22:17:20 -05:00
Jordan Wright
ba8ceb81da
Initial commit of RBAC support. ( #1366 )
...
* Initial commit of RBAC support. Closes #1333
2019-02-19 20:33:50 -06:00
Jordan Wright
a73ac4ab7c
Fixed various minor linting issues
2018-12-15 21:38:51 -06:00
Jordan Wright
47f0049c30
Refactor servers ( #1321 )
...
* Refactoring servers to support custom workers and graceful shutdown.
* Refactoring workers to support custom mailers.
* Refactoring mailer to be an interface, with proper instances instead of a single global instance
* Cleaning up a few things. Locking maillogs for campaigns set to launch immediately to prevent a race condition.
* Cleaning up API middleware to be simpler
* Moving template parameters to separate struct
* Changed LoadConfig to return config object
* Cleaned up some error handling, removing uninitialized global error in models package
* Changed static file serving to use the unindexed package
2018-12-15 15:42:32 -06:00
Jordan Wright
abafe3526b
Moved documentation links to point to docs.getgophish.com.
2018-10-11 12:06:36 -05:00
Jordan Wright
f7dee1e938
Removed directory listing of static assets. Fixes #1077 . Fixes #815
2018-05-23 23:03:48 -05:00
Jordan Wright
5d23263898
Moved logging to logrus package. Not perfect yet (still want to update the access logs), but should set the foundation to make better logging in the future.
2018-05-03 19:07:41 -05:00
Jordan Wright
3a7a62e9d6
Changed /api/reset to require API key instead of just requiring a valid session. Fixes #1028
2018-03-29 20:59:26 -05:00
Jordan Wright
2131c17c33
Fixing SSRF by requiring an API key for all import endpoints. Fixes #1026
2018-03-26 21:04:22 -05:00
Jordan Wright
aa8c770e73
Adding "next" parameter to support redirecting after successful login.
2017-12-10 21:40:46 -06:00
Jordan Wright
227da5c7b9
Change failed login status code to 401. Fixes #833
2017-12-10 18:11:32 -06:00
Jordan Wright
e42302ebf9
Moved phishing handlers into separate file and added a ton of tests.
2017-06-08 23:41:38 -05:00
Jordan Wright
871114a17d
Cleaning up RobotsHandler
2017-04-27 18:14:14 -05:00
Matt D
5f5c8141c9
Add robots.txt handler ( #604 )
...
Disallow all robots from accessing the phishing server, to prevent phishing materials from being indexed during campaigns.
2017-04-27 18:04:22 -05:00
Jordan Wright
d67dcc889a
Don't overwrite status to email opened if the user has already clicked the link or submitted data. Fixes #529
2017-02-23 23:23:05 -06:00
Jordan Wright
7453fd3b48
Added summary routes for groups.
...
Routes:
/api/groups/summary
/api/groups/:id/summary
The UI is now using these routes for the "Users & Groups" page.
2017-01-14 17:26:04 -06:00
Jordan Wright
8738ebbb35
Added campaign summary routes:
...
/api/campaigns/summary
/api/campaigns/:id/summary
This is part of #505
2017-01-05 21:48:54 -06:00
Jordan Wright
9982769d0f
Making result statuses more granular as part of #505
2017-01-05 17:40:45 -06:00
Jordan Wright
a05ee944a6
Added a route to allow paths in URL and still enable tracking. Fixes #498
2016-12-26 16:23:07 -06:00
Jordan Wright
f195a8c7d9
Now recording address and user-agent when tracking pixel is requested. Fixes #427
2016-11-20 23:22:58 -06:00
Jordan Wright
7740bb3e95
Added ability to use {{.URL}} and {{.From}} in landing pages
2016-09-15 00:27:10 -05:00
Jordan Wright
103fd72cc8
Fixing context issues with Go 1.7.
2016-09-14 22:24:51 -05:00
Jordan Wright
ac62f33e80
Now capturing IP and User Agent information in event logs. Fixes #280
2016-08-08 18:28:19 -05:00
Jordan Wright
33df3c3868
Added the version to the settings page.
2016-08-06 18:58:34 -05:00
Jordan Wright
2eb2bf90a1
Added ability to use template values in Landing Pages. Fixes #327
2016-07-24 19:37:14 -05:00
Jordan Wright
1dbf061d87
Implement the ability to complete a campaign. Fixes #290 .
...
First implementation of new alert format.
2016-07-11 22:11:40 -05:00
Jordan Wright
c5d6792bba
Added /campaigns/:id/results endpoint to return campaign summary and make results page much quicker.
...
Fixes 282.
2016-06-07 22:31:55 -05:00
Jordan Wright
49b0646454
Fixed static file handling on phishing server + documentation. Fixes #164
2016-03-23 14:11:47 -05:00
Jordan Wright
b10c4b3d3a
Now returning valid tracking image. Fixes #202
2016-03-18 23:35:07 -05:00
Jordan Wright
52b9eda3b2
Added support for redirect URL's after creds are submitted. Fixes #210
2016-03-18 20:19:13 -05:00
Jordan Wright
c979dbd58d
Added support for X-Forwarded-For. Fixes #203
2016-03-10 18:54:30 -06:00
Jordan Wright
7bf2c00356
gofmt'ing
2016-02-21 21:09:14 -06:00
William Woodson
12823468d3
Fixed page titles for several routes
2016-02-20 17:46:22 -06:00
William Woodson
828e42bc3b
Created routes, template, js for sending_profiles page
2016-02-20 17:24:08 -06:00
Jordan Wright
3d9e447992
Removing support for empty passwords - fixes #149
2016-02-13 16:37:12 -06:00
Jordan Wright
fdfeafa1ec
Restricted registration to only logged in users. Fixes #137
2016-02-09 22:19:06 -06:00
Jordan Wright
62ffbcceda
Added check on email open to avoid overwriting the click/data submit events. Fixes #119
2016-02-08 19:50:21 -06:00
Jordan Wright
94e43fe557
Initial commit - adding db migration as well as the logic to add the payload
2016-01-31 19:50:41 -06:00
Jordan Wright
e4d6e68147
Added ability to send a test email before launching a campaign
2016-01-24 20:03:53 -06:00
William Woodson
3a0fa4f93f
Update bcrypt dependency and code moved to gophish group
2016-01-10 11:04:03 -06:00
Jordan Wright
c6cd018536
Added IP, Lat and Lon to models.Result. Closes #47
...
Added basic mapping on campaign results. Closes #51
2016-01-04 00:04:10 -06:00
Jordan Wright
01c3da611b
PhishHandler now loads landing page content. Fixes #37
...
Now supports autocomplete for modal typeahead. Fixes #40
Users can now specify landing pages in campaigns. Fixes #39
Implemented "Email Opened" status. Fixes #38
2015-10-22 22:29:10 -05:00
Jordan Wright
47619a8426
Fixing CSRF Exceptions
2015-10-03 15:55:06 -05:00
Jordan Wright
906c4e8a93
Adjusted CSRF whitelisted paths so remove dependency on / in path.
...
Fixes #31
2015-10-03 15:16:11 -05:00
unknown
fc2aa71e91
Fixed settings - can now reset password, api key.
2015-08-15 16:03:39 -05:00