Commit Graph

64 Commits (db63ee978dcd678caee0db71e5e1b91f9f293880)

Author SHA1 Message Date
Jordan Wright 3c490dbadb Updated JS from #1976 2020-09-30 22:00:15 -05:00
Jordan Wright c1d3c7cd75 Modified frontend reporting logic to be more flexible with campaigns that include a path in their URL.
Fixes #1985
2020-09-23 21:15:19 -05:00
Jordan Wright 735880c398 Creating minified JS file from chnages in #1909 2020-08-08 15:04:59 -05:00
Jordan Wright 90fed5a575 Added escaping for error message in sending profile hostname 2020-08-06 22:21:41 -05:00
Jordan Wright b684fb4ebd Fixing issue where campaigns aren't showing up in the archived tab if they have been marked as completed.
Fixes #1892
2020-07-25 14:47:37 -05:00
Jordan Wright 19ef924d89 Properly escaping server output when a request is made to ping a malicious webhook URL.
Fixes #1901
2020-07-24 23:04:55 -05:00
Jordan Wright b25f5ac5e4 Updated PapaParse config to prevent CSV injection.
I've updated the PapaParse JS library to the latest version from the master branch which supports the `escapeForumlae` option in order to prevent malicious event entries from being parsed and executed by the Gophish user's spreadsheet software.

When a new PapaParse release is created, I'll update this code to use the updated minified file.
2020-07-24 22:44:24 -05:00
Jordan Wright 4e9b94b641 Fixed validation when setting IMAP hostname 2020-07-17 22:40:10 -05:00
Jordan Wright bb7de8df3e
Initial Implementation of a Password Policy (#1867)
This PR adds the initial work to implement a password policy as defined in #1538.

Specifically, this implements the following

* Rate limiting for the login handler
* Implementing the ability for system admins to require a user to reset their password
* Implementing a password policy that requires passwords to be a minimum of 8 characters
* Removes the default password (gophish) for admin users to instead have the password randomly generated when Gophish first starts up
* Adds a password strength meter when choosing a new password

Fixes #1538
2020-06-19 22:03:51 -05:00
Jordan Wright ec8b17238e General code cleanup as part of an effort to integrate staticcheck into our CI pipeline. 2020-05-25 21:46:36 -05:00
Jordan Wright b57210f6e7 Rebuilt JS files from #1812 2020-05-24 22:24:57 -05:00
Jordan Wright b29544c208 Rebuilding JS files from #1838 2020-05-23 12:56:18 -05:00
Jordan Wright 726e3c96ac Rebuilding JS files from #1830 2020-05-08 21:02:05 -05:00
Jordan Wright 118d9899d6 Updated minified scripts from #1772 2020-03-15 12:41:19 -05:00
Jordan Wright ecb6d46914 Rebuilding minified JS to support #1722 2020-01-18 12:49:34 -06:00
Jordan Wright 01287e0dd5 Minor cleanup on webhook feature integration
- Ran gofmt
- Rebuilt minified static files
- Updated validation payload
2019-12-15 22:07:55 -06:00
Jordan Wright 6222c5e180
Upgrade SweetAlert2 Dependency (#1583)
Upgrades the SweetAlert2 dependency to version 8.x.x.

Co-authored-by: Glenn Wilkinson <glenn.wilkinson@gmail.com>
2019-09-10 19:49:23 -05:00
Jordan Wright a1a2de13a4 Added a check to ensure the target details are correct if manually created.
Fixes #1475
2019-05-31 19:31:16 -05:00
Jordan Wright 84096b8724
Implement User Management API (#1473)
This implements the first pass for a user management API allowing users with the `ModifySystem` permission to create, modify, and delete users. In addition to this, any user is able to use the API to view or modify their own account information.
2019-05-31 13:58:18 -05:00
Jordan Wright 6ca2b76ceb
Update Javascript Dependencies (#1440)
* updated devDependencies, migrated gulpfile.js to gulp 4.0 syntax (#1438)

* Rebuilding JS dependencies with new gulp config. Updated yarn.lock.

Co-authored-by: Christian Schwartz <christian.schwartz@gmail.com>
2019-04-21 16:34:52 -05:00
Jordan Wright 2eb4f4d348
Move API key to Bearer Token (#1439)
* Moved api_key from URL to authorization header in requests (#1434)

* Fixing some minor formatting and rebuilding minified JS
2019-04-21 15:21:36 -05:00
Jordan Wright 3cec2dabbf
Add Archived Campaigns View (#1367)
* Adding archived view for campaigns (#1334)

* Formatted the code, did some very minor cleanup, and rebuilt the minified JS

Closes #448
2019-02-19 21:30:18 -06:00
Jordan Wright ba8ceb81da
Initial commit of RBAC support. (#1366)
* Initial commit of RBAC support. Closes #1333
2019-02-19 20:33:50 -06:00
Jordan Wright 4ec9f07859 Updating campaign datepicker format to match other date formats. Fixes #1288 2018-12-30 14:26:35 -06:00
Jordan Wright b4ff771b3a Added autocomplete for template tags to the editor for email templates and landing pages. 2018-12-30 00:02:41 -06:00
Jordan Wright 191ec6e436 Added the CKEditor link dialog fixes to the email templates 2018-12-27 15:04:24 -06:00
Jordan Wright ea97d6257d Cleaned up CKEditor link dialog to be more simple. Related to #1327 2018-12-27 14:54:04 -06:00
Jordan Wright 3b248d25c7
Make Campaign Results Pie Chart Consistent with Dashboard (#1272) 2018-11-11 15:37:49 -06:00
Jordan Wright 468da007d5 Added result ID to campaign results view. Fixes #1239 2018-10-18 15:05:59 -05:00
Jordan Wright ebc099b6c2 Changed modals to avoid exiting when the user clicks outside them. Fixes #1236 2018-10-15 10:40:57 -05:00
Jordan Wright c315867cea Removing console debug statements 2018-10-03 15:00:56 -05:00
Jordan Wright a0c1860a0a Fixed bug when copying campaign.
Fixes #549
Fixes #898
2018-10-03 15:00:08 -05:00
Jordan Wright c9e800dda7 Updated campaigns.js to automatically default dropdown values if only one option is available. 2018-09-09 15:08:52 -05:00
Jordan Wright de3c3a2e9c Fixed ability to sort campaign results by reported status. Fixes #1157 2018-09-02 12:18:41 -05:00
Jordan Wright fa1d4d74b0 Added sweetalert2 delete dialogs to all objects for consistency. 2018-09-02 12:11:06 -05:00
Jordan Wright 7dcf30f277
Add Support for Timed Campaigns (#1184)
This builds on the work from @c-f in #1090 to fully add support for "timed" campaigns, in which the emails are spaced apart as opposed to all being sent at once.
2018-09-02 11:17:52 -05:00
Jordan Wright f09b448ec1 Added device details to clicked link and submitted data events. Fixes #1009 2018-06-12 20:37:09 -05:00
Jordan Wright b2bd879318 Implemented view change to HTML WSYWIG view when HTML is imported for landing pages and email templates. Fixes #1100 2018-06-11 20:16:28 -05:00
Jordan Wright 35a8f13990 Improved group CSV parsing. Added ability to download CSV template from the group modal. 2018-06-09 13:22:11 -05:00
Jordan Wright 222399c5f6 De-emphasized campaign report icon while we don't have clients available. 2018-05-24 20:32:08 -05:00
Jordan Wright 3a7a62e9d6
Changed /api/reset to require API key instead of just requiring a valid session. Fixes #1028 2018-03-29 20:59:26 -05:00
Jordan Wright 2131c17c33
Fixing SSRF by requiring an API key for all import endpoints. Fixes #1026 2018-03-26 21:04:22 -05:00
Jordan Wright 9ba3f04d1e
For now, avoid rendering the "campaign created" events on the timeline to make things more consolidated. Fixes #999 2018-03-22 22:16:59 -05:00
Jordan Wright f21536da7c
Adding "Report Email" Support (#1014)
Adds the capability to report phishing campaigns using an email client extension.

**Note: Gophish does not currently provide an email client extension out of the box. This is simply a mechanism to let existing email client add-ons send report status information to Gophish, and have that information reflected in the dashboard.**
2018-03-18 22:03:00 -05:00
Jordan Wright ea558522a0
Events are now displayed with per-second accuracy. Fixes #909 2018-01-13 18:41:08 -06:00
Jordan Wright 8def08f46d
Changed select2 dropdowns to be in alphabetical format. Fixes #899 2018-01-13 18:12:09 -06:00
Jordan Wright 76ece15b71
Email refactoring (#878)
The initial pass at refactoring the way we send emails.
2017-12-09 15:42:07 -06:00
Jordan Wright e785af5c0a Disabled turboThreshold to allow campaign timeline renders for campaigns with > 1k events. Fixes #765
Moved datatables `draw()` functions to the end of a table render, rather than on every row
2017-09-26 21:29:15 -05:00
Jordan Wright 8433882186 Updated papaparse. Changed export csv name to campaign.name - scope.csv syntax. Fixes #751 2017-09-19 20:33:26 -05:00
Jordan Wright 6f81f1f2e2 Making the results map an optional setting stored in localStorage. Fixes #747
Also does more formatting fixes for various files.
2017-09-16 23:30:04 -05:00