Paul Werther
f7991f7bf1
Merge a79ce72535
into 9561846979
2024-11-21 01:14:03 +00:00
Glenn Wilkinson
8e79294413
Added error handling to in-app reporting mechanism
2023-09-15 15:45:30 +01:00
Glenn Wilkinson
06e95c1fb8
Minified campaigns.js #2482
2022-09-14 11:29:18 +01:00
Vivek Kekuda
53537a221a
Fix resource selection during campaign copy ( #2482 )
...
Clear the selection of resource (template, page, profile) whenever the original
resource is deleted and there is only one currently available resource present
in the DB while copying a campaign. Without this fix, the only available
resource is shown as the original resource, instead of showing [Deleted].
2022-09-14 12:26:29 +02:00
Glenn Wilkinson
3863ad31b9
Fixed issue with sorting by login date of users
2022-08-26 23:09:14 +02:00
Glenn Wilkinson
32c0502999
Minified missing sending_profile file ( 741201b
)
2022-08-24 18:00:00 +02:00
Glenn Wilkinson
90cd444dcb
Minified template.js resolving #2545
2022-08-09 15:24:29 +01:00
Glenn Wilkinson
d0ff3829e5
Disallow deleting of admin user from the UI ( #2487 )
2022-06-01 17:01:55 +01:00
Glenn Wilkinson
0c255bbe92
Disallow changing of admin username from the UI ( #2487 )
2022-06-01 16:40:04 +01:00
Jake Walker
704e6d56b3
Fix modal titles saying new when editing existing content ( #2318 )
2022-04-15 16:28:19 +02:00
ptitdoc
bb516ef7ab
986 custom envelope sender remerge ( #2334 )
...
* Adds the ability to specify an envelope sender in templates (#986 )
Authored-by: ChessSpider <ChessSpider@users.noreply.github.com>
Authored-by: Olivier MEDOC <o_medoc@yahoo.fr>
Authored-by: ptitdoc <ptitdoc@free.fr>
2022-03-25 16:24:49 +01:00
Glenn Wilkinson
741201b7f0
Added JS for Fix sending profile form ( #2389 )
2022-02-16 15:30:38 +00:00
Mark Steward
1f95efcb7b
Fix sending profile form ( #2389 )
...
Credentials no longer suggested in the Search box in 'Sending Profiles'
2022-02-07 17:12:55 +01:00
Paul Werther
a79ce72535
implement mark submitted data as false positive, reference #1915
2021-05-19 13:31:56 +02:00
Glenn Wilkinson
ced5261678
Added functionality to lock accounts (+bug fix) ( #2060 )
...
* Added functionality to lock accounts
* Fixed typo and added test case for locked account
2020-12-07 08:56:05 -06:00
Jordan Wright
3c490dbadb
Updated JS from #1976
2020-09-30 22:00:15 -05:00
Glenn Wilkinson
b53cff0c98
Added functionality to display last user login ( #1967 )
...
Added functionality to display last login time for each user in the User Management page.
2020-09-30 21:06:08 -05:00
Jordan Wright
c1d3c7cd75
Modified frontend reporting logic to be more flexible with campaigns that include a path in their URL.
...
Fixes #1985
2020-09-23 21:15:19 -05:00
Jordan Wright
735880c398
Creating minified JS file from chnages in #1909
2020-08-08 15:04:59 -05:00
Glenn Wilkinson
0558da90fe
Added support to allow invalid IMAP certificates ( #1909 )
...
This commit allows self-signed certificates to be used in upstream IMAP connections.
2020-08-08 15:03:42 -05:00
Jordan Wright
90fed5a575
Added escaping for error message in sending profile hostname
2020-08-06 22:21:41 -05:00
Jordan Wright
b684fb4ebd
Fixing issue where campaigns aren't showing up in the archived tab if they have been marked as completed.
...
Fixes #1892
2020-07-25 14:47:37 -05:00
Jordan Wright
19ef924d89
Properly escaping server output when a request is made to ping a malicious webhook URL.
...
Fixes #1901
2020-07-24 23:04:55 -05:00
Jordan Wright
b25f5ac5e4
Updated PapaParse config to prevent CSV injection.
...
I've updated the PapaParse JS library to the latest version from the master branch which supports the `escapeForumlae` option in order to prevent malicious event entries from being parsed and executed by the Gophish user's spreadsheet software.
When a new PapaParse release is created, I'll update this code to use the updated minified file.
2020-07-24 22:44:24 -05:00
Jordan Wright
4e9b94b641
Fixed validation when setting IMAP hostname
2020-07-17 22:40:10 -05:00
Jordan Wright
bb7de8df3e
Initial Implementation of a Password Policy ( #1867 )
...
This PR adds the initial work to implement a password policy as defined in #1538 .
Specifically, this implements the following
* Rate limiting for the login handler
* Implementing the ability for system admins to require a user to reset their password
* Implementing a password policy that requires passwords to be a minimum of 8 characters
* Removes the default password (gophish) for admin users to instead have the password randomly generated when Gophish first starts up
* Adds a password strength meter when choosing a new password
Fixes #1538
2020-06-19 22:03:51 -05:00
Jordan Wright
ec8b17238e
General code cleanup as part of an effort to integrate staticcheck into our CI pipeline.
2020-05-25 21:46:36 -05:00
Jordan Wright
b57210f6e7
Rebuilt JS files from #1812
2020-05-24 22:24:57 -05:00
Jordan Wright
b29544c208
Rebuilding JS files from #1838
2020-05-23 12:56:18 -05:00
Prasoon Dwivedi
353639e168
Use GroupsSummary to create and copy campaign ( #1838 )
...
The Groups (get all groups and associated targets) call is used while
loading the modal for creating and copying a campaign. As the Groups API gets
all the associated targets for a groups as well, it slows the system
considerably if there are large number of groups and targets (~200
groups each with ~100-10000 targets).
As targets are not really needed in this workflow, this call can be
replaced by the GroupsSummary call.
2020-05-23 12:51:43 -05:00
Jordan Wright
726e3c96ac
Rebuilding JS files from #1830
2020-05-08 21:02:05 -05:00
Prasoon Dwivedi
40b77840f5
Add favicon ( #1831 )
...
Added favicon image and corrected the path to the favicon
2020-05-08 21:00:22 -05:00
Prasoon Dwivedi
116c2a7e7e
Load datatable rows all at once ( #1830 )
...
This change modifies how we populate DataTables to draw the table only once vs. drawing it when we add each new row. This should result in tables loading quicker.
2020-05-03 22:03:58 -05:00
Glenn Wilkinson
38a6a77c9c
Added ability to allow admin to 'su' to other accounts ( #1812 )
...
* Added ability to allow admin to 'su' to other accounts
* Naming convention and user message modifications
* Removed debug statement
2020-04-27 18:19:20 -05:00
Jordan Wright
118d9899d6
Updated minified scripts from #1772
2020-03-15 12:41:19 -05:00
Paul Werther
c0be58aa3d
Add "mark as reported" to results table ( #1772 )
...
This commit adds the ability to mark a result as reported directly from the campaign results view.
2020-03-15 12:38:51 -05:00
Jordan Wright
2e3aacd22d
Remove Unused Variable ( #1774 )
...
The timeline_series_data variable is created twice before using it. This resolves that.
2020-03-05 07:28:17 -06:00
Jordan Wright
ecb6d46914
Rebuilding minified JS to support #1722
2020-01-18 12:49:34 -06:00
Glenn Wilkinson
9de32746ee
Added IMAP support for checking reported emails ( #1612 )
...
Initial support of managing reporting through IMAP.
Co-Authored-By: Jordan Wright <jmwright798@gmail.com>
2020-01-18 11:58:34 -06:00
Jordan Wright
01287e0dd5
Minor cleanup on webhook feature integration
...
- Ran gofmt
- Rebuilt minified static files
- Updated validation payload
2019-12-15 22:07:55 -06:00
Alex Maslakov
28cd7a238e
Add Webhook Support
...
Adds support for managing outgoing webhooks. Closes #1602
2019-12-15 20:27:21 -06:00
Jordan Wright
6222c5e180
Upgrade SweetAlert2 Dependency ( #1583 )
...
Upgrades the SweetAlert2 dependency to version 8.x.x.
Co-authored-by: Glenn Wilkinson <glenn.wilkinson@gmail.com>
2019-09-10 19:49:23 -05:00
David Maciejak
24fe998a3a
Fix multiple XSS issues in User Management Page ( #1547 )
...
If the user name is embedding some JS code, it will be executed on the client side. Note: gophish/static/js/dist/app/users.min.js will need to be regenerated too.
2019-08-23 21:07:15 -05:00
Jordan Wright
a1a2de13a4
Added a check to ensure the target details are correct if manually created.
...
Fixes #1475
2019-05-31 19:31:16 -05:00
Jordan Wright
84096b8724
Implement User Management API ( #1473 )
...
This implements the first pass for a user management API allowing users with the `ModifySystem` permission to create, modify, and delete users. In addition to this, any user is able to use the API to view or modify their own account information.
2019-05-31 13:58:18 -05:00
Jordan Wright
6ca2b76ceb
Update Javascript Dependencies ( #1440 )
...
* updated devDependencies, migrated gulpfile.js to gulp 4.0 syntax (#1438 )
* Rebuilding JS dependencies with new gulp config. Updated yarn.lock.
Co-authored-by: Christian Schwartz <christian.schwartz@gmail.com>
2019-04-21 16:34:52 -05:00
Jordan Wright
2eb4f4d348
Move API key to Bearer Token ( #1439 )
...
* Moved api_key from URL to authorization header in requests (#1434 )
* Fixing some minor formatting and rebuilding minified JS
2019-04-21 15:21:36 -05:00
Jordan Wright
3cec2dabbf
Add Archived Campaigns View ( #1367 )
...
* Adding archived view for campaigns (#1334 )
* Formatted the code, did some very minor cleanup, and rebuilt the minified JS
Closes #448
2019-02-19 21:30:18 -06:00
Jordan Wright
ba8ceb81da
Initial commit of RBAC support. ( #1366 )
...
* Initial commit of RBAC support. Closes #1333
2019-02-19 20:33:50 -06:00
Jordan Wright
4ec9f07859
Updating campaign datepicker format to match other date formats. Fixes #1288
2018-12-30 14:26:35 -06:00