Commit Graph

96 Commits (fa1d4d74b0084965a15589f8e17e62daab740962)

Author SHA1 Message Date
Jordan Wright f7dee1e938 Removed directory listing of static assets. Fixes #1077. Fixes #815 2018-05-23 23:03:48 -05:00
Jordan Wright 5d23263898
Moved logging to logrus package. Not perfect yet (still want to update the access logs), but should set the foundation to make better logging in the future. 2018-05-03 19:07:41 -05:00
Jordan Wright 3a7a62e9d6
Changed /api/reset to require API key instead of just requiring a valid session. Fixes #1028 2018-03-29 20:59:26 -05:00
Jordan Wright 2131c17c33
Fixing SSRF by requiring an API key for all import endpoints. Fixes #1026 2018-03-26 21:04:22 -05:00
Jordan Wright aa8c770e73 Adding "next" parameter to support redirecting after successful login. 2017-12-10 21:40:46 -06:00
Jordan Wright 227da5c7b9 Change failed login status code to 401. Fixes #833 2017-12-10 18:11:32 -06:00
Jordan Wright e42302ebf9 Moved phishing handlers into separate file and added a ton of tests. 2017-06-08 23:41:38 -05:00
Jordan Wright 871114a17d Cleaning up RobotsHandler 2017-04-27 18:14:14 -05:00
Matt D 5f5c8141c9 Add robots.txt handler (#604)
Disallow all robots from accessing the phishing server, to prevent phishing materials from being indexed during campaigns.
2017-04-27 18:04:22 -05:00
Jordan Wright d67dcc889a Don't overwrite status to email opened if the user has already clicked the link or submitted data. Fixes #529 2017-02-23 23:23:05 -06:00
Jordan Wright 7453fd3b48 Added summary routes for groups.
Routes:
/api/groups/summary
/api/groups/:id/summary

The UI is now using these routes for the "Users & Groups" page.
2017-01-14 17:26:04 -06:00
Jordan Wright 8738ebbb35 Added campaign summary routes:
/api/campaigns/summary
/api/campaigns/:id/summary

This is part of #505
2017-01-05 21:48:54 -06:00
Jordan Wright 9982769d0f Making result statuses more granular as part of #505 2017-01-05 17:40:45 -06:00
Jordan Wright a05ee944a6 Added a route to allow paths in URL and still enable tracking. Fixes #498 2016-12-26 16:23:07 -06:00
Jordan Wright f195a8c7d9 Now recording address and user-agent when tracking pixel is requested. Fixes #427 2016-11-20 23:22:58 -06:00
Jordan Wright 7740bb3e95 Added ability to use {{.URL}} and {{.From}} in landing pages 2016-09-15 00:27:10 -05:00
Jordan Wright 103fd72cc8 Fixing context issues with Go 1.7. 2016-09-14 22:24:51 -05:00
Jordan Wright ac62f33e80 Now capturing IP and User Agent information in event logs. Fixes #280 2016-08-08 18:28:19 -05:00
Jordan Wright 33df3c3868 Added the version to the settings page. 2016-08-06 18:58:34 -05:00
Jordan Wright 2eb2bf90a1 Added ability to use template values in Landing Pages. Fixes #327 2016-07-24 19:37:14 -05:00
Jordan Wright 1dbf061d87 Implement the ability to complete a campaign. Fixes #290.
First implementation of new alert format.
2016-07-11 22:11:40 -05:00
Jordan Wright c5d6792bba Added /campaigns/:id/results endpoint to return campaign summary and make results page much quicker.
Fixes 282.
2016-06-07 22:31:55 -05:00
Jordan Wright 49b0646454 Fixed static file handling on phishing server + documentation. Fixes #164 2016-03-23 14:11:47 -05:00
Jordan Wright b10c4b3d3a Now returning valid tracking image. Fixes #202 2016-03-18 23:35:07 -05:00
Jordan Wright 52b9eda3b2 Added support for redirect URL's after creds are submitted. Fixes #210 2016-03-18 20:19:13 -05:00
Jordan Wright c979dbd58d Added support for X-Forwarded-For. Fixes #203 2016-03-10 18:54:30 -06:00
Jordan Wright 7bf2c00356 gofmt'ing 2016-02-21 21:09:14 -06:00
William Woodson 12823468d3 Fixed page titles for several routes 2016-02-20 17:46:22 -06:00
William Woodson 828e42bc3b Created routes, template, js for sending_profiles page 2016-02-20 17:24:08 -06:00
Jordan Wright 3d9e447992 Removing support for empty passwords - fixes #149 2016-02-13 16:37:12 -06:00
Jordan Wright fdfeafa1ec Restricted registration to only logged in users. Fixes #137 2016-02-09 22:19:06 -06:00
Jordan Wright 62ffbcceda Added check on email open to avoid overwriting the click/data submit events. Fixes #119 2016-02-08 19:50:21 -06:00
Jordan Wright 94e43fe557 Initial commit - adding db migration as well as the logic to add the payload 2016-01-31 19:50:41 -06:00
Jordan Wright e4d6e68147 Added ability to send a test email before launching a campaign 2016-01-24 20:03:53 -06:00
William Woodson 3a0fa4f93f Update bcrypt dependency and code moved to gophish group 2016-01-10 11:04:03 -06:00
Jordan Wright c6cd018536 Added IP, Lat and Lon to models.Result. Closes #47
Added basic mapping on campaign results. Closes #51
2016-01-04 00:04:10 -06:00
Jordan Wright 01c3da611b PhishHandler now loads landing page content. Fixes #37
Now supports autocomplete for modal typeahead. Fixes #40
Users can now specify landing pages in campaigns. Fixes #39
Implemented "Email Opened" status. Fixes #38
2015-10-22 22:29:10 -05:00
Jordan Wright 47619a8426 Fixing CSRF Exceptions 2015-10-03 15:55:06 -05:00
Jordan Wright 906c4e8a93 Adjusted CSRF whitelisted paths so remove dependency on / in path.
Fixes #31
2015-10-03 15:16:11 -05:00
unknown fc2aa71e91 Fixed settings - can now reset password, api key. 2015-08-15 16:03:39 -05:00
unknown 0e496bdf73 Migrated settings (at least it loads).
Working on making the template syntax consistent across all the files, cleaning them up, etc.
2015-06-21 16:10:47 -05:00
unknown e1eadc3892 Re-organizing files to use Jquery instead of Angular 2015-06-15 16:49:16 -05:00
unknown 7af35237a7 Working on tracking and email handling - want to make it as smooth as possible
Removed flash that shouldn't have been on the campaigns page
Added small time delay to prevent connection overload - might remove it later, but it'll be tricky
2015-06-12 23:12:43 -05:00
unknown 03b25f5fee Cleaning up a bit of controllers.js #12
Working on site clone and email import
2015-06-12 18:22:17 -05:00
unknown 66dbe2e799 Cleaned up error messages - *all* errors in JSON format
Cleaned up flashes - fixes #13
Added specified errors - more to come soon
Added Campaign validation
Added Group validation
Cleaned up the way angular errors are handled. Will double check, but for the most part fixes #11
Results are now shown on the webui with most recent shown first
Added comments, additional cleanup, etc.
2015-02-21 00:11:22 -06:00
unknown 759f86447d Working on importing emails from source (still doesn't work yet!) 2015-02-15 21:53:30 -06:00
unknown 4211abe78b Previewing Landing pages in a different window seems to work now.
Working on getting some site clone functionality working.
2015-02-08 18:37:07 -06:00
unknown f21d40d77a Registration works again.
Additional cleanup, removing unused code
2015-02-07 17:30:22 -06:00
unknown 669d96d279 More work implementing pages.
More cleanup - changing *all* API errors to be returned via JSON
Fixed bug where /api/pages/ was not csrf exempt
Changed db column/table names to be more user friendly in the case of acronyms (Id, SMTP, etc.)
2015-02-07 14:31:41 -06:00
unknown c8be0ddb74 Still working on pages integration. Added skeleton for page HTML previewing in a new browser.
Additional cleanup, documentation
Changed return values for /api/templates and /api/pages to return empty array [] if no results (like /api/campaigns was already doing)
2015-02-07 10:41:53 -06:00