Open-Source Phishing Toolkit
 
 
 
 
 
 
Go to file
ABerberovic 70397cae7f GUI functions don't send the API-Key in the bearer token anymore. API-Key is only sent from server to client in the settings page 2023-05-16 21:16:30 +02:00
.github/workflows Updated release workflow to mitigate set-env vulnerability and fix Windows build 2022-09-14 11:06:03 +01:00
ansible-playbook Updated the Ansible Playbook (#2138) 2021-12-23 19:13:43 +01:00
auth Initial Implementation of a Password Policy (#1867) 2020-06-19 22:03:51 -05:00
config Add Trusted Origins to CSRF Handler (#2301) 2022-09-06 16:20:19 +02:00
context Updated formatting and CI to be in line with more recent versions of go 2022-09-12 22:05:34 +01:00
controllers Add Trusted Origins to CSRF Handler (#2301) 2022-09-06 16:20:19 +02:00
db 986 custom envelope sender remerge (#2334) 2022-03-25 16:24:49 +01:00
dialer Implement SSRF Mitigations (#1940) 2020-08-20 09:36:18 -05:00
doc Adding first draft of CONTRIBUTING file and CLA. Fixes #57 2016-01-13 23:05:17 -06:00
docker Add Trusted Origins to CSRF Handler (#2301) 2022-09-06 16:20:19 +02:00
imap Fix code quality issues (#2118) 2021-02-24 17:34:38 -06:00
logger Refactoring Logging (#1722) 2020-01-16 22:21:58 -06:00
mailer Fixed formatting from Custom Envelope PR #2334 2022-06-05 21:18:32 +01:00
middleware GUI functions don't send the API-Key in the bearer token anymore. API-Key is only sent from server to client in the settings page 2023-05-16 21:16:30 +02:00
models Updated regex pattern to allow longer TLDs 2022-12-16 17:04:55 +00:00
static GUI functions don't send the API-Key in the bearer token anymore. API-Key is only sent from server to client in the settings page 2023-05-16 21:16:30 +02:00
templates GUI functions don't send the API-Key in the bearer token anymore. API-Key is only sent from server to client in the settings page 2023-05-16 21:16:30 +02:00
util Initial Implementation of a Password Policy (#1867) 2020-06-19 22:03:51 -05:00
webhook Implement SSRF Mitigations (#1940) 2020-08-20 09:36:18 -05:00
worker General code cleanup as part of an effort to integrate staticcheck into our CI pipeline. 2020-05-25 21:46:36 -05:00
.babelrc Implement User Management API (#1473) 2019-05-31 13:58:18 -05:00
.gitattributes Implement the ability to complete a campaign. Fixes #290. 2016-07-11 22:11:40 -05:00
.gitignore Add Webhook Support 2019-12-15 20:27:21 -06:00
CONTRIBUTING.md Adding first draft of CONTRIBUTING file and CLA. Fixes #57 2016-01-13 23:05:17 -06:00
Dockerfile Update Dockerfile (#2095) 2021-01-24 13:44:10 -06:00
ISSUE_TEMPLATE.md Create ISSUE_TEMPLATE.md 2017-11-01 21:06:24 -05:00
LICENSE Updated README to include GitHub Actions badge and update LICENSE copyright date 2020-02-01 22:11:34 -06:00
README.md Updated README.md with working source installation instructions (see https://github.com/golang/go/issues/48332) 2022-09-29 13:21:31 +01:00
SECURITY.md Create SECURITY.md 2020-07-24 23:14:29 -05:00
VERSION Bumped version to 0.12.1 2022-09-14 11:30:00 +01:00
config.json GUI functions don't send the API-Key in the bearer token anymore. API-Key is only sent from server to client in the settings page 2023-05-16 21:16:30 +02:00
go.mod Updated README.md with working source installation instructions (see https://github.com/golang/go/issues/48332) 2022-09-29 13:21:31 +01:00
go.sum Updated README.md with working source installation instructions (see https://github.com/golang/go/issues/48332) 2022-09-29 13:21:31 +01:00
gophish.go Implement SSRF Mitigations (#1940) 2020-08-20 09:36:18 -05:00
gulpfile.js Fix modal titles saying new when editing existing content (#2318) 2022-04-15 16:28:19 +02:00
package.json GUI functions don't send the API-Key in the bearer token anymore. API-Key is only sent from server to client in the settings page 2023-05-16 21:16:30 +02:00
webpack.config.js Initial Implementation of a Password Policy (#1867) 2020-06-19 22:03:51 -05:00
yarn.lock Fix modal titles saying new when editing existing content (#2318) 2022-04-15 16:28:19 +02:00

README.md

gophish logo

Gophish

Build Status GoDoc

Gophish: Open-Source Phishing Toolkit

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.

Install

Installation of Gophish is dead-simple - just download and extract the zip containing the release for your system, and run the binary. Gophish has binary releases for Windows, Mac, and Linux platforms.

Building From Source

If you are building from source, please note that Gophish requires Go v1.10 or above!

To build Gophish from source, simply run git clone https://github.com/gophish/gophish.git and cd into the project source directory. Then, run go build. After this, you should have a binary called gophish in the current directory.

Docker

You can also use Gophish via the official Docker container here.

Setup

After running the Gophish binary, open an Internet browser to https://localhost:3333 and login with the default username and password listed in the log output. e.g.

time="2020-07-29T01:24:08Z" level=info msg="Please login with the username admin and the password 4304d5255378177d"

Releases of Gophish prior to v0.10.1 have a default username of admin and password of gophish.

Documentation

Documentation can be found on our site. Find something missing? Let us know by filing an issue!

Issues

Find a bug? Want more features? Find something missing in the documentation? Let us know! Please don't hesitate to file an issue and we'll get right on it.

License

Gophish - Open-Source Phishing Framework

The MIT License (MIT)

Copyright (c) 2013 - 2020 Jordan Wright

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software ("Gophish Community Edition") and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.