top of page
Search

Gophish is the open source, free, enterprise phishing solution of choice

  • Writer: Timmy TSENG
    Timmy TSENG
  • Apr 14, 2024
  • 2 min read

In today's context of increasing cybersecurity awareness, fighting against phishing attacks has become increasingly important. Gophish is an open-source phishing simulation tool that can help companies and organizations conduct phishing attack tests and improve employees' cybersecurity awareness. This article will introduce Gophish software in detail, including installation methods, software instructions, advantages, and conclusions.


1. Software Description

Gophish has the following core functions:

  1. Email templates: used to create email content and styles for simulated phishing attacks.

  2. Login Page Template: Used to create a login page for a simulated phishing attack.

  3. Mail server configuration: Set up the mail server used to send phishing emails.

  4. Recipient Groups: Group test objects for easier management and analysis.

  5. Run a simulated phishing attack: Select the appropriate email template, login page template, mail server configuration, and recipient groups to start a simulated phishing attack.

  6. Data Analysis: Gophish collects data from attacks so that users can analyze and improve cybersecurity awareness training.


2. Advantages

  1. Open source and free: Gophish is an open source software, free for both commercial and individual users, reducing the cost of use for enterprises and organizations.

  2. Easy to use: Gophish has an intuitive interface that even beginners can quickly get started without the need for complex network security expertise.

  3. High security: Gophish is only used to simulate phishing attacks and does not involve actual network intrusion behavior, providing a secure network environment testing platform for enterprises and organizations.

  4. Data visualization: Gophish can display the data collected during the fishing test in the form of charts to help users intuitively understand the test results and security risks.

  5. High flexibility: Gophish supports custom email templates and login page templates. Users can conduct tests according to their own needs to improve the targetedness of the test.

3. Conclusion

As an open-source phishing simulation tool, Gophish has become an important choice for enterprises and organizations to enhance their network security awareness due to its ease of use, security, and flexibility. By using Gophish to simulate phishing attack tests, enterprises and organizations can promptly discover potential security risks and take effective preventive measures to ensure network security.




Practical application case teaching


Buy a domain

Buy similar phishing domains at name.com

ree

Create a Titan Mail Account

Purchase Titan's email value-added services from name


ree

After purchasing from this place, you can create an email address with your own domain name.


Build Gophish server

Create a cloud server on GCP


ree

Here we use Ubuntu 20.04, and make sure to enable HTTP and HTTPS traffic at the bottom.

ree

After creating the machine, we use the browser to enter the machine

ree

Update apt version

sudo apt-get update


ree

Download gophish

git clone https://github.com/gophish/gophish.git


ree

Install golang

sudo apt install golang-go


ree

Compile gophish

go build gophish.go

ree

After compilation, gophish will be generated

ree

Modify the config.json configuration and change the listen_url in admin_server to 0.0.0.0:3333

ree

sudo ./gophish

Start the gophish service and you can see the account password and access address.

ree

Add GCP firewall to allow access to port 3333

Enter the firewall page

ree

Create a Policy

ree

The policy content allows inbound traffic on port 3333 of all entities in the project.

ree


Configure gophish service

Visit https://130.211.243.223:3333/ (please refer to your own GCP machine for the IP address)

Log in using the account and password displayed in the console just now

ree

Change password according to the prompts when logging in for the first time

ree

Log in to gophish homepage

ree

Create a recipient template named timmy, which contains a recipient email address qoo7972365@gmail.com

ree

Create a template named timmy_mail, with the sender as timmy@timmy.life, and the content

First, download the email content of purchasing the domain name in gmail

ree

Use a text editor to open the downloaded email content and copy all the content

ree

Select import email, paste all the content into it, and check change Links to Landing page

ree

Check add track image and save.

ree

Create a phishing email, create a page named name, and directly enter https://www.name.com/zh-cn/account/login in the import site field

ree

Create a fishing profile named timmy_titian, which contains the sender configuration

ree

Before saving, you can click Send Test Email and enter the recipient for testing. The following is the test email successfully received

ree

A fishing attack is launched

Set the first attack content in the campaign

ree

After starting, you can see in the panel that an email has been sent to the inbox qoo7972365@gmail.com

ree

Check the received phishing email in the mailbox and you can see that the link in the email has been replaced with the phishing page.

https://130.211.243.223/name?rid=L65ExKj

ree

Click the link here and you will be redirected to the phishing page we set up. Enter your account and password on the phishing page and they will be recorded and you will be redirected back to the official name.com homepage.

ree

Go back to the gophish homepage and you can see the account and password that have been recorded.

ree








 
 
 

Recent Posts

See All
AMON-Eye: Advanced Malware Toolkit

Overview In today's digital world, cyber threats have become increasingly serious, and malware attacks have posed a huge threat to the...

 
 
 

Comments

Copyright © 2022 by Thunder Shield Security Co., Ltd.

  • Instagram
  • Facebook
  • LinkedIn
bottom of page