top of page
Writer's pictureTimmy TSENG

Gophish is the open source, free, enterprise phishing solution of choice

In today's context of increasing cybersecurity awareness, fighting against phishing attacks has become increasingly important. Gophish is an open-source phishing simulation tool that can help companies and organizations conduct phishing attack tests and improve employees' cybersecurity awareness. This article will introduce Gophish software in detail, including installation methods, software instructions, advantages, and conclusions.


1. Software Description

Gophish has the following core functions:

  1. Email templates: used to create email content and styles for simulated phishing attacks.

  2. Login Page Template: Used to create a login page for a simulated phishing attack.

  3. Mail server configuration: Set up the mail server used to send phishing emails.

  4. Recipient Groups: Group test objects for easier management and analysis.

  5. Run a simulated phishing attack: Select the appropriate email template, login page template, mail server configuration, and recipient groups to start a simulated phishing attack.

  6. Data Analysis: Gophish collects data from attacks so that users can analyze and improve cybersecurity awareness training.


2. Advantages

  1. Open source and free: Gophish is an open source software, free for both commercial and individual users, reducing the cost of use for enterprises and organizations.

  2. Easy to use: Gophish has an intuitive interface that even beginners can quickly get started without the need for complex network security expertise.

  3. High security: Gophish is only used to simulate phishing attacks and does not involve actual network intrusion behavior, providing a secure network environment testing platform for enterprises and organizations.

  4. Data visualization: Gophish can display the data collected during the fishing test in the form of charts to help users intuitively understand the test results and security risks.

  5. High flexibility: Gophish supports custom email templates and login page templates. Users can conduct tests according to their own needs to improve the targetedness of the test.

3. Conclusion

As an open-source phishing simulation tool, Gophish has become an important choice for enterprises and organizations to enhance their network security awareness due to its ease of use, security, and flexibility. By using Gophish to simulate phishing attack tests, enterprises and organizations can promptly discover potential security risks and take effective preventive measures to ensure network security.



 

Practical application case teaching


Buy a domain

Buy similar phishing domains at name.com


Create a Titan Mail Account


Build Gophish server

Create a cloud server on GCP


Here we use Ubuntu 20.04, and make sure to enable HTTP and HTTPS traffic at the bottom.

After creating the machine, we use the browser to enter the machine


Update apt version

sudo apt-get update



Download gophish

git clone https://github.com/gophish/gophish.git



Install golang

sudo apt install golang-go


Compile gophish

go build gophish.go

After compilation, gophish will be generated

Modify the config.json configuration and change the listen_url in admin_server to 0.0.0.0:3333


sudo ./gophish

Start the gophish service and you can see the account password and access address.


Add GCP firewall to allow access to port 3333


Configure gophish service

Visit https://130.211.243.223:3333/ (please refer to your own GCP machine for the IP address)

Log in using the account and password displayed in the console just now

Change password according to the prompts when logging in for the first time

Log in to gophish homepage

Create a recipient template named timmy, which contains a recipient email address qoo7972365@gmail.com

Create a template named timmy_mail, with the sender as timmy@timmy.life, and the content

First, download the email content of purchasing the domain name in gmail

Use a text editor to open the downloaded email content and copy all the content

Select import email, paste all the content into it, and check change Links to Landing page

Check add track image and save.


Create a phishing email, create a page named name, and directly enter https://www.name.com/zh-cn/account/login in the import site field

Create a fishing profile named timmy_titian, which contains the sender configuration

Before saving, you can click Send Test Email and enter the recipient for testing. The following is the test email successfully received


A fishing attack is launched








0 views0 comments

Recent Posts

See All

Comentarios


bottom of page