GoPhish

GoPhish is an Open-Source Phishing Toolkit. It provides the ability to quickly and easily setup and execute Phishing Engagements and Security Awareness Training.

After Installing GoPhish we can Login with the Default Credentials: admin:gophish

Sending Profiles

Sending Profiles: Sending Profiles are the Connection Details required to actually send our Phishing E-Mails. This is just simply an SMTP Server that you have access to.

:: Profile Name
Name: Local Server

:: Who is Sending the E-Mail
From: email@provider.com

:: SMTP Server
:: MailHog etc.
Host: 127.0.0.1:25

Landing Pages

Landing Pages: this is the Website that the Phishing E-Mail is going to direct the Victim to. This Page is usually a Spoof of a Website the Victim is familiar with.

Settings
HTML Template

:: Name
Name: Website Login

:: Import Site (GoPhish has the ability to Import a Site from the URL)

:: HTML (Custom HTML Template of the Website)

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Website IT SUPPORT - Admin Panel</title>
    <style>
        body { font-family: "Ubuntu", monospace; text-align: center }
        div.login-form { margin:auto; width:300px; border:1px solid #ececec; padding:10px;text-align: left;font-size:13px;}
        div.login-form div input { margin-bottom:7px;}
        div.login-form input { width:280px;}
        div.login-form div:last-child { text-align: center; }
        div.login-form div:last-child input { width:100px;}
    </style>
</head>
<body>
    <h2>Website IT SUPPORT</h2>
    <h3>Admin Panel</h3>
    <form method="post">
        <div class="login-form">
            <div>Username:</div>
            <div><input name="username"></div>
            <div>Password:</div>
            <div><input type="password" name="password"></div>
            <div><input type="submit" value="Login"></div>
        </div>
    </form>
</body>
</html>

Email Templates

:: Name (E-Mail Template Name)
Name: IT E-Mail

:: Subject (New Message from IT Team)

:: HTML ➜ Link ➜ Display Text 
https://landing-phishing-page.com

:: HTML ➜ Link ➜ Protocol
<other>

:: HTML ➜ Link ➜ URL
{{.URL}}

Email Templates: This is the Design and Content of the E-Mail you're going to actually Send to the Victim. It will need to be Persuasive and contain a Link to your Landing Page to Enable us to Capture the Victim's Username and Password.

Users & Groups

Users & Groups: This is where we can store the E-Mail Addresses of our Intended Targets.

:: Group Name
Name: Targets

:: +Add (Add Target E-Mail)
user@website.com

Campaigns

Campaigns: This involves Sending E-Mails to one or more Groups and Monitoring for opened E-Mails, Clicked Links, or Submitted Credentials.

:: Campaign Name
Name: Campaign One

:: Email Template (Select the Name of the Template you Created)

:: Landing Page (Select the Name of the Landing Page you Created)

:: URL (Our Server IP)

:: Sending Profile (Local Server etc.)

:: Group (Select the Name of the Users & Groups you Created)

Results

The Results Page gives us an idea of how the Phishing Campaign is performing by letting us know how many E-Mails have been Delivered, Opened, Clicked and how many Users have submitted data to our Spoof Website.

Sending Profiles​

Landing Pages​

Email Templates​

Users & Groups​

Campaigns​

Results​