gophish v0.8 releases: Open-Source Phishing Toolkit
Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and executes phishing engagements and security awareness training.
The idea behind gophish is simple – make industry-grade phishing training available to everyone. “Available” in this case means two things –
- Affordable – Gophish is open-source software that is completely free for anyone to use.
- Accessible – Gophish is written in the Go programming language. This has the benefit that gophish releases are compiled binaries with no dependencies. In a nutshell, this makes installation as simple as “download and run”!
This release fixes a bunch of bugs, adds a few features, and lays the groundwork for really cool features to come.
This release includes initial support for Role-Based Access Control (RBAC). Specifically, it introduces global roles that separates admins from non-admins. You can find more information here.
Users with the admin role have access to the user management API. This API allows you to create and manage users programmatically. You can find documentation for this API here.
Added Docker Support
We’ve added a
Dockerfileso that you can build Gophish in a container. We’ll be uploading an official Docker image at
While this isn’t a user-facing change, it’s a big one. We’ve refactored a bunch of the code to be cleaner and more structured. This will help new developers coming into Gophish to get up and running more quickly.
Those are the big changes, but that’s certainly not everything! You can find a full changelog here.
Installation of Gophish is dead-simple – just download and extract the zip containing the release for your system, and run the binary. Gophish has binary releases for Windows, Mac, and Linux platforms.
open an Internet browser to https://localhost:3333
Registering a New User
By navigating to
your_site/register you can register a new user:
When you first launch gophish, you will be taken to the login page. The default credentials are
admin:gophish. Once logged in, it’s encouraged to change your password.
Changing Your Password & Updating Settings
By clicking the “Settings” tab, you will navigate to the settings page. This page allows you to change your password, as well as update your API key.
To change your password, simply submit your current password, as well as the new password you would like to use, and click “Save”. Any errors will be indicated on the page.
This page also provides the ability to reset your API key, which is strongly recommended when logging in for the first time. To reset your API key, simply click the “Reset” button next to the existing API key.
You might need to refresh the page before continuing to use gophish. This should be fixed soon.
Copyright (c) 2013 – 2018 Jordan Wright