gophish v0.7.1 releases: Open-Source Phishing Toolkit

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and executes phishing engagements and security awareness training.

The idea behind gophish is simple – make industry-grade phishing training available to everyone. “Available” in this case means two things –

  • Affordable – Gophish is open-source software that is completely free for anyone to use.
  • Accessible – Gophish is written in the Go programming language. This has the benefit that gophish releases are compiled binaries with no dependencies. In a nutshell, this makes installation as simple as “download and run”!

Changelog v0.7.1


In the previous version, we introduced the {{.BaseURL}} template variable that points to the root URL. This helps make things like pointing to static files easier. See #1189 for more details.

Turns out, this didn’t work for email template validation, since we weren’t checking for all possible template tags. I’m sorry for the inconvenience!

Should Be Fixed Now 😄

The good news is that this is fixed now, and should have only been an issue if you were trying to use the new {{.BaseURL}} tag. Since this was something I promised and it didn’t work, I wanted to roll out a hotfix.

For all the full details in the latest release, check out the 0.7.0 release notes.


Installation of Gophish is dead-simple – just download and extract the zip containing the release for your system, and run the binary. Gophish has binary releases for Windows, Mac, and Linux platforms.


open an Internet browser to https://localhost:3333

Registering a New User

By navigating to your_site/register you can register a new user:

Gophish Register Screenshot

Logging in

When you first launch gophish, you will be taken to the login page. The default credentials are admin:gophish. Once logged in, it’s encouraged to change your password.

Changing Your Password & Updating Settings

By clicking the “Settings” tab, you will navigate to the settings page. This page allows you to change your password, as well as update your API key.

Gophish Settings Page

To change your password, simply submit your current password, as well as the new password you would like to use, and click “Save”. Any errors will be indicated on the page.

This page also provides the ability to reset your API key, which is strongly recommended when logging in for the first time. To reset your API key, simply click the “Reset” button next to the existing API key.

You might need to refresh the page before continuing to use gophish. This should be fixed soon.


Copyright (c) 2013 – 2018 Jordan Wright