gophish v0.12.1 releases: Open-Source Phishing Toolkit

Gophish

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and executes phishing engagements and security awareness training.

The idea behind gophish is simple – make industry-grade phishing training available to everyone. “Available” in this case means two things –

• Affordable – Gophish is open-source software that is completely free for anyone to use.
• Accessible – Gophish is written in the Go programming language. This has the benefit that gophish releases are compiled binaries with no dependencies. In a nutshell, this makes installation as simple as “download and run”!

Changelog v0.12.1

Added Trusted Origins to CSRF Handler

We’ve added the ability to set trusted_origins in the config.json file. This allows you to add addresses that you expect incoming connections to come from, which is helpful in cases where TLS termination is handled by a load balancer upstream, rather than the application itself. This has been a long discussed and requested feature so it’s great to have! Thanks to @mcab and everyone else in this thread.

Updated Workflows

Our Continuous Integration workflow has been updated and is succeeding again. We’ve also updated the Release workflow, mitigating some security concerns and adapting it be able to build Windows releases again. These are (hopefully!) at the bottom of this post.

Minor fixes

Some JavaScript files hadn’t been minified properly, causing problems with adding customer headers. A small bug was fixed where copying a campaign would not show [Deleted] in an edge case – see #2482. Thanks @29vivek.

How to Upgrade

To upgrade, download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new Gophish binary and you’ll be good to go!

Install

Installation of Gophish is dead-simple – just download and extract the zip containing the release for your system, and run the binary. Gophish has binary releases for Windows, Mac, and Linux platforms.

Usage

open an Internet browser to https://localhost:3333

Registering a New User

By navigating to your_site/register you can register a new user:

Logging in

When you first launch gophish, you will be taken to the login page. The default credentials are admin:gophish. Once logged in, it’s encouraged to change your password.

Changing Your Password & Updating Settings

By clicking the “Settings” tab, you will navigate to the settings page. This page allows you to change your password, as well as update your API key.

To change your password, simply submit your current password, as well as the new password you would like to use, and click “Save”. Any errors will be indicated on the page.

This page also provides the ability to reset your API key, which is strongly recommended when logging in for the first time. To reset your API key, simply click the “Reset” button next to the existing API key.

You might need to refresh the page before continuing to use gophish. This should be fixed soon.

Documentation

Copyright (c) 2013 – 2018 Jordan Wright

Source: https://github.com