You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Jordan Wright 8b8e88b077 Adjusting how we handle IP address parsing to more gracefully handle X-Forwarded-For headers. Ref #1999 1 month ago
.github/workflows Initial commit of automatic releases via GitHub Actions. 6 months ago
ansible-playbook Updated the Ansible role (#1786) 8 months ago
auth Initial Implementation of a Password Policy (#1867) 5 months ago
config Implement SSRF Mitigations (#1940) 3 months ago
context General code cleanup as part of an effort to integrate staticcheck into our CI pipeline. 6 months ago
controllers Adjusting how we handle IP address parsing to more gracefully handle X-Forwarded-For headers. Ref #1999 1 month ago
db Added functionality to display last user login (#1967) 1 month ago
dialer Implement SSRF Mitigations (#1940) 3 months ago
doc Adding first draft of CONTRIBUTING file and CLA. Fixes #57 4 years ago
docker Improved Dockerfile and run script (#1579) 1 year ago
imap Modified regex to detect Microsoft ATP URLs (#1976) 2 months ago
logger Refactoring Logging (#1722) 10 months ago
mailer General code cleanup as part of an effort to integrate staticcheck into our CI pipeline. 6 months ago
middleware Made error handling in the case of a client IP without a port more graceful, so that the ratelimiter doesn't return an error if X-Forwarded-For or X-Real-IP is set. 1 month ago
models Added functionality to display last user login (#1967) 1 month ago
static Updated JS from #1976 1 month ago
templates Added functionality to display last user login (#1967) 1 month ago
util Initial Implementation of a Password Policy (#1867) 5 months ago
webhook Implement SSRF Mitigations (#1940) 3 months ago
worker General code cleanup as part of an effort to integrate staticcheck into our CI pipeline. 6 months ago
.babelrc Implement User Management API (#1473) 1 year ago
.gitattributes Implement the ability to complete a campaign. Fixes #290. 4 years ago
.gitignore Add Webhook Support 11 months ago
CONTRIBUTING.md Adding first draft of CONTRIBUTING file and CLA. Fixes #57 4 years ago
Dockerfile Updated the Dockerfile to allow the gophish binary to bind to privileged ports. Fixes #1660. 1 year ago
ISSUE_TEMPLATE.md Create ISSUE_TEMPLATE.md 3 years ago
LICENSE Updated README to include GitHub Actions badge and update LICENSE copyright date 9 months ago
README.md Update credentials in Readme. (#1914) 4 months ago
SECURITY.md Create SECURITY.md 4 months ago
VERSION Bumped version to 0.11.0 2 months ago
config.json Added IMAP support for checking reported emails (#1612) 10 months ago
go.mod Removing accidental dependencies to revert to 3c490dbadb 1 month ago
go.sum Removing accidental dependencies to revert to 3c490dbadb 1 month ago
gophish.go Implement SSRF Mitigations (#1940) 3 months ago
gulpfile.js Implement User Management API (#1473) 1 year ago
package.json Initial Implementation of a Password Policy (#1867) 5 months ago
webpack.config.js Initial Implementation of a Password Policy (#1867) 5 months ago
yarn.lock Bump elliptic from 6.4.1 to 6.5.3 (#1919) 3 months ago

README.md

gophish logo

Gophish

Build Status GoDoc

Gophish: Open-Source Phishing Toolkit

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.

Install

Installation of Gophish is dead-simple - just download and extract the zip containing the release for your system, and run the binary. Gophish has binary releases for Windows, Mac, and Linux platforms.

Building From Source

If you are building from source, please note that Gophish requires Go v1.10 or above!

To build Gophish from source, simply run go get github.com/gophish/gophish and cd into the project source directory. Then, run go build. After this, you should have a binary called gophish in the current directory.

Docker

You can also use Gophish via the official Docker container here.

Setup

After running the Gophish binary, open an Internet browser to https://localhost:3333 and login with the default username and password listed in the log output. e.g.

time="2020-07-29T01:24:08Z" level=info msg="Please login with the username admin and the password 4304d5255378177d"

Releases of Gophish prior to v0.10.1 have a default username of admin and password of gophish.

Documentation

Documentation can be found on our site. Find something missing? Let us know by filing an issue!

Issues

Find a bug? Want more features? Find something missing in the documentation? Let us know! Please don’t hesitate to file an issue and we’ll get right on it.

License

Gophish - Open-Source Phishing Framework

The MIT License (MIT)

Copyright (c) 2013 - 2020 Jordan Wright

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software ("Gophish Community Edition") and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.