You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Jordan Wright c1d3c7cd75 Modified frontend reporting logic to be more flexible with campaigns that include a path in their URL. 13 hours ago
.github/workflows Initial commit of automatic releases via GitHub Actions. 4 months ago
ansible-playbook Updated the Ansible role (#1786) 6 months ago
auth Initial Implementation of a Password Policy (#1867) 3 months ago
config Implement SSRF Mitigations (#1940) 1 month ago
context General code cleanup as part of an effort to integrate staticcheck into our CI pipeline. 4 months ago
controllers Added a simple Content-Security-Policy to mitigate clickjacking attempts. 1 month ago
db Added support to allow invalid IMAP certificates (#1909) 1 month ago
dialer Implement SSRF Mitigations (#1940) 1 month ago
doc Adding first draft of CONTRIBUTING file and CLA. Fixes #57 4 years ago
docker Improved Dockerfile and run script (#1579) 11 months ago
imap Modified regex to detect Microsoft ATP URLs (#1976) 13 hours ago
logger Refactoring Logging (#1722) 8 months ago
mailer General code cleanup as part of an effort to integrate staticcheck into our CI pipeline. 4 months ago
middleware Added a simple Content-Security-Policy to mitigate clickjacking attempts. 1 month ago
models Implement SSRF Mitigations (#1940) 1 month ago
static Modified frontend reporting logic to be more flexible with campaigns that include a path in their URL. 13 hours ago
templates Added support to allow invalid IMAP certificates (#1909) 1 month ago
util Initial Implementation of a Password Policy (#1867) 3 months ago
webhook Implement SSRF Mitigations (#1940) 1 month ago
worker General code cleanup as part of an effort to integrate staticcheck into our CI pipeline. 4 months ago
.babelrc Implement User Management API (#1473) 1 year ago
.gitattributes Implement the ability to complete a campaign. Fixes #290. 4 years ago
.gitignore Add Webhook Support 9 months ago
CONTRIBUTING.md Adding first draft of CONTRIBUTING file and CLA. Fixes #57 4 years ago
Dockerfile Updated the Dockerfile to allow the gophish binary to bind to privileged ports. Fixes #1660. 10 months ago
ISSUE_TEMPLATE.md Create ISSUE_TEMPLATE.md 2 years ago
LICENSE Updated README to include GitHub Actions badge and update LICENSE copyright date 7 months ago
README.md Update credentials in Readme. (#1914) 1 month ago
SECURITY.md Create SECURITY.md 2 months ago
VERSION Bumped version to 0.11.0 3 weeks ago
config.json Added IMAP support for checking reported emails (#1612) 8 months ago
go.mod Updated github.com/jordan-wright/email dependency 1 month ago
go.sum Updated github.com/jordan-wright/email dependency 1 month ago
gophish.go Implement SSRF Mitigations (#1940) 1 month ago
gulpfile.js Implement User Management API (#1473) 1 year ago
package.json Initial Implementation of a Password Policy (#1867) 3 months ago
webpack.config.js Initial Implementation of a Password Policy (#1867) 3 months ago
yarn.lock Bump elliptic from 6.4.1 to 6.5.3 (#1919) 1 month ago

README.md

gophish logo

Gophish

Build Status GoDoc

Gophish: Open-Source Phishing Toolkit

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.

Install

Installation of Gophish is dead-simple - just download and extract the zip containing the release for your system, and run the binary. Gophish has binary releases for Windows, Mac, and Linux platforms.

Building From Source

If you are building from source, please note that Gophish requires Go v1.10 or above!

To build Gophish from source, simply run go get github.com/gophish/gophish and cd into the project source directory. Then, run go build. After this, you should have a binary called gophish in the current directory.

Docker

You can also use Gophish via the official Docker container here.

Setup

After running the Gophish binary, open an Internet browser to https://localhost:3333 and login with the default username and password listed in the log output. e.g.

time="2020-07-29T01:24:08Z" level=info msg="Please login with the username admin and the password 4304d5255378177d"

Releases of Gophish prior to v0.10.1 have a default username of admin and password of gophish.

Documentation

Documentation can be found on our site. Find something missing? Let us know by filing an issue!

Issues

Find a bug? Want more features? Find something missing in the documentation? Let us know! Please don’t hesitate to file an issue and we’ll get right on it.

License

Gophish - Open-Source Phishing Framework

The MIT License (MIT)

Copyright (c) 2013 - 2020 Jordan Wright

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software ("Gophish Community Edition") and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.