Gophish (фишинг)

:::tip Формат страницы

Порядок действий описан по‑русски. В методике сохранены заголовки (частично локализованы типовые термины), таблицы, иллюстрации и блоки кода: команды и параметры на английском, без перевода синтаксиса.

:::

Порядок действий

1. Получите отдельное письменное разрешение на имитацию фишинга и социальную инженерию.
2. Определите целевую аудиторию, сценарий и границы (без вреда производству).
3. Проведите кампанию, фиксируя метрики и инциденты.
4. Технические шаги и команды ниже — без перевода.

Методика

Pre-Installation

sed -i 's/X-Gophish-Contact/<NEW_HEADER>/g' models/*.go

sed -i 's/X-Gophish-Signature/<NEW_SIGNATURE>/g' webhook/webhook.go

sed -i 's/const ServerName = "gophish"/const ServerName = "<NEW_SERVERNAME>"/' config/config.go

sed -i 's/const RecipientParameter = "rid"/const RecipientParameter = "<NEW_PARAMETER>"/g' models/campaign.go

Installation

git clone https://github.com/gophish/gophish.git
cd gophish
sudo go build

SQLite Error

go install github.com/gophish/gophish@latest
go: downloading github.com/gophish/gophish v0.11.0
# github.com/mattn/go-sqlite3
sqlite3-binding.c: In function ‘sqlite3SelectNew’:
sqlite3-binding.c:128049:10: warning: function may return address of local variable [-Wreturn-local-addr]
128049 |   return pNew;
       |          ^~~~
sqlite3-binding.c:128009:10: note: declared here
128009 |   Select standin;
       |          ^~~~~~~

sudo bash -c 'export CGO_CFLAGS="-g -O2 -Wno-return-local-addr"; go build'

Certificate creation

sudo apt-get update
sudo apt-get install certbot

sudo certbot certonly -d <PHISHING_DOMAIN> --manual --preferred-challenges dns

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/<DOMAIN>/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/<DOMAIN>/privkey.pem
   Your certificate will expire on 2022-12-11. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again. To non-interactively renew *all* of your
   certificates, run "certbot renew"

[...]
	"phish_server": {
    	"listen_url": "0.0.0.0:443",
        "use_tls": true,
        "cert_path": "fullchain.pem",
        "key_path": "privkey.pem"
[...]

Execution

cd ~/go/pkg/mod/github.com/gophish/gophish@v0.12.0
sudo ./gophish

OK    20201201000000_0.11.0_account_locked.sql
OK    20220321133237_0.4.1_envelope_sender.sql
time="2022-09-12T03:29:40-04:00" level=info msg="Please login with the username admin and the password c081abbdf3183a53"
time="2022-09-12T03:29:40-04:00" level=info msg="Creating new self-signed certificates for administration interface"

JavaScript library error

The resource from “https://127.0.0.1:3333/js/src/vendor/ckeditor/adapters/jquery.js” was blocked due to MIME type (“text/plain”) mismatch...

cd /tmp/
git clone -q https://github.com/gophish/gophish.git
sudo cp -r gophish/static/js/src/vendor/ ~/go/pkg/mod/github.com/gophish/gophish@*/static/js/src/

Emails - SMTP Server

sudo apt update && sudo apt -q install postfix -y

ngrok config add-authtoken <YOUR_AUTH_TOKEN>
ngrok tcp 25

Parsing results

cat <RESULTS.CSV> | grep "Clicked Link" | csvtool format '%(9)\n' - | sort -u > Clicked_link.txt

cat <RESULTS.CSV> | grep "Submitted Data" | csvtool format '%(9)\n' - | sort -u > Submitted_Data.txt

csvtool format '%(5)\n' <EVENTS_RAW.CSV> | grep -i password | jq '.payload | .username[0] +";" +.password[0]' | sort -u | tr -d '"' > credentials

Ссылки

---