Gophish Update - Importing Sites and Emails

Introduction

I’m excited to announce that the gophish “alpha” release is almost complete! I’m just cleaning up a few bugs, touching some things up, etc. In the meantime, I wanted to write a quick post to show off some really slick features that I was able to add earlier than planned.

Creating pixel-perfect email templates and landing pages are crucial to delivering the best possible phishing training. Gophish has always had the ability to create these, but it was quite frankly a pain to use as you needed the raw HTML or text for both the email and site content. In this post, let’s take a look at how we can now import sites and emails directly into gophish.

Read More

Author image Jordan Wright on #gophish,

Gophish Update: Getting Closer to Alpha!

Introduction

It’s been a busy couple of months!

I thought it would be worth providing a long-overdue update into the development status of gophish. Overall, the project is getting closer to beta status every day, and I’m hoping to see a 0.1 release at the end of March.

Without further ado, let’s dive in and see where we’re at.

Read More

Building GoPhish - How to Send Email with Go

Introduction

I’ve been playing around with Go for about a month now, and I’ve really grown to like it. After getting used to the syntax and remembering what a pointer is for (thanks, Python), Go has become a favorite language to develop with. I’m even using it for the Matasano Crypto Challenges (which are awesome).

While the standard library in Go is definitely robust, being a young language, there are a few niceties that aren’t yet included. Sending email is one of them. Don’t get me wrong, Go has a wonderful SMTP package, MIME package, and even a Mail package (which only parses existing email messages). However, there is no library to actually create emails in a meaningful way. Since Gophish relies heavily on sending emails, I’ve sought to change this. And, after reading more RFC’s than I normally prefer, I believe I’ve created a package that provides intuitive, robust, and flexible email creation and sending called email.

Let’s see how to use it.

Read More

Building Gophish - Day 1

Introduction

Since the Simple Phishing Toolkit (SPT) was discontinued, I’ve wanted to create a simple, effective, and open-source phishing toolkit. In recent years, we’ve seen a rise in spear-phishing attacks targeting large organizations, most of which are largely successful. The goal of this toolkit will be to provide businesses and penetration testers with the ability to quickly and easily perform in-house or contracted phishing engagements, and track the responses to see where improvements can be made. This toolkit will be called gophish.

In addition to this, I’ve been casually poking around at go for a while now, and have decided it would be good to finally put it to use in a larger project. I’m a fan of seeing the steady development and updates of projects as they are created. I believe it can help keep the developer motivated and the users informed and involved, so this is what I’m going to do. Hopefully, these posts will allow others to learn alongside me, as well as spur improvements from experienced go developers so that gophish can be the best product possible.

With that being said - let’s get started!

Read More