Hello learners, In this guide we will install gophish phishing framework on Kali Linux OS.
Overview on Gophish
This is a phishing tool that makes carrying out real-world phishing campaigns dead simple for cybersecurity professionals. This has made carrying out corporate cybersecurity tests on employees easy since it combines all the necessary tools under one tool. Gophish is written in Go programming language making it easy for the user to build it from source.
Requirements
- Have a PC running on Linux preferably Kali linux.
- Have GO language and a C compiler installed.(Installing GO Language)
- Have beginner level programming knowledge.
With that let’s jump right into our tutorial.
Downloading and installing gophish
There are two ways of installing gophish to a PC, the first is by downloading pre-built binaries and the other one is installing from the source. In this guide we will be installing using pre-built binaries.
Step 1: Installing gophish using pre-built binaries
When installing gophish using pre-built binaries, the first step will be to download ZIP file which contains the binaries built for your operating system. The different binaries can be found on their official repository on github. Once the download is complete, we can extract the contents of the zip file to a location of our liking on the PC as shown below.
unzip gophish-v0.11.0.zip /path to your destination folder
Step 2: Gophish necessary permissions
After we are done with unzipping, we navigate to the newly created folder where gophish has been extracted and give it the necessary permissions for it to run without permission restrictions using the below command.
chmod +x gophish
Step 3: Configure config.json
In gophish, these file contains some important configurations which ensure it is running as it is supposed to. The config.json
file configurations are as shown below.
{ "admin_server": { "listen_url": "127.0.0.1:3333", "use_tls": true, "cert_path": "gophish_admin.crt", "key_path": "gophish_admin.key" }, "phish_server": { "listen_url": "0.0.0.0:80", "use_tls": false, "cert_path": "example.crt", "key_path": "example.key" }, "db_name": "sqlite3", "db_path": "gophish.db", "migrations_prefix": "db/db_", "contact_address": "", "logging": { "filename": "", "level": "" } }
The first part at the start contains the admin server configurations, We have the admin server listen URL “127.0.0.1:333
” and the SSL certificates and key. When running gophish on a VPS and want admin server to be accessible via the internet, this should be changed to “0.0.0.0:3333
”.
Second part of the configuration contains the phish server configurations. The listen URL for the phishing server and the certificates for the phishing server.
The last section contains the database configuration. The framework is pre-configured to use SQLite database but a user can change the default database to fit his/her needs by changing the name and path of the database.
config.json
to the wrong user especially when using the framework over the internet.The admin server should only be exposed to the internet if needed.
Step 4: Running gophish
Having setup everything we are now ready to run the framework for the first time. We use the command.
./gophish
When you run gophish for the first time, the default username is “admin” while the default password can be found on the terminal where it is running.
Step 5: Logging into gophish
As shown on the above screen our admin server is at https://127.0.0.0.1:3333. We open our browser and navigate to the said URL. On the screen we also have our default password which is highlighted by the red box on the screen above.
Step 6: Resetting the password
Once we login for the first time, we are required to create a new password which is more secure and one which we can be able to remember. Down below the reset password box, we have an indicator for the strength of our password. This ensure we use a much stronger password.
Once the password is reset we will be logged in and ready to start our campaign. The framework has various pages within it and each page has its own purpose. The pages are as explained below.
Overview on Gophish Dashboard
1. Dashboard
On this page we can view the results of phishing mailer that we will create. Depending on the tittles we will provide the results will be analyzed and output given on this page.
2. Campaigns
This is the page where will be viewing all the campaigns we have created and can also create new campaigns here. You may be required to provide some information when creating a new campaign. Information required include; campaign name, Email template, Landing page, URL, Date of launch and the sending profiles.
3. Users & Groups
On this page, we add the target groups including their first and last name. When using the framework on a corporate setups, the groups will be the different departments of the organization. This is useful since you will apply different social engineering skills on different departments of a corporate. Gophish provides an option where you can import the CSV file containing the groups related information it just a click of a button.
4. Email templates
This is the pages where we create the different email templates when using the framework in our campaigns. There is an option to add already made email templates which you can use for your campaigns. There is no limit to the number of email templates you can add.
5. Landing page
After the user clicks on the phishing link found on the email, he/she is directed to a phishing page. This is the page called Landing Page on gophish. The framework also has an option where the user can capture all the entered passwords with just a click of a button. You can import or design a landing page by yourself on this page. You can also add a redirection webpage where the victim will be redirected after providing his/her credentials to the malicious webpage.
6. Sending profiles page
This is the page where we will add the email SMTP information for the purpose of sending the emails using gophish. A user can add multiple sending profiles to make sure they suit each of the target group.
7. Account settings
This page has options where you can adjust the default settings to fit what you would like. You can change your user password on this page, Change the UI of the campaign reports to view a map of the results and configure an IMAP account for the sake of receiving reports of emails reported by users.
8. Users management
This page is only accessible to the administrator of the specific gophish instance. Here an admin can add new users and perform other administration roles. i.e. Giving administrator and revoking rights and removing users.
9. Webhooks page
As an administrator, you may need to get reports of the event as they happen. You can configure the framework to push this messages to your own webhook hence keeping you updated with what is happening on the gophish even when you are far from its access.
Conclusion
In the above guide we were able to to install and run Gophish phishing framework on our hacking lab. We were also able to learn different functions found within the gophish which make it the right tool for the job. Through using gophish, cybersecurity professionals can be able to launch a organization level cybersecurity tests within minutes hence saving time and resources since gophish is an open source framework. In our next guide we will be launching a campaign using gophish phishing framework.
I like your approach on ethical hacking. I will be waiting for part 2 of this guide. I want to know how to build a campaign using gophish. GOOD WORK!!!