Install Gophish phishing framework Kali Linux [Step-by-Step]


Ethical hacking

Reviewer: Deepak Prasad

Hello learners, In this guide we will install gophish phishing framework on Kali Linux OS.

 

Overview on Gophish

This is a phishing tool that makes carrying out real-world phishing campaigns dead simple for cybersecurity professionals. This has made carrying out corporate cybersecurity tests on employees easy since it combines all the necessary tools under one tool. Gophish is written in Go programming language making it easy for the user to build it from source.

 

Requirements

  • Have a PC running on Linux preferably Kali linux.
  • Have GO language and a C compiler installed.(Installing GO Language)
  • Have beginner level programming knowledge.

With that let’s jump right into our tutorial.

 

Downloading and installing gophish

There are two ways of installing gophish to a PC, the first is by downloading pre-built binaries and the other one is installing from the source. In this guide we will be installing using pre-built binaries.

 

Step 1: Installing gophish using pre-built binaries

When installing gophish using pre-built binaries, the first step will be to download ZIP file which contains the binaries built for your operating system. The different binaries can be found on their official repository on github. Once the download is complete, we can extract the contents of the zip file to a location of our liking on the PC as shown below.

unzip  gophish-v0.11.0.zip /path to your destination folder

 

Step 2: Gophish necessary permissions

After we are done with unzipping, we navigate to the newly created folder where gophish has been  extracted and give it the necessary permissions for it to run without permission restrictions using the below command.

chmod +x gophish

 

Step 3: Configure config.json

In gophish, these file contains some important configurations which ensure it is running as it is supposed to. The config.json file configurations are as shown below.

{
"admin_server": {
"listen_url": "127.0.0.1:3333",
"use_tls": true,
"cert_path": "gophish_admin.crt",
"key_path": "gophish_admin.key"
},
"phish_server": {
"listen_url": "0.0.0.0:80",
"use_tls": false,
"cert_path": "example.crt",
"key_path": "example.key"
},
"db_name": "sqlite3",
"db_path": "gophish.db",
"migrations_prefix": "db/db_",
"contact_address": "",
"logging": {
"filename": "",
"level": ""
}
}

The first part at the start contains the admin server configurations, We have the admin server listen URL “127.0.0.1:333” and the SSL certificates and key. When running gophish on a VPS and want admin server to be accessible via the internet, this should be changed to “0.0.0.0:3333”.

Second part of the configuration contains the phish server configurations. The listen URL for the phishing server and the certificates for the phishing server.

The last section contains the database configuration. The framework is pre-configured to use SQLite database but a user can change the default database to fit his/her needs by changing the name and path of the database.

NOTE:
You should take care not to expose the config.json to the wrong user especially when using the framework over the internet.
The admin server should only be exposed to the internet if needed.

 

Step 4: Running gophish

Having setup everything we are now ready to run the framework for the first time. We use the command.

./gophish

gophish

When you run gophish for the first time, the default username is “admin” while the default password can be found on the terminal where it is running.

 

Step 5: Logging into gophish

As shown on the above screen our admin server is at https://127.0.0.0.1:3333. We open our browser and navigate to the said URL. On the screen we also have our default password which is highlighted by the red box on the screen above.

gophish

 

Step 6: Resetting the password

Once we login for the first time, we are required to create a new password which is more secure and one which we can be able to remember. Down below the reset password box, we have an indicator for the strength of our password. This ensure we use a much stronger password.

gophish

Once the password is reset we will be logged in and ready to start our campaign. The framework has various pages within it and each page has its own purpose. The pages are as explained below.

Overview on Gophish Dashboard

1. Dashboard

On this page we can view the results of phishing mailer that we will create. Depending on the tittles we will provide the results will be analyzed and output given on this page.

Install Gophish phishing framework Kali Linux [Step-by-Step]

 

2. Campaigns

This is the page where will be viewing all the campaigns we have created and can also create new campaigns here. You may be required to provide some information when creating a new campaign. Information required include; campaign name, Email template, Landing page, URL, Date of launch and the sending profiles.

Install Gophish phishing framework Kali Linux [Step-by-Step]

 

3. Users & Groups

On this page, we add the target groups including their first and last name. When using the framework on a corporate setups, the groups will be the different departments of the organization. This is useful since you will apply different social engineering skills on different departments of a corporate. Gophish provides an option where you can import the CSV file containing the groups related information it just a click of a button.

Install Gophish phishing framework Kali Linux [Step-by-Step]

 

4. Email templates

This is the pages where we create the different email templates when using the framework in our campaigns. There is an option to add already made email templates which you can use for your campaigns. There is no limit to the number of email templates you can add.

Install Gophish phishing framework Kali Linux [Step-by-Step]

 

5. Landing page

After the user clicks on the phishing link found on the email, he/she is directed to a phishing page. This is the page called Landing Page on gophish. The framework also has an option where the user can capture all the entered passwords with just a click of a button. You can import or design a landing page by yourself on this page. You can also add a redirection webpage where the victim will be redirected after providing his/her credentials to the malicious webpage.

Install Gophish phishing framework Kali Linux [Step-by-Step]

 

6. Sending profiles page

This is the page where we will add the email SMTP information for the purpose of sending the emails using gophish. A user can add multiple sending profiles to make sure they suit each of the target group.

Install Gophish phishing framework Kali Linux [Step-by-Step]

 

7. Account settings

This page has options where you can adjust the default settings to fit what you would like. You can change your user password on this page, Change the UI of the campaign reports to view a map of the results and configure an IMAP account for the sake of receiving reports of emails reported by users.

Install Gophish phishing framework Kali Linux [Step-by-Step]

 

8. Users management

This page is only accessible to the administrator of the specific gophish instance. Here an admin can add new users and perform other administration roles. i.e. Giving administrator and revoking rights and removing users.

Install Gophish phishing framework Kali Linux [Step-by-Step]

 

9. Webhooks page

As an administrator, you may need to get reports of the event as they happen. You can configure the framework to push this messages to your own webhook hence keeping you updated with what is happening on the gophish even when you are far from its access.

Install Gophish phishing framework Kali Linux [Step-by-Step]

 

Conclusion

In the above guide we were able to to install and run Gophish phishing framework on our hacking lab. We were also able to learn different functions found within the gophish which make it the right tool for the job. Through using gophish, cybersecurity professionals can be able to launch a organization level cybersecurity tests within minutes hence saving time and resources since gophish is an open source framework. In our next guide we will be launching a campaign using gophish phishing framework.

 

Kennedy Muthii

Kennedy Muthii

He is an accomplished professional proficient in Python, ethical hacking, Linux, cybersecurity, and OSINT. With a track record including winning a national cybersecurity contest, launching a startup in Kenya, and holding a degree in information science, he is currently engaged in cutting-edge research in ethical hacking. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

1 thought on “Install Gophish phishing framework Kali Linux [Step-by-Step]”

  1. I like your approach on ethical hacking. I will be waiting for part 2 of this guide. I want to know how to build a campaign using gophish. GOOD WORK!!!

    Reply

Leave a Comment