GoPhish
GoPhish is an open-source phishing toolkit that allows users to quickly and easily set up and execute phishing engagements. The GitHub page above provides installation instructions, and I'll briefly cover setting up a phishing campaign.
Setup
Email Templates
Email Templates is where you create the phishing email that the target will see using HTML. Here is an example when creating a new template:
Notice in the HTML that the here is wrapped in an a tag that has href pointing to {{.URL}}. This tag tells GoPhish that the hyperlink here should point towards a spoofed login portal where we will capture credentials, the landing page.
Here is a quick list of tags that may be helpful:
{{.FIrstName}}
First name of the phishing target
{{.LastName}}
Last name of the phishing target
{{.Position}}
Work position of the phishing target
{{.Email}}
The target's email
{{.URL}}
The URL to the landing page
Landing Pages
Landing Pages is where you create the page that the target user will see once they click on the link typically provided in the email template created above.
GoPhish has an Import Site feature that allows you to copy a legitimate webpage, or you can also create your own custom landing page using HTML.
Launching a Campaign
The Campaign tab is where you combine everything you created from above and launch the phishing campaign. The New Campaign menu is pretty straightforward, so the only thing I'll mention is the URL field. The URL in that field will be where your landing page will be hosted, so ensure your phishing targets can reach the URL.
If you want to use a custom domain to host the landing page, create a DNS A record for your domain that points to your GoPhish server.
Here's an example URL:
Last updated