Gophish: Open-Source Phishing Toolkit

CyberPunk MITM

Last Release: 08/28/2020 Last Commit: 06/11/2022

Gophish is an open-source phishing toolkit designed for pentesters and businesses to conduct phishing campaigns. It has the ability to support the easy and quick setup and execute the phishing campaigns. The aim behind its development was to give security awareness training by simulating the real phishing attacks.

Gophish: Easy to Use Phishing Toolkit

The features of Gophish toolkit allow its users to setup and execute the phishing attacks in an easy to use interface. This toolkit is very powerful and available as an open-source toolkit for anyone who wants to carry out simulations of the real world phishing attacks, especially designed for businesses and pentesters.

The foundation of the Gophish is JSON API, which makes phishing very easy for sysadmins and developers to run automated phishing simulation campaigns. Gophish uses Gophish API to gather information for a specific campaign. You can create custom reports just similarly as you do in excel. In the software, there are other campaign attributes are available such as landing pages and templates, which helps in the creation of a fully automated simulation program for phishing. This feature is used to set up such campaigns that can run automatically throughout the year.

Features:

One-click installation
Full REST API
Easy to use UI
Cross-platform
Python API Client
JSON API (API documentation available)
Templates & Landing Pages
Easy to setup and execute phishing campaigns

Supported Platforms:

Windows, OS X, Linux

Install Gophish

Installing Using Pre-Built Binaries

Gophish is very simple to install in three steps. Download the file, unzip the software files and run the execution binary.

Gophish contains the pre-built execution file, which works on the most operating systems. The installation of this software is as easy as two clicks. The binary is built for any operating system to extract the other files by itself.

Building from the source

To download the Gophish run:

$ go get github.com/gophish/gophish

Once it’s downloaded, next step is to find the location of path by navigating to:

$ GOPATH/src/github.com/gophish/gophish

And run the following command:

$ go build

This command will create the binary of Gophish into your current directory.

Building from the Docker

You can also install and setup the Gophish from Docker container.

Setup

Once you run the binary of Gophish, open any browser and go to https://localhost:3333. You will be asked to login and you can login with default username admin and password gophish.