Gophish - Email Phishing

WHAT IS GOPHISH?

Gophish is a powerful, open-source phishing simulation tool that allows security professionals and organizations to create, manage, and track phishing campaigns. It provides a user-friendly interface for designing phishing emails and landing pages, making it accessible even for those with limited technical expertise. Gophish is primarily used for:

Security Awareness Training: Educating employees about the dangers of phishing and how to recognize suspicious emails.

Penetration Testing: Assessing an organization’s vulnerability to phishing attacks by simulating real-world scenarios.

Data Collection: Gathering metrics on how many users clicked on links or submitted sensitive information.

HOW GOPHISH WORKS

1. Set up
   1. Go to Railway, sign up using Github and click Deploy.
   2. View log to get credential.
   3. Using that info to log in
2. Configuration
   1. Users and Groups
   2. Landing pages: we can import legit website
   3. Email template: we can import email by this action
   4. Sending profile:
      1. We are using Gmail SMTP service so smtp.gmail.com:587
      2. Note: We have to use legit Username (Email) and generate Password App Password.

After we have configured the above settings, it’s time to create and launch a campaign. We can track the results in near real-time from the respective campaign dashboard.

Happy hacking!