Skip to content
/ gophish_mods Public
forked from gophish/gophish

Open-Source Phishing Toolkit

getgophish.com

License

View license
17 stars 2.2k forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

edermi/gophish_mods

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

768 Commits
.github/workflows
.github/workflows
 
 
ansible-playbook
ansible-playbook
 
 
auth
auth
 
 
config
config
 
 
context
context
 
 
controllers
controllers
 
 
db
db
 
 
dialer
dialer
 
 
doc
doc
 
 
docker
docker
 
 
imap
imap
 
 
logger
logger
 
 
mailer
mailer
 
 
middleware
middleware
 
 
models
models
 
 
static
static
 
 
templates
templates
 
 
util
util
 
 
webhook
webhook
 
 
worker
worker
 
 
.babelrc
.babelrc
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Dockerfile
Dockerfile
 
 
ISSUE_TEMPLATE.md
ISSUE_TEMPLATE.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
VERSION
VERSION
 
 
config.json
config.json
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
gophish.go
gophish.go
 
 
gulpfile.js
gulpfile.js
 
 
package.json
package.json
 
 
webpack.config.js
webpack.config.js
 
 
yarn.lock
yarn.lock
 
 

Repository files navigation

Gophish

edermi's custom gophish fork. Don't expect this one to work for you. This fork does not work with regular phishing pages. Please don't open issues, I'll ignore / close them. If you decide to use this, you're on your own.

Changes compared to vanilla gophish

Custom error page templating for 404 error pages in phishing handler

Allows to show a more benign 404 page. Also may be used for redirecting with some Javascript: <script>window.location.replace("https://target.fqdn");</script>

Changes made:

  • Add templates/404.html
  • In controllers/phish.go, add custom replacements for http.NotFound and http.Error

Instead of showing phishing pages, request HTTP auth

HTTP auth is requested for users hitting their landing page. If an HTTP auth header is present, the data is extracted and stored as if the user had typed it into a login field. After a user authenticates, he is redirected to the legit redirect URL.

Changes made:

  • Add bluemonday HTML sanitizer lib (not necessary, but otherwise displaying a realm message without HTML tags is more work)
  • models/page.go has a mandatory check for a redirect URL
  • controllers/phish.go has modified PhishHandler and renderPhishResponse functions. The GET/POST logic is swapped with a "Authorization present, if not, request it" logic.

About

Open-Source Phishing Toolkit

getgophish.com

Resources

Readme

License

View license

Security policy

Security policy
Activity

Stars

17 stars

Watchers

1 watching

Forks

12 forks
Report repository

Releases

10 tags

Packages

No packages published

Languages

  • Go 61.2%
  • JavaScript 25.7%
  • HTML 12.1%
  • Other 1.0%