New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RFC: New way to create campaigns #223

Open
jordan-wright opened this Issue Mar 27, 2016 · 12 comments

Comments

Projects
None yet
10 participants
@jordan-wright
Copy link
Collaborator

jordan-wright commented Mar 27, 2016

Hey everyone,

I wanted to open up an RFC to see what everyone thought about a new way to create campaigns that I'm working on.

Right now, creating a campaign feels very static and restricted. Select one landing page, one email template, etc. I'm currently working on a new way that would make campaign creation much more modular with "flows". Here's a screenshot:

image

This would make creating a campaign much more modular. Using this, you would be able to add as many actions as you want. Want to send multiple emails? You can. Want to redirect the user to multiple pages (#219)? You can.

The other thing I am working on is how to structure this in templates, etc. I'm considering creating a standard template variable to replace .URL. Specifically, I would implement a template variable {{.Next}} that would point to the next URL in the chain. This way, you can have each landing page or email be plug-n-play to all work together nicely.

Thoughts? Excitement?!

@jordan-wright jordan-wright self-assigned this Mar 27, 2016

@jordan-wright jordan-wright added the rfc label Mar 27, 2016

@jordan-wright jordan-wright added this to the Release 0.2 milestone Mar 27, 2016

@rfdevere

This comment has been minimized.

Copy link

rfdevere commented Mar 27, 2016

The best phishing framework just got better. Anything that gives the
product a better feature and doesn't ruin stability or ease of use is great.

Guiding people to multiple landing pages would be brilliant, I'm thinking
already being able to load in a 1000 email staff list and send admin staff
to google docs pages, finance staff to banking pages, everyone else to the
company SSL VPN. On to a training/debrief screen for everyone when they have inputted creds.

Great work Jordan we all appreciate them long nights bashing buttons.

On Sunday, 27 March 2016, Jordan Wright notifications@github.com wrote:

Hey everyone,

I wanted to open up an RFC to see what everyone thought about a new way to
create campaigns that I'm working on.

Right now, creating a campaign feels very static and restricted. Select
one landing page, one email template, etc. I'm currently working on a
new way that would make campaign creation much more modular with "flows".
Here's a screenshot:

[image: image]
https://cloud.githubusercontent.com/assets/1317288/14063730/b4635bcc-f3a3-11e5-8b36-ab5c232e9b4d.png

This would make creating a campaign much more modular. Using this, you
would be able to add as many actions as you want. Want to send multiple
emails? You can. Want to redirect the user to multiple pages (#219
#219)? You can.

The other thing I am working on is how to structure this in templates,
etc. I'm considering creating a standard template variable to replace .URL.
Specifically, I would implement a template variable {{.Next}} that would
point to the next URL in the chain. This way, you can have each landing
page or email be plug-n-play to all work together nicely.

Thoughts? Excitement?!


You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub
#223

Richard De Vere
Principal Consultant

Tel: +44 754 6655448
Web: TheAntiSocialEngineer.com
Email: FrontDesk@TheAntiSocialEngineer.com
Twitter: @AntiSocial_Eng

The AntiSocial Engineer Ltd is a limited company registered in England and
Wales. Company Registration No. 09367111 Registered Office: 4 Capel Street,
Huddersfield, HD6 3AJ This message contains confidential information and is
intended only for AntiSocial Engineer customers. E-mail transmission cannot
be guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
contain viruses. The AntiSocial Engineer Ltd cannot accept liability for
any errors or omissions in the contents of this message, which may arise as
a result of e-mail transmission. Please note that The AntiSocial Engineer
Ltd may monitor, analyse and archive email traffic, data and the content of
email for the purposes of security, legal compliance and staff training.

@jcamil

This comment has been minimized.

Copy link

jcamil commented Mar 28, 2016

Jordan;

What Richard said. Lots of excitement on my part.

From: Richard De Vere [mailto:notifications@github.com]
Sent: Sunday, March 27, 2016 8:26 AM
To: gophish/gophish gophish@noreply.github.com
Subject: Re: [gophish] RFC: New way to create campaigns (#223)

The best phishing framework just got better. Anything that gives the
product a feature and doesn't ruin stability or ease of use a great.

Guiding people to multiple landing pages would be brilliant, I'm thinking
already being able to load in a 1000 email staff list and send admin staff
to google docs pages, finance staff to banking pages, everyone else to the
company SSL VPN.

Great work Jason we all appreciate them long nights bashing buttons.

On Sunday, 27 March 2016, Jordan Wright notifications@github.com wrote:

Hey everyone,

I wanted to open up an RFC to see what everyone thought about a new way to
create campaigns that I'm working on.

Right now, creating a campaign feels very static and restricted. Select
one landing page, one email template, etc. I'm currently working on a
new way that would make campaign creation much more modular with "flows".
Here's a screenshot:

[image: image]
https://cloud.githubusercontent.com/assets/1317288/14063730/b4635bcc-f3a3-11e5-8b36-ab5c232e9b4d.png

This would make creating a campaign much more modular. Using this, you
would be able to add as many actions as you want. Want to send multiple
emails? You can. Want to redirect the user to multiple pages (#219
#219)? You can.

The other thing I am working on is how to structure this in templates,
etc. I'm considering creating a standard template variable to replace .URL.
Specifically, I would implement a template variable {{.Next}} that would
point to the next URL in the chain. This way, you can have each landing
page or email be plug-n-play to all work together nicely.

Thoughts? Excitement?!


You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub
#223

Richard De Vere
Principal Consultant

Tel: +44 754 6655448
Web: TheAntiSocialEngineer.com
Email: FrontDesk@TheAntiSocialEngineer.com
Twitter: @AntiSocial_Eng

The AntiSocial Engineer Ltd is a limited company registered in England and
Wales. Company Registration No. 09367111 Registered Office: 4 Capel Street,
Huddersfield, HD6 3AJ This message contains confidential information and is
intended only for AntiSocial Engineer customers. E-mail transmission cannot
be guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
contain viruses. The AntiSocial Engineer Ltd cannot accept liability for
any errors or omissions in the contents of this message, which may arise as
a result of e-mail transmission. Please note that The AntiSocial Engineer
Ltd may monitor, analyse and archive email traffic, data and the content of
email for the purposes of security, legal compliance and staff training.


You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHubhttps://github.com//issues/223#issuecomment-202054283

@scottg88

This comment has been minimized.

Copy link

scottg88 commented Mar 30, 2016

Sounds great.

It would be great to be able to link to multiple landing pages in the same email.

E.g. in one phishing email have:

Link to landing page where you "update your details" or "reset your password" or similar.
Link at the bottom of the page "if you do not wish to receive further communication from us, click here to unsubscribe".

Links to distinct landing pages with different text.

You could define the template variable in the landing page configuration (in either the campaign or template configuration, whichever makes more sense). Or following the workflow, allow either the {{.Next}} variable you mentioned, as well as {{.URL1}} and {{.URL2}} which refers to the landing page order in the workflow to allow moving back and forth or skipping ahead in the flow.

It's great that at the moment we can redirect to a new page after form submission. I'd like to see a way to link to another landing page (with tracking) from the first landing page. For example, in the example where you want the user to reset their password, I would create other pages for the fictional website to lend some credibility, like about pages etc. It would be good to know whether the user browses around the fake site.

I could see the above happening easily by using multiple landing pages and putting template variable support into the landing pages, re-using the code for the email templates.

@jordan-wright

This comment has been minimized.

Copy link
Collaborator

jordan-wright commented Apr 2, 2016

@scottg88 - That kind of "forking" functionality will be a bit more tricky to implement. I'll probably consider that farther down the line, since it's going to be really tricky to make seem fluid when a user is designing the campaign. It's one of those things that power users would want, but I wouldn't want to clutter the UI..

I might consider adding support for template variables in static HTML pages that can be hosted on the server itself. Maybe that would help... I'll think of some options.

@Raytri3

This comment has been minimized.

Copy link

Raytri3 commented Apr 23, 2016

First the new design/UI for the campaigns looks nice and much more "professional". A few things I would like to see in conjunction with the campaigns (more process orientated):

  1. Select Group or more specifically a sub group of users - As an example, I would love to be able to select the "sales" team from Group 1 rather than just Group 1.
  2. A "Test"/"Contact" email - My POCs/clients are always asking to include them in the phish campaign or to send it to them first.. and w/o a test/contact email address(es) I would have to create 2 campaigns
  3. Process for validation/validation email - As part of my phishing process getting permission is fairly easy contractually, but I like getting "yes please proceed with this campaign now" emails too right before sending them out (could tie into #2) would love to include this as part of the campaign as well so I can include it in the reporting etc. (yes I can do this off line but I am lazy).
@jordan-wright

This comment has been minimized.

Copy link
Collaborator

jordan-wright commented Apr 30, 2016

Hey everyone,

Just wanted to provide an update on this. This is the big thing I've been working on during whatever free time I can scrape up. I have quite a bit going on outside of gophish, so my time is limited (I can usually squeeze an hour in around 12PM-1AM in the morning 😄). But development is most certainly ongoing.

I'm really, really excited for what modular campaigns will to do make gophish more powerful, and I look forward to getting a full POC out the door soon! My goal is to have something fully functional here in the next couple of weeks as time permits.

Thanks for bearing with me as development is slower than normal and remember - gophish is for you, the community. We're all in this fight together so any ideas on how to make gophish better are always greatly appreciated!

@wjwoodson

This comment has been minimized.

Copy link
Collaborator

wjwoodson commented Apr 30, 2016

Understood, Jordan. Being busy is fine -- opportunity for community to pick
up development and support of this awesome product. Modular campaigns and
campaign workfows are dope af. We should all be working toward getting
these implemented in main dev branch and out to watchers.

@jordan-wright

This comment has been minimized.

Copy link
Collaborator

jordan-wright commented Aug 8, 2016

Moving this to the 0.3 release for now, since I'd like to get 0.2 out the door ASAP.

This will be one of the big features coming in 0.3.

@ustayready

This comment has been minimized.

Copy link

ustayready commented Aug 10, 2016

Can't wait. This is awesome. I love the idea of streamlining the flows

@aaniceto

This comment has been minimized.

Copy link

aaniceto commented Jan 10, 2018

Hi, any news about this functionality?

Having the option to cascate landing pages would be great, in particular if the first landing page is a form to capture credentials.

@dsmurf

This comment has been minimized.

Copy link

dsmurf commented Jun 19, 2018

any news on this?

@securitygeneration

This comment has been minimized.

Copy link

securitygeneration commented Oct 22, 2018

Very much looking forward to this too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment