@jordan-wright jordan-wright released this Sep 9, 2018 · 1 commit to master since this release

Assets 8

Whoops!

In the previous version, we introduced the {{.BaseURL}} template variable that points to the root URL. This helps make things like pointing to static files easier. See #1189 for more details.

Turns out, this didn't work for email template validation, since we weren't checking for all possible template tags. I'm sorry for the inconvenience!

Should Be Fixed Now πŸ˜„

The good news is that this is fixed now, and should have only been an issue if you were trying to use the new {{.BaseURL}} tag. Since this was something I promised and it didn't work, I wanted to roll out a hotfix.

For all the full details in the latest release, check out the 0.7.0 release notes.

Enjoy!

SHA1 Hash Filename
9bf4cf0905b1d171092a726cae6eafc6c837d926 gophish-v0.7.1-linux-32bit.zip
77d8cf20e8b9591b3e8b8123653156d77a4ff0cb gophish-v0.7.1-linux-64bit.zip
0b88b6d42a7907cfbd1f18574c230158c280d766 gophish-v0.7.1-osx-32bit.zip
1a628ff9aa9a3f398d060e1644bc52a68aa102d4 gophish-v0.7.1-osx-64bit.zip
798486c3bdb6c261625bd2b0605b1311b3ab3c7d gophish-v0.7.1-windows-32bit.zip
1651769aa4f66401107efc04c035d96c8ef4e463 gophish-v0.7.1-windows-64bit.zip

@jordan-wright jordan-wright released this Sep 4, 2018 · 5 commits to master since this release

Assets 8

Gophish Just Got Better.

tl;dr - New version of Gophish. Lots of improvements. Binaries can be found above. πŸ˜„

We're excited to announce v0.7.0. This release is packed with improvements that make Gophish more powerful than ever.

Campaign Preview

When setting up a campaign, you want to know what the email and landing page looks like. Previously, to do this you would have to set up a separate campaign just for yourself, since there was no way of testing the full flow.

This isn't good.

In this Gophish release, we've fixed this! Now, when sending a test email from the campaign builder, clicking on the links will load up the landing page, showing you exactly what your recipients would see.

Timed Campaigns

Before this release, emails for a Gophish campaign were all sent at the same time. This is great in some cases, but sometimes you want to spread out the emails over a period of minutes, hours, or even days.

Now you can!

In this release, we've added a new field called "Send Emails By". If you set this field, then Gophish will spread out the emails evenly between the campaign launch and this date.

image

Device Details

No one likes looking through raw logs to see what kinds of devices are clicking on links. Now you don't have to!

In this release, we parse the user-agents for devices that click links or submit credentials, and we show that information in the campaign details:

image

Transparency

As mentioned in #1057, we can do a better job of running friendly phishing simulations. The only approved use of Gophish is to run authorized phishing simulations, so we've added some features to make these campaigns more transparent.

Specifically, we've added:

  • A contact_address field to the config.json. This field is inserted as an X-Gophish-Contact header in outgoing emails
  • An X-Mailer header is set to gophish for outgoing emails
  • We've added a transparency handler if you add a "+" to a valid rid. This returns a JSON response containing the contact address and indicates that the email was generated by Gophish

Those are the big features, but that's certainly not everything! You can find a full changelog here.

How to Upgrade

To upgrade, simply download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!

Thank You

I want to also take a quick moment to say thank you to everyone. The community is what makes Gophish great. I'm so thankful to everyone who leaves questions, suggests features, and goes the extra mile to help others out.

Thank you all for everything you do!

Now, one more thing:

We want to hear from you!

Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue.

Enjoy!

SHA1 Hash Filename
63149165688d3ca989974e32b5716be7e87ed6b4 gophish-v0.7.0-linux-32bit.zip
f113435940626c3f13448ce8e12aafb3e347c504 gophish-v0.7.0-linux-64bit.zip
45736f416e475541ac214611f41c40fb967167dd gophish-v0.7.0-osx-32bit.zip
d9b3ac3a2cf11f53bd33196d0310167ffb43cd8a gophish-v0.7.0-osx-64bit.zip
98ad9756fa95d43af99b12f8d08423f71dc7fc14 gophish-v0.7.0-windows-32bit.zip
f069cc4f4c9c50e422923f205c34eb226a2ea550 gophish-v0.7.0-windows-64bit.zip

Old hashes (only valid if you downloaded the release immediately after it was published before I got a chance to bump the VERSION file):

SHA1 Hash Filename
dfddc8a8038fa612022bb22e823e2a51b343e261 gophish-v0.7.0-linux-32bit.zip
261efd81c727021dfa039fe081ff7941cd86f9ee gophish-v0.7.0-linux-64bit.zip
5ca9e90bc8c6ed0494ddb29deb907548859c5ab0 gophish-v0.7.0-osx-32bit.zip
c0ffcc5f06799c807b79c3b41cefa6785c853dd8 gophish-v0.7.0-osx-64bit.zip
fd12ebc44c964e8577f688405f6c01d470335d9f gophish-v0.7.0-windows-32bit.zip
8000eec9d77a3d6987aa57b7d61736717238c471 gophish-v0.7.0-windows-64bit.zip

@jordan-wright jordan-wright released this May 20, 2018 · 22 commits to master since this release

Assets 8

Gophish Just Got Better.

tl;dr - New version of Gophish. Lots of improvements. Binaries can be found above. πŸ˜„

We're excited to announce v0.6.0 of Gophish! This fix has a bunch of bug fixes (including a couple of low-severity security fixes) and a couple of new features.

Email Reporting

The biggest new feature in this release is the ability for users to report phishing emails to Gophish and to have those reports displayed in the dashboard. We don't have email clients ready for this quite yet, so everything is just implemented on the server-side for now.

reporting screenshot

Huge thanks to @S0larflare for making this happen!

Bugs Fixed

Here are just a few of the bugs fixed in this release:

  • All API endpoints now require an API key. Previously, the /api/reset endpoint required a valid session, but this has been changed for consistency. (#1028)
  • We've made some improvements to the way our mailer handles errors (#963)
  • Fixed the way the initial admin account is created to avoid throwing errors when using MySQL (#948)

And more!

How to Upgrade

To upgrade, simply download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!

Thank You

I want to also take a quick moment to say thank you to everyone. The community is what makes Gophish great. I'm so thankful to everyone who leaves questions, suggests features, and goes the extra mile to help others out.

Thank you all for everything you do!

Now, one more thing:

We want to hear from you!

Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue.

Enjoy!

SHA1 Hash Filename
301620234118f7d33a22beaebeb772f3211b1592 gophish-v0.6.0-linux-32bit.zip
6e6c621cab279f136f8d7b29b60b291b441e4bba gophish-v0.6.0-linux-64bit.zip
a87e2eeebc8d62b6905a9d7eb59c7b7b4d2291e9 gophish-v0.6.0-osx-32bit.zip
426def461471012f274dbeca01c37471934b723e gophish-v0.6.0-windows-32bit.zip
ed5ed65b9e0d1a98fb1034fd080d76e7da8f0273 gophish-v0.6.0-windows-64bit.zip

@jordan-wright jordan-wright released this Jan 27, 2018 · 40 commits to master since this release

Assets 8

Gophish Just Got Better.

tl;dr - New version of Gophish. Lots of improvements. Binaries can be found above. πŸ˜„

We're excited to announce v0.5.0 of Gophish! This release fixes all sorts of pesky bugs, and includes some big changes to the way emails are handled.

Big Changes

We've completely redone the way emails are sent by Gophish. In previous versions, we made a single pass at sending campaign emails. If anything went wrong, the rest of the emails would fail. As you can imagine, this isn't ideal.

We've rearchitected this process where Gophish now queues up emails and tries to send them, retrying as necessary. This is far more fault tolerant and reliable. You can refer to #878 for details.

This also has other benefits. For example, in previous versions of Gophish, if you launched a campaign immediately, it might still take up to a minute for emails to be sent. Now, they're sent as soon as the campaign is launched. No more waiting!

Faster Release Process

I've now fully automated the process of compiling and uploading Gophish binaries. This is huge because it means we can make Gophish releases much more quickly and reliably. I'll write up a blog post later with the details.

This is the first run using the new process, so let me know if you encounter any issues.

How to Upgrade

To upgrade, simply download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!

Now, one more thing:

We want to hear from you!

Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue.

Enjoy!

Details:

SHA1 Hash Filename
49dea979cc829ea3c0750791aa22cb890bbfac72 gophish-v0.5.0-linux-32bit.zip
d3278c0d5e6cb382b137d2e3720ed30c0a03e8df gophish-v0.5.0-linux-64bit.zip
61cab355927c3f9907a94ca3c5346ff97d428d6a gophish-v0.5.0-osx-32bit.zip
437a2a6cbdbbe8523c41e6822791e6d3c6bd293f gophish-v0.5.0-osx-64bit.zip
eaf0d5358c0244c90ee454e10b174155ae96a90b gophish-v0.5.0-windows-32bit.zip
2f01937ecc6bc6ab007361424ecb03f61ff3ba5b gophish-v0.5.0-windows-64bit.zip

@jordan-wright jordan-wright released this Sep 18, 2017 · 67 commits to master since this release

Assets 8

Gophish Just Got Better.

tl;dr - New version of Gophish. Lots of improvements. Binaries can be found below. πŸ˜„

We're excited to announce v0.4.0 of Gophish! This release fixes all sorts of pesky bugs, gives 100% more donut charts and 100% fewer useless maps. Give it a shot! We think you'll really like it.

Big Changes

This release doesn't come with any completely new features but we still made big changes we think you'll like.

  • The target map is now an optional feature. We realized that most tests are internal and that even if it's an external test, the map simply takes up space. Now, you can re-enable it in the "Settings" page. (#747)

  • We've moved all charts from Chartist.js to Highcharts. Highcharts is a well established library that gives good performance and tons of great features. So, for example, now the campaign timeline is fully zoomable. 🎊

timeline.gif

  • We also split out the results status donut chart into multiple charts - one for each status. Previously the results were a bit misleading since we only showed the final status. Now, we show the counts for every status! And hey, who doesn't love more donuts? (#680)

image

  • Datetimes are now stored in UTC format in the database. So, the API will now return dates in UTC as opposed to the browser's local time zone. This gives us more consistency in the case where browser's and servers have different time zones when campaigns are scheduled. It's worth noting that we adjust the times on the frontend so that all campaigns and scheduling in the browser still show local time. We just convert everything to UTC for storage. (#316)

  • We changed the font size in the UI from 18px to 16px. This should give a bit more space and improve the look and feel. I guess this was a 😎 small change.

New Website!

We just launched the new version of our website at getgophish.com. This was created with hand crafted artisanal HTML, so be sure to check it out.

How to Upgrade

To upgrade, simply download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!

Now, one more thing:

We want to hear from you!

Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue directly.

Enjoy!

Details:

SHA1 Hash Filename
0254e5b9a1febc34611271cc0b56e42c5b9d4bb1 gophish-v0.4-darwin-32bit.zip
80a6017a0080aaacf2ceb042a78e67e301bba623 gophish-v0.4-darwin-64bit.zip
4502fa44fe0a7ea0e9defcc49f33fe76fbf5bac4 gophish-v0.4-linux-32bit.zip
252f0f2d7712d83c3495734b6e74485f0f3f35d9 gophish-v0.4-linux-64bit.zip
db5324935450e5a8377c81d213c59937a594e551 gophish-v0.4-windows-32bit.zip
4d9082b97ca9fd36c8195a536f45197b07b37989 gophish-v0.4-windows-64bit.zip

@jordan-wright jordan-wright released this Mar 2, 2017 · 98 commits to master since this release

Assets 8

Say Hello to the New Gophish.

tl;dr - New version of Gophish. Tons of features. Binaries can be found below. πŸ˜„

We're excited to announce Gophish v0.3.0. This release is packed with updates, so we think you'll really enjoy it.

New Features

Here are just some of the new features in this release:

  • More granular result status (e.g. "Submitted Data" and "Clicked Link" instead of "Success")
  • Support for custom SMTP headers
  • Performance improvements and "summary" API endpoints
  • Automatic SSL certificate creation
  • Support for MySQL
  • Now using select2 instead of typeahead.js when building a campaign
  • Shorter result ID's
  • A whole bunch of bug fixes!

A Python API Client!

To make working with the API even easier, we've developed an official Python API client.. This will make it easier to orchestrate Gophish to create, launch, and manage campaigns.

Community Contributions

Gophish has an incredible community. I wanted to make a spot in these release notes to call out some key contributions that helped make this release amazing:

  • @chrismaddalena has created an awesome tool called GoReport that leverages the Gophish API to generate campaign reports.
  • @LarryGrim has created a comprehensive guide on building a simulated phishing program from scratch.
  • @S0larflare and @snori74 have done an outstanding job of always being quick to answer new issues as they are reported. Thank you both so much!
  • @svigne1 has contributed performance improvements, as well as the MySQL support!

Documentation has moved

All documentation is being moved to our Gitbooks repo here: https://www.gitbook.com/@gophish. Gitbooks allows us to easily manage our documentation and publish both online hosted docs, as well as downloadable PDFs.

We're still finalizing our docs, so please bear with us as we make sure everything is fully documented - especially related to API endpoints.

How to Upgrade

To upgrade, simply download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!

Now, one more thing:

We want to hear from you!

Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue directly.

Enjoy!

@jordan-wright jordan-wright released this Nov 14, 2016 · 129 commits to master since this release

Assets 8

Say Hello to the New Gophish.

Sorry for the wait. We promise it was worth it.

This release marks Gophish's 3 year anniversary. When I first set out to build Gophish, I wanted to create the best phishing framework possible. This release gets us one step closer to that goal.

We've been busy! Here are just some of the new features in this release:

  • Now sending emails faster via gomail
  • Introduced beautiful modal dialogs via sweetalert2
  • Can now schedule campaigns
  • Can now mark a campaign as complete
  • Automatically converting <a> tags in imported emails to point to Gophish listener
  • Added Redirect URL to redirect users after they submit credentials

In addition to new features, we've also fixed a ton of bugs including:

  • Stored XSS vulnerabilities (only affected admin)
  • Fixed issue where attachments weren't sent in campaigns

Here are all issues we closed during this release.

Moving Forward

There are a couple of important things to note moving forward:

No longer providing email support

I want to provide the best support possible for gophish. While I like the idea of email support, it's just not the right way to move forward with gophish for a few reasons.

Specifically, I want support cases to be transparent so that the community can work together to solve them. If I receive an email, it's completely subject to me remembering to respond to it when I can if I remember.

I also found that I receive a significant amount of duplicate questions via email. Responding to each of these takes up cycles that could otherwise be spent innovating on Gophish features.

That being said, feel free to send nice words about gophish to our email address, but from now on all support tickets will be required to go through our Github issues, where all of them have been and will continue to be responded to. πŸ˜„

Moving Documentation

You'll notice that this release no longer contains a PDF of our User Guide. I'm experimenting with different ways to open up documentation to changes from the community. Right now, I've moved nearly everything to our wiki, but will continue tracking down the right fit for the Gophish documentation.

Update 12/14 - All documentation is being moved to our Gitbooks repo here: https://www.gitbook.com/@gophish

How to Upgrade

To upgrade, simply download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!

Now, one more thing:

We want to hear from you!

Have questions, comments, or feature ideas about gophish? Let us know by filing an issue directly, or contacting us through our support page.

Enjoy!

@jordan-wright jordan-wright released this Apr 21, 2016 · 213 commits to master since this release

Assets 7

Say Hello to the New gophish

This is the second release of gophish, and we couldn't be more excited! In this release, you'll find insanely cool features, numerous bug (or feature) fixes, and more.

Here are just a few of the added features since our last release:

  • Added the ability to capture credentials with just a click
  • Added the ability to store SMTP settings
  • Added polling on the campaign results page for near-realtime updates
  • Added the ability to ignore SMTP server certificate errors
  • Multiple UI fixes/tweaks (datatables, etc.)

These features came in the form of over 15 pull requests, and 56 closed issues.

This release is awesome, and you should feel awesome for using it.

How to Upgrade

To upgrade, simply download the release for your platform, extract into a folder, and copy your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!

Now, one more thing:

We want to hear from you!

Have questions, comments, or feature ideas about gophish? Let us know by filing an issue directly, or contacting us through our support page.

Enjoy!

@jordan-wright jordan-wright released this Feb 1, 2016 · 312 commits to master since this release

Assets 7

It's finally here!

This release is the first public beta release of gophish. We are excited about all the awesome features this release brings, and are excited for you to give it a spin.

Here are just a few of the added features since the initial alpha pre-release:

  • Added the timeline feature for campaign results
  • Added default tracking to email templates
  • Added additional events (such as when errors occur)
  • Added the ability to access admin server/ phishing server over TLS
  • Multiple UI fixes/tweaks (datatables, etc.)
  • Added the ability to export results as CSV

These features came in the form of over 10 pull requests, and over 30 closed issues.

In addition to the added software features, we launched our public website! We will be updating the blog periodically with software updates as well as engineering notes. You can find our official release announcement here.

We want to hear from you!

Have questions, comments, or feature ideas about gophish? Let us know by filing an issue directly, or contacting us through our support page.

Enjoy!

Pre-release
Pre-release

@jordan-wright jordan-wright released this Jan 13, 2016 · 372 commits to master since this release

Assets 2

gophish v0.1 - alpha

This is the alpha release of gophish. It contains all the functionality needed to create and launch a realistic simulated phishing campaign and record the results.