Skip to content

@jordan-wright jordan-wright released this May 25, 2020 · 2 commits to master since this release

Gophish Just Got Better.

We're excited to announce v0.10.1. This release significantly improves the performance of sending emails, adds some features and fixes bugs.

Here's just a couple of the exciting changes.

Faster Email Sending

Thanks to the detailed report from @edermi in #1726, we were able to dramatically increase the speed at which we send emails- especially for large campaigns.

Impersonation

Administrators often have a need to help troubleshoot issues other users are seeing with Gophish. To make this easier, @glennzw added an impersonation feature in #1812 that allows system administrators to login to a user's account. This is available from the User Management page.

Screen Shot 2020-05-24 at 10 35 47 PM

More Frequent Releases

We've also changed our release process to use GitHub Actions. The bad news is that this means we won't be supporting 32-bit Mac or Windows releases at this time (we do support 64-bit releases!). The good news is that this will enable us to do much more frequent Gophish releases, getting awesome features and bugfixes out to the community even quicker.

With this in mind, please do let us know if you run into any issues with the releases below!

Changelog

You can find the full changelog for this release here.

How to Upgrade

To upgrade, download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!

Now, one more thing:

We want to hear from you!

Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue.

Enjoy

SHA256 Hash Filename
e236fea0628623c9158e01d189cf20766b2ebbb7cc1e6e53c1d4f49e039c98f7 gophish-v0.10.1-linux-32bit.zip
d075245dd146494ee1d25d2c6201ef84a5a2cdb6d38adc152df3b71ab8e91845 gophish-v0.10.1-linux-64bit.zip
1c8e4cbd8da090b9f6f38eb5605d7b1753b3f60ccf705e943befe98ff4969ab4 gophish-v0.10.1-osx-64bit.zip
7c01df6bbeeca6a9a6dd0fc28e12eb329414c3d15c8f0dec237bf6535e4d268a gophish-v0.10.1-windows-64bit.zip
Assets 6

@jordan-wright jordan-wright released this May 25, 2020 · 4 commits to master since this release

SHA256 Hash Filename
e9b754682d6476d0ff07e9d0bb4d7634e0e4d0ebba570c3a0f27574358636415 gophish-v0.10.0-linux-32bit.zip
7a6186d90eb4d75f773a09baf035b877f952136e7e73d2e8f680c83bb1524082 gophish-v0.10.0-linux-64bit.zip
4abbb083be9f5b9f11a92cbe024449be3825e60b67140356bc236fe82f244723 gophish-v0.10.0-osx-64bit.zip
087edf7e1b64aa66912b4780a5914d4cfbfd78b8e1fd8046da7c6b08c79388cd gophish-v0.10.0-windows-64bit.zip
Assets 6

@jordan-wright jordan-wright released this Jan 21, 2020 · 32 commits to master since this release

Gophish Just Got Better.

We're excited to announce v0.9.0. This release adds big features, improves performance, and fixes bugs.

Here's just a couple of the exciting changes.

Webhooks

Ever since Gophish was launched, we've had the ability to fetch campaign results via the API. But sometimes, you may want to have campaign updates pushed directly to you as they happen.

To solve this problem, we've added support for webhooks.

When you configure a webhook, Gophish will make (optionally signed) HTTP requests to an endpoint you control. These requests include the JSON body of the event that just happened- the exact same JSON that you would normally receive via the API. This gives you real-time updates to your campaign as they happen.

Webhook configuration screen

You can find more information about using webhooks in our documentation.

Webhook support was sponsored by Al Lowenstein and implemented by @GildedHonour in #1642. Thank you both for all your help making this happen!

IMAP Support

I always encourage folks using Gophish to focus not only on minimizing the click through rates, but even more so on increasing the reporting rate. To that end, many companies have an email address they encourage employees to send any potential phishing emails.

I've often got feedback that it'd be great if Gophish emails sent to that email address would automatically show as "reported" in the campaign results. Now that's possible!

Thanks to the great work from @glennzw, you can now configure IMAP details which Gophish will use to fetch any campaign emails, marking them as reported. Thank you for all your amazing work @glennzw!

IMAP reporting

You can find more information about configuring reporting via IMAP in our documentation.

Thank You

While there are amazing performance improvements and bug fixes included in this release, you'll notice something about the two big features listed above- neither were built by me (@jordan-wright).

This is incredibly exciting. I've long held that the community around Gophish is my favorite thing about the entire project. We have a group of folks contributing to issues, offering advice and feature requests and, with this release, contributing core features that make Gophish even better.

Thank you all for everything you do. We have big things planned for Gophish, and I'm excited to build them alongside you all.

How to Upgrade

To upgrade, download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!

Now, one more thing:

We want to hear from you!

Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue.

Enjoy

SHA256 Hash Filename
f12ad070007b4d764e7e7816db8dae1f8002483c9aff81e2437319e9c6521465 gophish-v0.9.0-linux-32bit.zip
ffcdf7a1a8590b6de70660754c88ef2be3c3b69e1dd5ae18c472dbd26d5ff534 gophish-v0.9.0-linux-64bit.zip
6780ea4124eeaefa1cd0a5c2a825f4457dfda807b43be741bbbd22ab8e870099 gophish-v0.9.0-osx-32bit.zip
ab283c49625af335bf6fee1b65f386bd69cece68d2ed9bd051b4de9b43b3dd5e gophish-v0.9.0-osx-64bit.zip
d63ae01b2152f1964ffb9dc1d4d36fe3e8b8abcaffa74e1750770e6b8b321c3f gophish-v0.9.0-windows-32bit.zip
7f1593d5fafe3590acaed4157c47d5c00ba9a30df86382d3f6c531369f8d9123 gophish-v0.9.0-windows-64bit.zip
Assets 8
  • v0.8.0
  • f95e955
  • Compare
    Choose a tag to compare
    Search for a tag
  • v0.8.0
  • f95e955
  • Compare
    Choose a tag to compare
    Search for a tag

@jordan-wright jordan-wright released this Aug 12, 2019 · 57 commits to master since this release

Gophish Just Got Better.

tl;dr - New version of Gophish. Lots of improvements. Binaries can be found above. 😄

We're excited to announce v0.8.0. This release fixes a bunch of bugs, adds a few features, and lays the groundwork for really cool features to come.

RBAC Support

This release includes initial support for Role-Based Access Control (RBAC). Specifically, it introduces global roles that separates admins from non-admins. You can find more information here.

Users API

Users with the admin role have access to the user management API. This API allows you to create and manage users programmatically. You can find documentation for this API here.

Added Docker Support

We've added a Dockerfile so that you can build Gophish in a container. We'll be uploading an official Docker image at gophish/gophish shortly.

Code Refactoring

While this isn't a user-facing change, it's a big one. We've refactored a bunch of the code to be cleaner and more structured. This will help new developers coming into Gophish to get up and running more quickly.

Those are the big changes, but that's certainly not everything! You can find a full changelog here.

How to Upgrade

To upgrade, simply download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!

Thank You

I want to also take a quick moment to say thank you to everyone. The community is what makes Gophish great. I'm so thankful to everyone who leaves questions, suggests features, and goes the extra mile to help others out.

Thank you all for everything you do!

Now, one more thing:

We want to hear from you!

Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue.

Enjoy!

Note: The VERSION file for these releases still says 0.7.1. This was an oversight during the release process. After upgrading, even if you see 0.7.1, you're certainly running the 0.8.0 codebase. I apologize for the inconvenience!

SHA256 Hash Filename
80cb2c13b9f34dd2a5454c15065af81c15d09fbf30298cce276ba1fa7318462b gophish-v0.8.0-linux-32bit.zip
8a64368f31a10d7e0bbedfce8827fcd9fbbfa8d0fc5b5d6a3c467569a7818d26 gophish-v0.8.0-linux-64bit.zip
9209ccab7087e432e0fbd1ecf8772ac5d1cb92839b89907cdbe02ff3b392dd6b gophish-v0.8.0-osx-32bit.zip
95a1adcd9c1e56c2cc6525140fb65e4dda7f89e91497ed5498d09c4319e9c2f7 gophish-v0.8.0-osx-64bit.zip
68de55454a4fca68a61b3bd3359986b26423484350ff947e59a31e0b174ff4cc gophish-v0.8.0-windows-32bit.zip
8bd15a7484e363e0573d0afad31b56e3bbf634dcce377bb4b1ef24a7146823d0 gophish-v0.8.0-windows-64bit.zip
Assets 8

@jordan-wright jordan-wright released this Sep 9, 2018 · 103 commits to master since this release

Whoops!

In the previous version, we introduced the {{.BaseURL}} template variable that points to the root URL. This helps make things like pointing to static files easier. See #1189 for more details.

Turns out, this didn't work for email template validation, since we weren't checking for all possible template tags. I'm sorry for the inconvenience!

Should Be Fixed Now 😄

The good news is that this is fixed now, and should have only been an issue if you were trying to use the new {{.BaseURL}} tag. Since this was something I promised and it didn't work, I wanted to roll out a hotfix.

For all the full details in the latest release, check out the 0.7.0 release notes.

Enjoy!

SHA1 Hash Filename
9bf4cf0905b1d171092a726cae6eafc6c837d926 gophish-v0.7.1-linux-32bit.zip
77d8cf20e8b9591b3e8b8123653156d77a4ff0cb gophish-v0.7.1-linux-64bit.zip
0b88b6d42a7907cfbd1f18574c230158c280d766 gophish-v0.7.1-osx-32bit.zip
1a628ff9aa9a3f398d060e1644bc52a68aa102d4 gophish-v0.7.1-osx-64bit.zip
798486c3bdb6c261625bd2b0605b1311b3ab3c7d gophish-v0.7.1-windows-32bit.zip
1651769aa4f66401107efc04c035d96c8ef4e463 gophish-v0.7.1-windows-64bit.zip
Assets 8

@jordan-wright jordan-wright released this Sep 4, 2018 · 107 commits to master since this release

Gophish Just Got Better.

tl;dr - New version of Gophish. Lots of improvements. Binaries can be found above. 😄

We're excited to announce v0.7.0. This release is packed with improvements that make Gophish more powerful than ever.

Campaign Preview

When setting up a campaign, you want to know what the email and landing page looks like. Previously, to do this you would have to set up a separate campaign just for yourself, since there was no way of testing the full flow.

This isn't good.

In this Gophish release, we've fixed this! Now, when sending a test email from the campaign builder, clicking on the links will load up the landing page, showing you exactly what your recipients would see.

Timed Campaigns

Before this release, emails for a Gophish campaign were all sent at the same time. This is great in some cases, but sometimes you want to spread out the emails over a period of minutes, hours, or even days.

Now you can!

In this release, we've added a new field called "Send Emails By". If you set this field, then Gophish will spread out the emails evenly between the campaign launch and this date.

image

Device Details

No one likes looking through raw logs to see what kinds of devices are clicking on links. Now you don't have to!

In this release, we parse the user-agents for devices that click links or submit credentials, and we show that information in the campaign details:

image

Transparency

As mentioned in #1057, we can do a better job of running friendly phishing simulations. The only approved use of Gophish is to run authorized phishing simulations, so we've added some features to make these campaigns more transparent.

Specifically, we've added:

  • A contact_address field to the config.json. This field is inserted as an X-Gophish-Contact header in outgoing emails
  • An X-Mailer header is set to gophish for outgoing emails
  • We've added a transparency handler if you add a "+" to a valid rid. This returns a JSON response containing the contact address and indicates that the email was generated by Gophish

Those are the big features, but that's certainly not everything! You can find a full changelog here.

How to Upgrade

To upgrade, simply download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!

Thank You

I want to also take a quick moment to say thank you to everyone. The community is what makes Gophish great. I'm so thankful to everyone who leaves questions, suggests features, and goes the extra mile to help others out.

Thank you all for everything you do!

Now, one more thing:

We want to hear from you!

Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue.

Enjoy!

SHA1 Hash Filename
63149165688d3ca989974e32b5716be7e87ed6b4 gophish-v0.7.0-linux-32bit.zip
f113435940626c3f13448ce8e12aafb3e347c504 gophish-v0.7.0-linux-64bit.zip
45736f416e475541ac214611f41c40fb967167dd gophish-v0.7.0-osx-32bit.zip
d9b3ac3a2cf11f53bd33196d0310167ffb43cd8a gophish-v0.7.0-osx-64bit.zip
98ad9756fa95d43af99b12f8d08423f71dc7fc14 gophish-v0.7.0-windows-32bit.zip
f069cc4f4c9c50e422923f205c34eb226a2ea550 gophish-v0.7.0-windows-64bit.zip

Old hashes (only valid if you downloaded the release immediately after it was published before I got a chance to bump the VERSION file):

SHA1 Hash Filename
dfddc8a8038fa612022bb22e823e2a51b343e261 gophish-v0.7.0-linux-32bit.zip
261efd81c727021dfa039fe081ff7941cd86f9ee gophish-v0.7.0-linux-64bit.zip
5ca9e90bc8c6ed0494ddb29deb907548859c5ab0 gophish-v0.7.0-osx-32bit.zip
c0ffcc5f06799c807b79c3b41cefa6785c853dd8 gophish-v0.7.0-osx-64bit.zip
fd12ebc44c964e8577f688405f6c01d470335d9f gophish-v0.7.0-windows-32bit.zip
8000eec9d77a3d6987aa57b7d61736717238c471 gophish-v0.7.0-windows-64bit.zip
Assets 8

@jordan-wright jordan-wright released this May 20, 2018 · 124 commits to master since this release

Gophish Just Got Better.

tl;dr - New version of Gophish. Lots of improvements. Binaries can be found above. 😄

We're excited to announce v0.6.0 of Gophish! This fix has a bunch of bug fixes (including a couple of low-severity security fixes) and a couple of new features.

Email Reporting

The biggest new feature in this release is the ability for users to report phishing emails to Gophish and to have those reports displayed in the dashboard. We don't have email clients ready for this quite yet, so everything is just implemented on the server-side for now.

reporting screenshot

Huge thanks to @S0larflare for making this happen!

Bugs Fixed

Here are just a few of the bugs fixed in this release:

  • All API endpoints now require an API key. Previously, the /api/reset endpoint required a valid session, but this has been changed for consistency. (#1028)
  • We've made some improvements to the way our mailer handles errors (#963)
  • Fixed the way the initial admin account is created to avoid throwing errors when using MySQL (#948)

And more!

How to Upgrade

To upgrade, simply download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!

Thank You

I want to also take a quick moment to say thank you to everyone. The community is what makes Gophish great. I'm so thankful to everyone who leaves questions, suggests features, and goes the extra mile to help others out.

Thank you all for everything you do!

Now, one more thing:

We want to hear from you!

Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue.

Enjoy!

SHA1 Hash Filename
301620234118f7d33a22beaebeb772f3211b1592 gophish-v0.6.0-linux-32bit.zip
6e6c621cab279f136f8d7b29b60b291b441e4bba gophish-v0.6.0-linux-64bit.zip
a87e2eeebc8d62b6905a9d7eb59c7b7b4d2291e9 gophish-v0.6.0-osx-32bit.zip
426def461471012f274dbeca01c37471934b723e gophish-v0.6.0-windows-32bit.zip
ed5ed65b9e0d1a98fb1034fd080d76e7da8f0273 gophish-v0.6.0-windows-64bit.zip
Assets 8

@jordan-wright jordan-wright released this Jan 27, 2018 · 142 commits to master since this release

Gophish Just Got Better.

tl;dr - New version of Gophish. Lots of improvements. Binaries can be found above. 😄

We're excited to announce v0.5.0 of Gophish! This release fixes all sorts of pesky bugs, and includes some big changes to the way emails are handled.

Big Changes

We've completely redone the way emails are sent by Gophish. In previous versions, we made a single pass at sending campaign emails. If anything went wrong, the rest of the emails would fail. As you can imagine, this isn't ideal.

We've rearchitected this process where Gophish now queues up emails and tries to send them, retrying as necessary. This is far more fault tolerant and reliable. You can refer to #878 for details.

This also has other benefits. For example, in previous versions of Gophish, if you launched a campaign immediately, it might still take up to a minute for emails to be sent. Now, they're sent as soon as the campaign is launched. No more waiting!

Faster Release Process

I've now fully automated the process of compiling and uploading Gophish binaries. This is huge because it means we can make Gophish releases much more quickly and reliably. I'll write up a blog post later with the details.

This is the first run using the new process, so let me know if you encounter any issues.

How to Upgrade

To upgrade, simply download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!

Now, one more thing:

We want to hear from you!

Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue.

Enjoy!

Details:

SHA1 Hash Filename
49dea979cc829ea3c0750791aa22cb890bbfac72 gophish-v0.5.0-linux-32bit.zip
d3278c0d5e6cb382b137d2e3720ed30c0a03e8df gophish-v0.5.0-linux-64bit.zip
61cab355927c3f9907a94ca3c5346ff97d428d6a gophish-v0.5.0-osx-32bit.zip
437a2a6cbdbbe8523c41e6822791e6d3c6bd293f gophish-v0.5.0-osx-64bit.zip
eaf0d5358c0244c90ee454e10b174155ae96a90b gophish-v0.5.0-windows-32bit.zip
2f01937ecc6bc6ab007361424ecb03f61ff3ba5b gophish-v0.5.0-windows-64bit.zip
Assets 8

@jordan-wright jordan-wright released this Sep 18, 2017 · 169 commits to master since this release

Gophish Just Got Better.

tl;dr - New version of Gophish. Lots of improvements. Binaries can be found below. 😄

We're excited to announce v0.4.0 of Gophish! This release fixes all sorts of pesky bugs, gives 100% more donut charts and 100% fewer useless maps. Give it a shot! We think you'll really like it.

Big Changes

This release doesn't come with any completely new features but we still made big changes we think you'll like.

  • The target map is now an optional feature. We realized that most tests are internal and that even if it's an external test, the map simply takes up space. Now, you can re-enable it in the "Settings" page. (#747)

  • We've moved all charts from Chartist.js to Highcharts. Highcharts is a well established library that gives good performance and tons of great features. So, for example, now the campaign timeline is fully zoomable. 🎊

timeline.gif

  • We also split out the results status donut chart into multiple charts - one for each status. Previously the results were a bit misleading since we only showed the final status. Now, we show the counts for every status! And hey, who doesn't love more donuts? (#680)

image

  • Datetimes are now stored in UTC format in the database. So, the API will now return dates in UTC as opposed to the browser's local time zone. This gives us more consistency in the case where browser's and servers have different time zones when campaigns are scheduled. It's worth noting that we adjust the times on the frontend so that all campaigns and scheduling in the browser still show local time. We just convert everything to UTC for storage. (#316)

  • We changed the font size in the UI from 18px to 16px. This should give a bit more space and improve the look and feel. I guess this was a 😎 small change.

New Website!

We just launched the new version of our website at getgophish.com. This was created with hand crafted artisanal HTML, so be sure to check it out.

How to Upgrade

To upgrade, simply download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!

Now, one more thing:

We want to hear from you!

Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue directly.

Enjoy!

Details:

SHA1 Hash Filename
0254e5b9a1febc34611271cc0b56e42c5b9d4bb1 gophish-v0.4-darwin-32bit.zip
80a6017a0080aaacf2ceb042a78e67e301bba623 gophish-v0.4-darwin-64bit.zip
4502fa44fe0a7ea0e9defcc49f33fe76fbf5bac4 gophish-v0.4-linux-32bit.zip
252f0f2d7712d83c3495734b6e74485f0f3f35d9 gophish-v0.4-linux-64bit.zip
db5324935450e5a8377c81d213c59937a594e551 gophish-v0.4-windows-32bit.zip
4d9082b97ca9fd36c8195a536f45197b07b37989 gophish-v0.4-windows-64bit.zip
Assets 8

@jordan-wright jordan-wright released this Mar 2, 2017 · 200 commits to master since this release

Say Hello to the New Gophish.

tl;dr - New version of Gophish. Tons of features. Binaries can be found below. 😄

We're excited to announce Gophish v0.3.0. This release is packed with updates, so we think you'll really enjoy it.

New Features

Here are just some of the new features in this release:

  • More granular result status (e.g. "Submitted Data" and "Clicked Link" instead of "Success")
  • Support for custom SMTP headers
  • Performance improvements and "summary" API endpoints
  • Automatic SSL certificate creation
  • Support for MySQL
  • Now using select2 instead of typeahead.js when building a campaign
  • Shorter result ID's
  • A whole bunch of bug fixes!

A Python API Client!

To make working with the API even easier, we've developed an official Python API client.. This will make it easier to orchestrate Gophish to create, launch, and manage campaigns.

Community Contributions

Gophish has an incredible community. I wanted to make a spot in these release notes to call out some key contributions that helped make this release amazing:

  • @chrismaddalena has created an awesome tool called GoReport that leverages the Gophish API to generate campaign reports.
  • @LarryGrim has created a comprehensive guide on building a simulated phishing program from scratch.
  • @S0larflare and @snori74 have done an outstanding job of always being quick to answer new issues as they are reported. Thank you both so much!
  • @svigne1 has contributed performance improvements, as well as the MySQL support!

Documentation has moved

All documentation is being moved to our Gitbooks repo here: https://www.gitbook.com/@gophish. Gitbooks allows us to easily manage our documentation and publish both online hosted docs, as well as downloadable PDFs.

We're still finalizing our docs, so please bear with us as we make sure everything is fully documented - especially related to API endpoints.

How to Upgrade

To upgrade, simply download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!

Now, one more thing:

We want to hear from you!

Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue directly.

Enjoy!

Assets 8
You can’t perform that action at this time.