Gophish Social Engineering Framework Cheat Sheet
Überblick
Gophish ist ein Open-Source-Phishing-Framework für Unternehmen und Penetration Tester, um real-world Phishing-Simulationen durchzuführen. Es bietet eine webbasierte Schnittstelle zur Erstellung und Verwaltung von Phishing-Kampagnen, Tracking-Ergebnisse und Erstellung von Berichten.
ZEIT Warnung: Dieses Tool ist nur für autorisierte Sicherheitstests und Aufklärungstraining gedacht. Stellen Sie sicher, dass Sie eine ordnungsgemäße Autorisierung haben, bevor Sie Phishing-Kampagnen durchführen.
Installation
Vorkompilierte Binäre
```bash
Download latest release for Linux
wget https://github.com/gophish/gophish/releases/latest/download/gophish-v0.12.1-linux-64bit.zip unzip gophish-v0.12.1-linux-64bit.zip chmod +x gophish
Download for Windows
Download gophish-v0.12.1-windows-64bit.zip from GitHub releases
Download for macOS
wget https://github.com/gophish/gophish/releases/latest/download/gophish-v0.12.1-macos-64bit.zip unzip gophish-v0.12.1-macos-64bit.zip chmod +x gophish ```_
Aufbau von Source
```bash
Install Go (version 1.19+)
git clone https://github.com/gophish/gophish.git cd gophish go build ```_
Docker Installation
```bash
Pull official Docker image
docker pull gophish/gophish
Run Gophish in Docker
docker run -it -p 3333:3333 -p 8080:8080 gophish/gophish
Run with persistent data
docker run -it -p 3333:3333 -p 8080:8080 -v /opt/gophish:/opt/gophish gophish/gophish ```_
Basisnutzung
Starting Gophish
```bash
Start Gophish server
./gophish
Start with custom configuration
./gophish -config config.json
Start with custom admin interface
./gophish -admin-server 0.0.0.0:3333
Start with custom phish server
./gophish -phish-server 0.0.0.0:8080 ```_
Erster Setup
```bash
Default admin credentials (change immediately)
Username: admin
Password: gophish
Access admin interface
https://localhost:3333
Access phishing server
http://localhost:8080
```_
Konfiguration
Grundkonfiguration (config.json)
json
\\\\{
"admin_server": \\\\{
"listen_url": "0.0.0.0:3333",
"use_tls": true,
"cert_path": "gophish_admin.crt",
"key_path": "gophish_admin.key"
\\\\},
"phish_server": \\\\{
"listen_url": "0.0.0.0:8080",
"use_tls": false,
"cert_path": "example.crt",
"key_path": "example.key"
\\\\},
"db_name": "sqlite3",
"db_path": "gophish.db",
"migrations_prefix": "db/db_",
"contact_address": "",
"logging": \\\\{
"filename": "",
"level": ""
\\\\}
\\\\}_
SSL/TLS Konfiguration
```bash
Generate self-signed certificate for admin interface
openssl req -newkey rsa:4096 -nodes -keyout gophish_admin.key -x509 -days 365 -out gophish_admin.crt
Generate certificate for phishing server
openssl req -newkey rsa:4096 -nodes -keyout phish.key -x509 -days 365 -out phish.crt
Use Let's Encrypt certificate
certbot certonly --standalone -d yourdomain.com ```_
Datenbankkonfiguration
json
\\\\{
"db_name": "mysql",
"db_path": "user:password@tcp(localhost:3306)/gophish?charset=utf8&parseTime;=True&loc;=Local",
"migrations_prefix": "db/db_"
\\\\}_
Kampagnenmanagement
E-Mail-Vorlagen erstellen
```html
Security Alert - Action Required
Dear \\\\{\\\\{.FirstName\\\\}\\\\} \\\\{\\\\{.LastName\\\\}\\\\},
We have detected suspicious activity on your account.
Please click here to verify your account.
Best regards,
IT Security Team
```_
Landing Page Vorlagen
```html
Account Verification
```_
Profil senden (SMTP)
json
\\\\{
"name": "Gmail SMTP",
"host": "smtp.gmail.com:587",
"username": "your-email@gmail.com",
"password": "app-password",
"from_address": "security@company.com",
"ignore_cert_errors": false
\\\\}_
Benutzergruppen
csv
First Name,Last Name,Email,Position
John,Doe,john.doe@company.com,Manager
Jane,Smith,jane.smith@company.com,Developer
Bob,Johnson,bob.johnson@company.com,Analyst_
Erweiterte Funktionen
Mustervariablen
```html
\\{\\{.FirstName\\}\\} \\{\\{.LastName\\}\\} \\{\\{.Email\\}\\} \\{\\{.Position\\}\\} \\{\\{.URL\\}\\} \\{\\{.Tracker\\}\\} \\{\\{.From\\}\\} \\{\\{.RId\\}\\} ```_
Benutzerdefinierte Kopfzeilen
json
\\\\{
"headers": [
\\\\{
"key": "X-Mailer",
"value": "Microsoft Outlook 16.0"
\\\\},
\\\\{
"key": "X-Priority",
"value": "1"
\\\\}
]
\\\\}_
Webhook Integration
```bash
Configure webhook for real-time notifications
curl -X POST http://localhost:3333/api/webhooks \ -H "Content-Type: application/json" \ -H "Authorization: Bearer YOUR_API_KEY" \ -d '\\{ "name": "Slack Webhook", "url": "https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK", "secret": "webhook-secret", "is_active": true \\}' ```_
API Verwendung
Authentication
```bash
Get API key from admin interface
Settings > API Keys > Generate New Key
Use API key in requests
curl -H "Authorization: Bearer YOUR_API_KEY" http://localhost:3333/api/campaigns/ ```_
Kampagnenmanagement über API
```bash
List campaigns
curl -H "Authorization: Bearer YOUR_API_KEY" \ http://localhost:3333/api/campaigns/
Get campaign details
curl -H "Authorization: Bearer YOUR_API_KEY" \ http://localhost:3333/api/campaigns/1
Create campaign
curl -X POST http://localhost:3333/api/campaigns/ \ -H "Content-Type: application/json" \ -H "Authorization: Bearer YOUR_API_KEY" \ -d '\\{ "name": "Test Campaign", "template": \\{"name": "Test Template"\\}, "page": \\{"name": "Test Landing Page"\\}, "smtp": \\{"name": "Test SMTP"\\}, "groups": [\\{"name": "Test Group"\\}], "launch_date": "2024-01-01T09:00:00Z" \\}' ```_
Ergebnisse über API
```bash
Get campaign results
curl -H "Authorization: Bearer YOUR_API_KEY" \ http://localhost:3333/api/campaigns/1/results
Get campaign summary
curl -H "Authorization: Bearer YOUR_API_KEY" \ http://localhost:3333/api/campaigns/1/summary ```_
Evasion Techniken
E-Mail senden
```html
From: IT Security <security@company.com>
Subject: [URGENT] Account Security Alert - Action Required
```_
Domain Spoofing
```bash
Use similar domains
Original: company.com
Spoofed: comp4ny.com, company-security.com
Use subdomains
security.legitimate-domain.com
Use URL shorteners
bit.ly, tinyurl.com, goo.gl
```_
Inhaltsverzeichnis
```html
Legitimate Content
Legitimate Content ```_
Reporting und Analytics
Kampagnen Metrics
```bash
Key metrics tracked:
- Emails sent
- Emails opened
- Links clicked
- Data submitted
- Email reported
Timeline tracking:
- When emails were opened
- When links were clicked
- Geographic data
- User agent information
```_
Ergebnisse der Ausfuhr
```bash
Export campaign results to CSV
curl -H "Authorization: Bearer YOUR_API_KEY" \ "http://localhost:3333/api/campaigns/1/results?format=csv" \ -o campaign_results.csv
Export campaign summary
curl -H "Authorization: Bearer YOUR_API_KEY" \ "http://localhost:3333/api/campaigns/1/summary?format=json" \ -o campaign_summary.json ```_
Zollberichte
```python
Python script for custom reporting
import requests import json
api_key = "YOUR_API_KEY" base_url = "http://localhost:3333/api"
headers = \\{"Authorization": f"Bearer \\{api_key\\}"\\}
Get all campaigns
campaigns = requests.get(f"\\{base_url\\}/campaigns/", headers=headers).json()
for campaign in campaigns: results = requests.get(f"\\{base_url\\}/campaigns/\\{campaign['id']\\}/results", headers=headers).json()
# Calculate metrics
total_sent = len(results)
opened = len([r for r in results if r['status'] == 'Email Opened'])
clicked = len([r for r in results if r['status'] == 'Clicked Link'])
submitted = len([r for r in results if r['status'] == 'Submitted Data'])
print(f"Campaign: \\\\{campaign['name']\\\\}")
print(f"Sent: \\\\{total_sent\\\\}, Opened: \\\\{opened\\\\}, Clicked: \\\\{clicked\\\\}, Submitted: \\\\{submitted\\\\}")
```_
Sicherheitsüberlegungen
Operationelle Sicherheit
```bash
Use VPS or cloud infrastructure
Implement proper access controls
Use encrypted communications
Regular security updates
Monitor for detection
```_
Rechtliche Überlegungen
```bash
Obtain written authorization
Define scope and limitations
Implement opt-out mechanisms
Protect collected data
Follow data protection laws
```_
Ethische Leitlinien
```bash
Educational purpose only
Minimize psychological impact
Provide immediate feedback
Offer security training
Respect privacy rights
```_
Fehlerbehebung
Lieferung von E-Mails
```bash
Check SMTP configuration
Verify DNS records (SPF, DKIM, DMARC)
Test with different email providers
Monitor reputation scores
Use authenticated SMTP
```_
SSL/TLS Ausgaben
```bash
Verify certificate validity
openssl x509 -in certificate.crt -text -noout
Test SSL configuration
openssl s_client -connect domain.com:443
Check certificate chain
curl -vI https://domain.com ```_
Datenbankprobleme
```bash
Backup database
cp gophish.db gophish.db.backup
Check database integrity
sqlite3 gophish.db "PRAGMA integrity_check;"
Repair database if needed
sqlite3 gophish.db ".recover"|sqlite3 gophish_recovered.db ```_
Leistungsfragen
```bash
Monitor resource usage
top -p $(pgrep gophish)
Optimize database
sqlite3 gophish.db "VACUUM;"
Increase system limits
ulimit -n 65536 ```_
Integrationsbeispiele
Slack Integration
```python
Webhook for Slack notifications
import requests import json
def send_slack_notification(webhook_url, message): payload = \\{ "text": message, "username": "Gophish", "icon_emoji": ":fishing_pole_and_fish:" \\}
response = requests.post(webhook_url, json=payload)
return response.status_code == 200
```_
SIEM Integration
```python
Send events to SIEM
import syslog
def log_phishing_event(event_type, user_email, campaign_name): message = f"Phishing Event: \\{event_type\\} - User: \\{user_email\\} - Campaign: \\{campaign_name\\}" syslog.syslog(syslog.LOG_WARNING, message) ```_
Active Directory Integration
```python
Check user against Active Directory
import ldap3
def check_user_in_ad(username, ad_server, ad_user, ad_password): server = ldap3.Server(ad_server) conn = ldap3.Connection(server, ad_user, ad_password)
if conn.bind():
search_filter = f"(sAMAccountName=\\\\{username\\\\})"
conn.search('dc=company,dc=com', search_filter)
return len(conn.entries) > 0
return False
```_
Ressourcen
- [Gophish Offizielle Website](LINK_5 -%20(LINK_5)
- (__LINK_5___)
- (LINK_5)
- (__LINK_5___)
--
*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Verwendung von Gophish. Stellen Sie immer sicher, dass Sie eine ordnungsgemäße Autorisierung haben und ethische Richtlinien bei der Durchführung von Phishing-Simulationen beachten. *