Zum Inhalt

Gophish Social Engineering Framework Cheat Sheet

generieren

Überblick

Gophish ist ein Open-Source-Phishing-Framework für Unternehmen und Penetration Tester, um real-world Phishing-Simulationen durchzuführen. Es bietet eine webbasierte Schnittstelle zur Erstellung und Verwaltung von Phishing-Kampagnen, Tracking-Ergebnisse und Erstellung von Berichten.

ZEIT Warnung: Dieses Tool ist nur für autorisierte Sicherheitstests und Aufklärungstraining gedacht. Stellen Sie sicher, dass Sie eine ordnungsgemäße Autorisierung haben, bevor Sie Phishing-Kampagnen durchführen.

Installation

Vorkompilierte Binäre

```bash

Download latest release for Linux

wget https://github.com/gophish/gophish/releases/latest/download/gophish-v0.12.1-linux-64bit.zip unzip gophish-v0.12.1-linux-64bit.zip chmod +x gophish

Download for Windows

Download gophish-v0.12.1-windows-64bit.zip from GitHub releases

Download for macOS

wget https://github.com/gophish/gophish/releases/latest/download/gophish-v0.12.1-macos-64bit.zip unzip gophish-v0.12.1-macos-64bit.zip chmod +x gophish ```_

Aufbau von Source

```bash

Install Go (version 1.19+)

git clone https://github.com/gophish/gophish.git cd gophish go build ```_

Docker Installation

```bash

Pull official Docker image

docker pull gophish/gophish

Run Gophish in Docker

docker run -it -p 3333:3333 -p 8080:8080 gophish/gophish

Run with persistent data

docker run -it -p 3333:3333 -p 8080:8080 -v /opt/gophish:/opt/gophish gophish/gophish ```_

Basisnutzung

Starting Gophish

```bash

Start Gophish server

./gophish

Start with custom configuration

./gophish -config config.json

Start with custom admin interface

./gophish -admin-server 0.0.0.0:3333

Start with custom phish server

./gophish -phish-server 0.0.0.0:8080 ```_

Erster Setup

```bash

Default admin credentials (change immediately)

Username: admin

Password: gophish

Access admin interface

https://localhost:3333

Access phishing server

http://localhost:8080

```_

Konfiguration

Grundkonfiguration (config.json)

json \\\\{ "admin_server": \\\\{ "listen_url": "0.0.0.0:3333", "use_tls": true, "cert_path": "gophish_admin.crt", "key_path": "gophish_admin.key" \\\\}, "phish_server": \\\\{ "listen_url": "0.0.0.0:8080", "use_tls": false, "cert_path": "example.crt", "key_path": "example.key" \\\\}, "db_name": "sqlite3", "db_path": "gophish.db", "migrations_prefix": "db/db_", "contact_address": "", "logging": \\\\{ "filename": "", "level": "" \\\\} \\\\}_

SSL/TLS Konfiguration

```bash

Generate self-signed certificate for admin interface

openssl req -newkey rsa:4096 -nodes -keyout gophish_admin.key -x509 -days 365 -out gophish_admin.crt

Generate certificate for phishing server

openssl req -newkey rsa:4096 -nodes -keyout phish.key -x509 -days 365 -out phish.crt

Use Let's Encrypt certificate

certbot certonly --standalone -d yourdomain.com ```_

Datenbankkonfiguration

json \\\\{ "db_name": "mysql", "db_path": "user:password@tcp(localhost:3306)/gophish?charset=utf8&parseTime=True&loc=Local", "migrations_prefix": "db/db_" \\\\}_

Kampagnenmanagement

E-Mail-Vorlagen erstellen

```html

Security Alert

Security Alert - Action Required

Dear \\\\{\\\\{.FirstName\\\\}\\\\} \\\\{\\\\{.LastName\\\\}\\\\},

We have detected suspicious activity on your account.

Please click here to verify your account.

Best regards,
IT Security Team

\\\\{\\\\{.Tracker\\\\}\\\\}

```_

Landing Page Vorlagen

```html

Account Verification

Account Verification

\\\\{\\\\{.Tracker\\\\}\\\\}

```_

Profil senden (SMTP)

json \\\\{ "name": "Gmail SMTP", "host": "smtp.gmail.com:587", "username": "your-email@gmail.com", "password": "app-password", "from_address": "security@company.com", "ignore_cert_errors": false \\\\}_

Benutzergruppen

csv First Name,Last Name,Email,Position John,Doe,john.doe@company.com,Manager Jane,Smith,jane.smith@company.com,Developer Bob,Johnson,bob.johnson@company.com,Analyst_

Erweiterte Funktionen

Mustervariablen

```html

\\{\\{.FirstName\\}\\} \\{\\{.LastName\\}\\} \\{\\{.Email\\}\\} \\{\\{.Position\\}\\} \\{\\{.URL\\}\\} \\{\\{.Tracker\\}\\} \\{\\{.From\\}\\} \\{\\{.RId\\}\\} ```_

Benutzerdefinierte Kopfzeilen

json \\\\{ "headers": [ \\\\{ "key": "X-Mailer", "value": "Microsoft Outlook 16.0" \\\\}, \\\\{ "key": "X-Priority", "value": "1" \\\\} ] \\\\}_

Webhook Integration

```bash

Configure webhook for real-time notifications

curl -X POST http://localhost:3333/api/webhooks \ -H "Content-Type: application/json" \ -H "Authorization: Bearer YOUR_API_KEY" \ -d '\\{ "name": "Slack Webhook", "url": "https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK", "secret": "webhook-secret", "is_active": true \\}' ```_

API Verwendung

Authentication

```bash

Get API key from admin interface

Settings > API Keys > Generate New Key

Use API key in requests

curl -H "Authorization: Bearer YOUR_API_KEY" http://localhost:3333/api/campaigns/ ```_

Kampagnenmanagement über API

```bash

List campaigns

curl -H "Authorization: Bearer YOUR_API_KEY" \ http://localhost:3333/api/campaigns/

Get campaign details

curl -H "Authorization: Bearer YOUR_API_KEY" \ http://localhost:3333/api/campaigns/1

Create campaign

curl -X POST http://localhost:3333/api/campaigns/ \ -H "Content-Type: application/json" \ -H "Authorization: Bearer YOUR_API_KEY" \ -d '\\{ "name": "Test Campaign", "template": \\{"name": "Test Template"\\}, "page": \\{"name": "Test Landing Page"\\}, "smtp": \\{"name": "Test SMTP"\\}, "groups": [\\{"name": "Test Group"\\}], "launch_date": "2024-01-01T09:00:00Z" \\}' ```_

Ergebnisse über API

```bash

Get campaign results

curl -H "Authorization: Bearer YOUR_API_KEY" \ http://localhost:3333/api/campaigns/1/results

Get campaign summary

curl -H "Authorization: Bearer YOUR_API_KEY" \ http://localhost:3333/api/campaigns/1/summary ```_

Evasion Techniken

E-Mail senden

```html

From: IT Security <security@company.com>

Subject: [URGENT] Account Security Alert - Action Required

Verify Account

```_

Domain Spoofing

```bash

Use similar domains

Original: company.com

Spoofed: comp4ny.com, company-security.com

Use subdomains

security.legitimate-domain.com

Use URL shorteners

bit.ly, tinyurl.com, goo.gl

```_

Inhaltsverzeichnis

```html

Click Here

PHISHINGLegitimate Content

Legi‌timate‌ Content ```_

Reporting und Analytics

Kampagnen Metrics

```bash

Key metrics tracked:

- Emails sent

- Emails opened

- Links clicked

- Data submitted

- Email reported

Timeline tracking:

- When emails were opened

- When links were clicked

- Geographic data

- User agent information

```_

Ergebnisse der Ausfuhr

```bash

Export campaign results to CSV

curl -H "Authorization: Bearer YOUR_API_KEY" \ "http://localhost:3333/api/campaigns/1/results?format=csv" \ -o campaign_results.csv

Export campaign summary

curl -H "Authorization: Bearer YOUR_API_KEY" \ "http://localhost:3333/api/campaigns/1/summary?format=json" \ -o campaign_summary.json ```_

Zollberichte

```python

Python script for custom reporting

import requests import json

api_key = "YOUR_API_KEY" base_url = "http://localhost:3333/api"

headers = \\{"Authorization": f"Bearer \\{api_key\\}"\\}

Get all campaigns

campaigns = requests.get(f"\\{base_url\\}/campaigns/", headers=headers).json()

for campaign in campaigns: results = requests.get(f"\\{base_url\\}/campaigns/\\{campaign['id']\\}/results", headers=headers).json()

# Calculate metrics
total_sent = len(results)
opened = len([r for r in results if r['status'] == 'Email Opened'])
clicked = len([r for r in results if r['status'] == 'Clicked Link'])
submitted = len([r for r in results if r['status'] == 'Submitted Data'])

print(f"Campaign: \\\\{campaign['name']\\\\}")
print(f"Sent: \\\\{total_sent\\\\}, Opened: \\\\{opened\\\\}, Clicked: \\\\{clicked\\\\}, Submitted: \\\\{submitted\\\\}")

```_

Sicherheitsüberlegungen

Operationelle Sicherheit

```bash

Use VPS or cloud infrastructure

Implement proper access controls

Use encrypted communications

Regular security updates

Monitor for detection

```_

Rechtliche Überlegungen

```bash

Obtain written authorization

Define scope and limitations

Implement opt-out mechanisms

Protect collected data

Follow data protection laws

```_

Ethische Leitlinien

```bash

Educational purpose only

Minimize psychological impact

Provide immediate feedback

Offer security training

Respect privacy rights

```_

Fehlerbehebung

Lieferung von E-Mails

```bash

Check SMTP configuration

Verify DNS records (SPF, DKIM, DMARC)

Test with different email providers

Monitor reputation scores

Use authenticated SMTP

```_

SSL/TLS Ausgaben

```bash

Verify certificate validity

openssl x509 -in certificate.crt -text -noout

Test SSL configuration

openssl s_client -connect domain.com:443

Check certificate chain

curl -vI https://domain.com ```_

Datenbankprobleme

```bash

Backup database

cp gophish.db gophish.db.backup

Check database integrity

sqlite3 gophish.db "PRAGMA integrity_check;"

Repair database if needed

sqlite3 gophish.db ".recover"|sqlite3 gophish_recovered.db ```_

Leistungsfragen

```bash

Monitor resource usage

top -p $(pgrep gophish)

Optimize database

sqlite3 gophish.db "VACUUM;"

Increase system limits

ulimit -n 65536 ```_

Integrationsbeispiele

Slack Integration

```python

Webhook for Slack notifications

import requests import json

def send_slack_notification(webhook_url, message): payload = \\{ "text": message, "username": "Gophish", "icon_emoji": "🎣" \\}

response = requests.post(webhook_url, json=payload)
return response.status_code == 200

```_

SIEM Integration

```python

Send events to SIEM

import syslog

def log_phishing_event(event_type, user_email, campaign_name): message = f"Phishing Event: \\{event_type\\} - User: \\{user_email\\} - Campaign: \\{campaign_name\\}" syslog.syslog(syslog.LOG_WARNING, message) ```_

Active Directory Integration

```python

Check user against Active Directory

import ldap3

def check_user_in_ad(username, ad_server, ad_user, ad_password): server = ldap3.Server(ad_server) conn = ldap3.Connection(server, ad_user, ad_password)

if conn.bind():
    search_filter = f"(sAMAccountName=\\\\{username\\\\})"
    conn.search('dc=company,dc=com', search_filter)
    return len(conn.entries) > 0

return False

```_

Ressourcen

  • [Gophish Offizielle Website](LINK_5
  • (LINK_5)
  • (LINK_5_)
  • (LINK_5)
  • (LINK_5_)

--

*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Verwendung von Gophish. Stellen Sie immer sicher, dass Sie eine ordnungsgemäße Autorisierung haben und ethische Richtlinien bei der Durchführung von Phishing-Simulationen beachten. *