Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
Repo info
  • Jan 31 2019 17:06
    MrKomish starred gophish/gophish
  • Jan 31 2019 17:01
    broosa commented #1336
  • Jan 31 2019 16:54
    broosa commented #1336
  • Jan 31 2019 15:17
    wes-parsons starred gophish/gophish
  • Jan 31 2019 14:56
    iammrfrank commented #1071
  • Jan 31 2019 10:13
  • Jan 31 2019 09:35
    damayu2013 starred gophish/gophish
  • Jan 31 2019 06:06
    nieivan starred gophish/gophish
  • Jan 31 2019 02:50
  • Jan 31 2019 02:20
    Static-Flow commented #1354
  • Jan 31 2019 02:08
    lustfa starred gophish/gophish
  • Jan 30 2019 23:20
    Static-Flow starred gophish/gophish
  • Jan 30 2019 23:19
    Static-Flow opened #1354
  • Jan 30 2019 19:57
    greenmouse147 opened #1353
  • Jan 30 2019 02:57
    vanditamathur commented #1351
  • Jan 30 2019 02:04
    jordan-wright commented #1333
  • Jan 30 2019 01:59
    jordan-wright labeled #1351
  • Jan 30 2019 01:59
    jordan-wright commented #1351
  • Jan 29 2019 13:10
    gnyman starred gophish/gophish
  • Jan 29 2019 13:04
    Paulstaley commented #1348
s vignesh
and you have to give your_email_id@gmail.com for user name
s vignesh

Hi Team , I work in the infosec department of walmart. We want to use Gophish for training all our employees. There are about 300 thousand employees, so, SqlLite wouldn't scale up and handle all the load. So, I am thinking of forking gophish code base, and changing the database being used. I see in your website. "One click installation" has been mentioned as an advantage to using this project.
So, If i complete my change and raise a pull request, will my code be merged? Because, with this change, gophish can no longer be installed with one click.

But i feel, this is a necessary change, as a lot more companies would find an alternate database other than sqlLite useful when they want to setup goPhish in their production environment.

Please share your thoughts.
@svigne1 I figured it out. The firewall setting was messing up with the smtp. Thanks for the tips anyways.
Jordan Wright
@svigne1 I'm definitely open to integrating support for new databases. The way I can see it would be to create entries in the dbfile for entries like "dbtype" which will default to sqlite making the install still the 'one click' thing. If someone chooses to use mysql or whatever else is supported, then gophish will handle that transparently.
@svigne1 the one recommendation I would have until we get some things cleaned up on the web frontend would be to avoid using the dashboard with that many users. It'll hose up your browser. The API should take care of what you need.
s vignesh
@jordan-wright That’s great! I wont be using goPhish now, i will start working on the Db switch right now. And since I’m new to Go, (I learnt Go to use GoPhish) I will take time to complete this db change. By the time I’m done, i think you will be done with your cleanup on the frontend.
s vignesh
Hi @jordan-wright , when i switched the database from sqlite3 to mysql, I get an error from goose, during migrations saying that the mysql syntax is wrong. When i checked the migration files, i saw that the sql statements were in sqlite3 style syntax. for example, auto_increment was autoincrement in the migration files. I also read in the net, that goose, allows you to create migrations in Go as well as SQL. Can we, switch from sql files to Go files. That, way, even if we use Mysql, it wont break i think…. Or is there a way to apply the migrations in Mysql with the current migration files that we have??
Jordan Wright
Not sure of the best way to handle that. We are using the dbconf.yml file to setup the sqlite dialect for goose. We might be able to programmatically set that dialect to whatever we're using at the time, though I haven't investigated it yet
s vignesh

Hi @jordan-wright , the dialect for goose is set programmatically i think. I saw this line in models.go

dbconf.yml is used when you want to use Goose through command line i think.
I am thinking of creating two directories, one containing, sqlLite3 migrations and the other containing Mysql migrations, and choosing the directory during runtime based on the database chosen in config.json file.
by changing this line…

Please correct me if you have a better solution. I had a bad idea, where i will create one more gorm object in the Go migration file of goose and use the ORM functions of gorm to make all the changes. This way, we dont have to have two directories, one for Mysql and one for Sqlite3, the same migration files will get applied on both without errors.

Please share your thoughts.

Shane Caldwell

Hey all, I'm building gophish from source using go version 1.7. Has this been tested? Trying to run the built binary and access the admin page causes an http panic for me. I tried running go get -u inside the gophish dir, but when I recompile I get the same results.

The stack trace looks like this

 2016/08/08 16:09:52 worker.go:36: Background Worker Started Successfully - Waiting for Campaigns
goose: no migrations to run. current version: 20160605210903
 2016/08/08 16:09:52 gophish.go:71: Starting phishing server at
 2016/08/08 16:09:52 gophish.go:59: Starting admin server at
 2016/08/08 16:10:52 campaign.go:235: Found 0 Campaigns to run
2016/08/08 16:11:11 http: panic serving interface conversion: interface {} is nil, not *sessions.Session
goroutine 14 [running]:
    /usr/local/go/src/net/http/server.go:1491 +0x12a
panic(0x980340, 0xc42023cfc0)
    /usr/local/go/src/runtime/panic.go:458 +0x243
github.com/gophish/gophish/controllers.Login(0x7fcb97e2a2d8, 0xc42016c390, 0xc4200b51d0)
    /home/shane/Documents/goproj/src/github.com/gophish/gophish/controllers/route.go:406 +0xa29
net/http.HandlerFunc.ServeHTTP(0xa48438, 0x7fcb97e2a2d8, 0xc42016c390, 0xc4200b51d0)
    /usr/local/go/src/net/http/server.go:1726 +0x44
github.com/gorilla/mux.(*Router).ServeHTTP(0xc4201e64b0, 0x7fcb97e2a2d8, 0xc42016c390, 0xc4200b51d0)
    /home/shane/Documents/goproj/src/github.com/gorilla/mux/mux.go:107 +0x10d
github.com/justinas/nosurf.(*CSRFHandler).handleSuccess(0xc4201cad80, 0x7fcb97e2a2d8, 0xc42016c390, 0xc4200b4e10)
    /home/shane/Documents/goproj/src/github.com/justinas/nosurf/handler.go:180 +0x51
github.com/justinas/nosurf.(*CSRFHandler).ServeHTTP(0xc4201cad80, 0x7fcb97e2a2d8, 0xc42016c390, 0xc4200b4e10)
    /home/shane/Documents/goproj/src/github.com/justinas/nosurf/handler.go:137 +0x1a3
github.com/justinas/nosurf.(*CSRFHandler).ServeHTTP-fm(0x7fcb97e2a2d8, 0xc42016c390, 0xc4200b4e10)
    /home/shane/Documents/goproj/src/github.com/gophish/gophish/controllers/route.go:85 +0x48
net/http.HandlerFunc.ServeHTTP(0xc4202775a0, 0x7fcb97e2a2d8, 0xc42016c390, 0xc4200b4e10)
    /usr/local/go/src/net/http/server.go:1726 +0x44
github.com/gophish/gophish/middleware.GetContext.func1(0x7fcb97e2a2d8, 0xc42016c390, 0xc4200b4e10)
    /home/shane/Documents/goproj/src/github.com/gophish/gophish/middleware/middleware.go:38 +0x2ff
net/http.HandlerFunc.ServeHTTP(0xc420263780, 0x7fcb97e2a2d8, 0xc42016c390, 0xc4200b4e10)
    /usr/local/go/src/net/http/server.go:1726 +0x44
github.com/gorilla/handlers.combinedLoggingHandler.ServeHTTP(0xe81940, 0xc420026010, 0xe82a80, 0xc420263780, 0xe86340, 0xc42023b380, 0xc4200b4e10)
    /home/shane/Documents/goproj/src/github.com/gorilla/handlers/handlers.go:77 +0x121
github.com/gorilla/handlers.(*combinedLoggingHandler).ServeHTTP(0xc4202637a0, 0xe86340, 0xc42023b380, 0xc4200b4e10)
    <autogenerated>:15 +0x8b
net/http.serverHandler.ServeHTTP(0xc42025d080, 0xe86340, 0xc42023b380, 0xc4200b4e10)
    /usr/local/go/src/net/http/server.go:2202 +0x7d
net/http.(*conn).serve(0xc42025cc00, 0xe86b40, 0xc42023ccc0)
    /usr/local/go/src/net/http/server.go:1579 +0x4b7
created by net/http.(*Server).Serve
    /usr/local/go/src/net/http/server.go:2293 +0x44d
The binaries provided on the github page work fine, however (64 bit linux). What version of Go was it compiled with?
Shane Caldwell
Can now confirm that compiling is fine with go version 1.6.1. Hope this can be useful for you all!

Hi, I'm trying to launch a campaign through the api but get this error:

{ [Error: failed [400] { "message": "No groups specified", "success": false, "data": null }]
I20160809-10:16:49.818(-6)? response:
I20160809-10:16:49.818(-6)? { statusCode: 400,
I20160809-10:16:49.818(-6)? content: '{\n "message": "No groups specified",\n "success": false,\n "data": null\n}',
I20160809-10:16:49.818(-6)? headers:
I20160809-10:16:49.818(-6)? { 'access-control-allow-origin': '*',
I20160809-10:16:49.819(-6)? 'content-type': 'application/json',
I20160809-10:16:49.819(-6)? 'set-cookie': [Object],
I20160809-10:16:49.819(-6)? vary: 'Cookie',
I20160809-10:16:49.819(-6)? date: 'Tue, 09 Aug 2016 16:16:47 GMT',
I20160809-10:16:49.819(-6)? 'content-length': '74',
I20160809-10:16:49.819(-6)? connection: 'close' },
I20160809-10:16:49.820(-6)? data: { message: 'No groups specified', success: false, data: null } } }

There is no mention of groups in the documentation. I tried adding 'group':{'name': 'group_name'} but get the same response. Since a campaign can take multiple groups I figure this just isn't the right structure.
Has anyone created a campaign through the api successfully?


This is the json I'm posting:

data: {
'name': 'xxxxxxxx',
'template': {'name': 'xxxxxx'},
'page': {'name': 'xxxxxxxx'},
'smtp': {'host': 'smtp.gmail.com', 'username': 'xxxxxxx@gmail.com', 'password': 'xxxxxxxx, 'from_address': 'xxxxxxxx@xxxxx.com'},
'url': 'http://xxx.xxx.xx.x',
'group': {'name': 'xxxxxxx'}

As a side question, can I specify an existing smtp profile or do I have to give it all these attributes?

Figured it out for anyone else who had the same question:
data: {
'name': 'xxxxxxxx',
'template': {'name': 'xxxxxx'},
'page': {'name': 'xxxxxxxx'},
'smtp': {'name': 'xxxxxxx'},
'url': 'http://xxx.xxx.xx.x',
'groups': [{'name': 'xxxxxxx'}]
Jordan Wright
@SteckA - sorry for the delay. Yes, it's "groups" that you need. The "name" param is what's important since that's what we key off of. All items must already exist
Calling the API locally from Python3. Generally work very well, but occasionally hanging on creating a group, Code is:
o_data = {
"name": grp_name,439 "targets": grp_targets
440 }
441 n_data = json.dumps(o_data)
442 headers = {'content-type': 'application/json'}
443 url = "http://localhost:3333/api/groups/"
444 resp = requests.post(url, n_data, params=key, headers=headers)
446 if (resp.status_code == 201):
447 print("[OK]: Successfully added:", grp_name)
448 else:
449 print("[Error]: Problem creating subgroup: ", grp_name)
450 print("\nText: ")
451 print(resp.text)
452 print("\nEncoding: ")
453 print(resp.encoding)
454 sys.exit("Failure: - perhaps it already exists? \n")

Calling the API locally from Python3, which is generally working very well...
But, occasionally hanging on creating a group for no apparant reason.
Code is:

o_data = {
"name": grp_name,
"targets": grp_targets
n_data = json.dumps(o_data)
headers = {'content-type': 'application/json'}
url = "http://localhost:3333/api/groups/"
resp = requests.post(url, n_data, params=key, headers=headers)
if (resp.status_code == 201):
print("[OK]: Successfully added:", grp_name)
print("[Error]: Problem creating subgroup: ", grp_name)
print("\nText: ")
print("\nEncoding: ")
sys.exit("Failure: - perhaps it already exists? \n")

Any ideas? Anything I can monitor at the server/gophish end?

how to get the ssl to work on the server admin home page
Ahmet Anıl Gür
any improvements to "email read" image issue guys?
Hi, I have configured the latest release as of today.. Sent test mail. It works fine.. Ran a campaign with the same configuration. Campaign results show as "Mail Sent". But the email is not received. Any thoughts?
Update: I have given two email IDs in the user groups , one gmail and one official.. the phish mail is delivered to gmail ID but not to the official ID.
[No groups specified] - {if I leave off the groups data from below}
[Invalid JSON structure] - {if the groups data is included}
I am getting this error when I try launch a campaign through api. I have search in many places I could not find a solution I tried with @SteckA solution but still i get it as invalid json structure
Any suggestions??
I am not sure how to do this, but how do I compile the attachment-support branch?
Currently, I just clone the attachment-support branch but then I cannot compile it.
Anyone have issues running a campaign w/ around 5K users?
hi i have just installed gophish. its not accepting the default admin and user name. Platform is windows 10
@cyberbot default should be admin and gophish - if you tried to change the password from under settings - try using the new password (it showed me an error but did update the db w/ the new password)
Ben Lavender
When using custom PKI for the admin server, I should only need to edit cert_path and key_path correct?
Exported into pem format from PKCS12 archive and placed on gophish root and retsarted but still getting gophish signed cert back...
Ben Lavender
Sorted it, set my service startup directory to the original download directory 😂
hi gmail seems to give an error when sending emails about bad credentials
although the creds are correct
in the email box i receive the email which also says signin attempt was blocked
and i have selected that it is me to confirm
any ideas?
or any other mail relay to use?
ok fixed
but i find the from address is not showing as the address i input but the gmail account i am using to relay the emails
Hello, is this gitter active?
Avik Aggarwal
HI I am trying to run gophish on mac and get command not found error constantly. I am running it using simple ./gophish
Avik Aggarwal
@temp1temp12_twitter could you please help out with above issue?
Marco Nappi
Hi all
Is it possible to reopen a campaign?
Mane Hambardzumyan
Hey People, I was trying to use gophish with custom domain with Gsuite (Google workspace), but I don't understand how to enable and allow gophish to send/edit/etc. mails for workspace users? Anyone pass through this ? Thanks in advance