Skip to content

offsec-org/sneaky_gophish

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 

Repository files navigation

sneaky_gophish

Hiding GoPhish from the boys in blue! See my blog article linked below for details on all the changes made during compilation of GoPhish before using!

Why?

GoPhish by default tips your hand to defenders and security solutions. The container here strips those indicators and makes other changes to hopefully evade detection during operations.

How?

Getting the container up and running is very simple.

Run the following one-liner to clone the repository and build the container:

git clone https://github.com/offsec-org/sneaky_gophish && \
  cd sneaky_gophish && \
  docker build -t sneaky_gophish .

To actually run the container headlessly, run the following command:

docker run -itd --name sneaky_gophish -p 3333:3333 -p 80:80 sneaky_gophish

Thank god that GoPhish doesn't use a universal default password anymore. To get the admin credentials for the image after running it, issue the following command:

docker logs sneaky_gophish | grep password

You should now be able to navigate to the GoPhish administrator interface at the URL listed below if you are running this on your workstation:

Caveats

  • This container exposes port 8080 for the phishing page sent to users. This means we aren't using SSL out of the box. We reccomend using a reverse proxy and robust redirect rules to protect your GoPhish instance and thwart defenders.
  • The changes to this repository aren't the end all for detection capabilities. There is more here that should be done before using it in a real world engagement.

About

sneaky_gophish running on stable

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 84.5%
  • Dockerfile 13.5%
  • HTML 2.0%