Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily set up and executes phishing engagements and security awareness training.

A little documentation and info on the tool

Once downloaded we can proceed to unzip the file and execute the binary named gophish in the current directory in which it was downloaded

Will receive the proper information for the first-time login

Now I will not demonstrate the complete setup of the framework as there are multiple sources and you can get more information on the Documentation page, I will demonstrate a Phishing technique and show some features of the tool.

When our framework is fully setup we can try and create a New Campaign and send our phishing emails to our targeted users

Will send the Emails to our target users

The user will check their inbox

This is an example utilizing the GoPhish framework, of course, a more sophisticated approach can be made by adding encryption and header information that looks a little more presentable and not spam but this was a high-level approach.

Last updated