Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily set up and executes phishing engagements and security awareness training.
A little documentation and info on the tool
Once downloaded we can proceed to unzip the file and execute the binary named gophish in the current directory in which it was downloaded
Will receive the proper information for the first-time login
Now I will not demonstrate the complete setup of the framework as there are multiple sources and you can get more information on the Documentation page, I will demonstrate a Phishing technique and show some features of the tool.
When our framework is fully setup we can try and create a New Campaign and send our phishing emails to our targeted users
Will send the Emails to our target users
The user will check their inbox
This is an example utilizing the GoPhish framework, of course, a more sophisticated approach can be made by adding encryption and header information that looks a little more presentable and not spam but this was a high-level approach.