GoPhish: Your Comprehensive Guide to Phishing Simulation Tools
The human factor is the weakest link in cybersecurity. In this tutorial, you will learn how to orchestrate GoPhish with Docker to effectively train your teams.
Introduction
Before starting, for advanced MFA (Multi-Factor Authentication) bypass scenarios, it is highly recommended to investigate Evilginx2 as a superior alternative to Nginx for reverse proxy handling.
The human factor is the weakest link in cybersecurity; we can have the best tools or analysts, but we are only two clicks away from infecting an entire organization.
This is why it is highly recommended to create phishing campaigns to train teams in detecting and preventing incidents. In this blog, the goal is to understand the architecture of Gophish, a tool to perform phishing in a simple way within your organization.
What is Gophish?
GoPhish is an open-source tool used to perform phishing simulations on organizations. Key features include:
The use of GoPhish must comply with local laws and regulations and be authorized by the organization's management.
Stack Features
ποΈ Architecture and Requirements
Hardware Requirements
File Structure
The general architecture we will use is as follows:
βοΈ Step-by-Step Configuration
1. GoPhish (`/etc/gophish`)
Dockerfile:
config.json:
Remember to change the "password" to the one defined in your .env file.
2. Database (`/etc/mysql`)
init.sql:
3. Nginx Proxy (`/etc/nginx`)
We will configure 3 blocks: the main domain, the phishing domain (port 8080), and the dashboard (port 3333).
π Deployment
Local Setup
cp .env.example .envmake buildmake upProduction Setup
For real servers, we include an init.sh that automates Docker installation and opens the firewall:
Getting Credentials
GoPhish generates a temporary password on startup. Check it with:
π― Campaign Configuration
To launch your first simulation, follow this workflow inside the dashboard:
π‘οΈ Security Tips and Bypass
To prevent your training emails from ending up in the Spam folder:
certbot --nginx