Knowledge Base

gophish

1 min read

Gophish

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.

Usage

./gophish

Gophish starts a web UI on port 3333 by default: https://localhost:3333

📧 Create Email Template

In the Gophish dashboard:

  • Go to Email Templates
  • Click New Template
  • Add a subject and body (can include HTML and tracking links)
  • Use placeholders like {{.FirstName}} for personalization

👥 Create a Sending Profile

Under Sending Profiles:

  • Click New Profile
  • Set SMTP server details (e.g., Gmail SMTP or internal SMTP)
  • Test the profile to confirm it can send emails

🎯 Create a Landing Page

Under Landing Pages:

  • Add a fake login page or use a cloned webpage
  • Configure whether credentials should be captured
  • Can choose to redirect after data is entered

📌 Launch a Campaign

  • Go to Campaigns
  • Select the group of targets (you can import via CSV)
  • Choose email template, sending profile, and landing page
  • Launch the campaign

📊 Monitor Results

Gophish provides live tracking of:

  • Emails opened
  • Links clicked
  • Credentials submitted
  • Reports generated

Graph View

Backlinks