n-gophish

command module

v0.0.0-...-855dc34 Latest Latest Go to latest Published: Feb 13, 2024 License: MIT Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/N-able-biz/n-gophish

Links

Open Source Insights

README ¶

N-phish logo

N-phish

N-phish: Phishing Toolkit

N-phish is a phishing toolkit developed by N-able (Pvt) Ltd, based on Gophish v0.12.1 an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.

Install

Building From Source

Please note that Nphish requires Go v1.10 or above!

To build Nphish from source,navigate to directory go/pkg/mod/github.com and simply run git clone https://github.com/N-able-biz/n-gophish. Then navigate into the project source directory where the nphish.go file is located. Then, run go build nphish.go. After this, you should have a binary called nphish in the current directory.

The phish server and admin server needs separate installations of the same source. The following changes should be done in the config.json file for both instances separately.

Admin Instance:
- The admin server is available but responsibly firewalled.
- The phish server is set to 127.0.0.1, effectively shutting it off.
- Responsible for sending emails.
Containerized Frontend Instance(Phish instance):
- The admin server is set to 127.0.0.1, effectively shutting it off.
- The phish server is available.
- The disable-mailer flag is set to disable sending emails. (Uncomment the lines 100 and 101 in nphish.go before building binary.)
Shared MySQL Instance:
- Both instances share a single MySQL instance.

Setup

N-phish uses a MySql database.

Install mysql server and create a separate user as 'nphish'. Make sure the password does not contain '@' symbol.

Update MySQL Config

N-phish uses a datetime format that is incompatible with MySQL >= 5.7. To fix this, Add the following lines to the bottom of /etc/mysql/mysql.cnf:

[mysqld]
sql_mode=ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

open port :3306 in MySql server to listen to only the admin server and phish server

sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf

Then edit the bind-address to the phish server IP and admin server IP. Or set to 0.0.0.0 to allow for all IPs.

Start mysql service

sudo systemctl start mysql.service

Create the database

Log into MySql and run

CREATE DATABASE nphish CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

Update config.json

Change the entries in config.json in both phish server and admin server to match your deployment:

"db_name": "mysql",
"db_path": "[username]:[password]@([host]:[port])/[database]?charset=utf8&parseTime=True&loc=UTC",

username and database will be nphish.Port will be 3306. Password is the MySql nphish user password,Host is the MySQL server IP.

After running the Nphish binary in both servers, open an Internet browser to https://[admin_server]:3333 and login with the default username and password listed in the log output. e.g.

time="2020-07-29T01:24:08Z" level=info msg="Please login with the username admin and the password 4304d5255378177d"

Documentation

Documentation can be found on Gophish site.

License

Gophish - Open-Source Phishing Framework

The MIT License (MIT)

Copyright (c) 2013 - 2020 Jordan Wright

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software ("Gophish Community Edition") and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

nphish.go

Directories ¶

Path	Synopsis
auth Package auth implements the authentication in use for gophish.	Package auth implements the authentication in use for gophish.
config Package config implements a global configuration to be used with gophish.	Package config implements a global configuration to be used with gophish.
context Package context provides the ability to store request-scoped values on an http.Request instance.	Package context provides the ability to store request-scoped values on an http.Request instance.
controllers Package controllers is responsible for setting up the routing and controllers (http.Handlers) for gophish.	Package controllers is responsible for setting up the routing and controllers (http.Handlers) for gophish.
api
dialer
imap
logger Package logger contains a wrapper around logrus to support a centralized logging config.	Package logger contains a wrapper around logrus to support a centralized logging config.
mailer
middleware Package middleware is responsible for the definition/implementation of middleware functionality.	Package middleware is responsible for the definition/implementation of middleware functionality.
ratelimit Package ratelimit provides a simple token-bucket rate limiting middleware which only allows n POST requests every minute.	Package ratelimit provides a simple token-bucket rate limiting middleware which only allows n POST requests every minute.
models Package models implements the types and structs needed in gophish.	Package models implements the types and structs needed in gophish.
util Package util provides misc utility functions for gophish	Package util provides misc utility functions for gophish
webhook Package webhook contains the functionality for handling outcoming webhooks.	Package webhook contains the functionality for handling outcoming webhooks.
worker Package worker contains the functionality for the background worker process.	Package worker contains the functionality for the background worker process.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL