Gophish v0.12.1 - Open-Source Phishing Toolkit

[itsMe]

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and executes phishing engagements and security awareness training.

The idea behind gophish is simple – make industry-grade phishing training available to everyone. “Available” in this case means two things –

Affordable – Gophish is open-source software that is completely free for anyone to use.
Accessible – Gophish is written in the Go programming language. This has the benefit that gophish releases are compiled binaries with no dependencies. In a nutshell, this makes installation as simple as “download and run”!

Changelog v0.12.1
Added Trusted Origins to CSRF Handler

We’ve added the ability to set trusted_origins in the config.json file. This allows you to add addresses that you expect incoming connections to come from, which is helpful in cases where TLS termination is handled by a load balancer upstream, rather than the application itself. This has been a long discussed and requested feature so it’s great to have! Thanks to @mcab and everyone else in this thread.

Updated Workflows

Our Continuous Integration workflow has been updated and is succeeding again. We’ve also updated the Release workflow, mitigating some security concerns and adapting it be able to build Windows releases again. These are (hopefully!) at the bottom of this post.

Minor fixes

Some JavaScript files hadn’t been minified properly, causing problems with adding customer headers. A small bug was fixed where copying a campaign would not show [Deleted] in an edge case – see #2482. Thanks @29vivek.

How to Upgrade

To upgrade, download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new Gophish binary and you’ll be good to go!

To see this hidden content, you must like this content.