How to Install GoPhish - Free Phishing Simulation Tool
See how you can install and use the GoPhish tool with our guide. GoPhish is an open source phishing simulation tool for organizations to increase employees’ awareness againts phishing attacks by doing email phishing simulation tests. Also, find out why Keepnet Labs’ Phishing Simulator is a better alternative to GoPish for organizations.
2024-03-13
This blog provides a straightforward approach to using GoPhish, an open source toolkit for phishing simulations. This guide is for businesses and security professionals. It explains how to install GoPhish, download components, set up, and configure SMTP settings for launching phishing email campaigns.
Additionally, the guide introduces Keepnet Labs Phishing Simulator as a user-friendly alternative for those seeking a simpler solution. Keepnet Labs offers ready-to-use templates and a quick setup process, making phishing simulations accessible and efficient.
What is GoPhish?
GoPhish is an open-source phishing tool designed for businesses and security professionals to test their organization's phishing defenses. It enables users to create and run their social engineering phishing tests in a safe environment, helping to identify vulnerabilities and educate employees about phishing threats.
This tool is notable for free access and the ability to customize phishing campaigns. GoPhish allows for tracking the results of these simulations, providing insights into user responses and areas needing improvement.
How To Install Gophish
Several methods exist for setting up or installing Gophish. You have two primary installation choices: 1. Compiling from the source code, or 2. Using pre-compiled binaries.
In this blog post, we'll focus on using the pre-compiled binaries. For my demonstration, I'll download the Linux 64-bit version. Various releases can be found here, allowing you to choose the appropriate version for your operating system. This link leads to the most recent version available when writing this blog. Remember to check for the latest versions regularly.
Download pre-compiled binaries:
-
$ wget https://github.com/gophish/gophish/releases/download/v0.12.1/gophish-v0.12.1-linux-64bit.zip
After the Gophish release file has been downloaded to the computer, unzip the file to access the contents.
-
$ unzip -d gophish gophish-v0.12.1-linux-64bit.zip
With the unzip command; we created a directory named “gophish”. Use the following command to get to this directory and grant executable permissions to the “gopish” file.
-
$ cd gophish
-
$ chmod +x gophish
Running the Gophish file with sudo rights will start the application. Please make sure that other applications are not using the port 80. If other applications use port 80, you will get “level=fatal msg="listen tcp 0.0.0.0:80: bind: address already in use"” error.
-
$ sudo ./gophish
If Gophish starts successfully, the terminal screen will display login credentials to access the GoPhish.
Output:
level=info msg='Please login with the username admin and the password f4260f462b66d27f'
level=info msg='Starting admin server at https://127.0.0.1:3333'
Once you have the necessary information, you can log into the GoPhish interface. Upon your first successful login, you'll be directed to a page to reset your password. This step is an important part of securing your GoPhish account.
After completing the installation process, a few more steps are still required before you can begin a phishing simulation. These configuration steps are important to ensure that your GoPhish setup is ready and effective for conducting simulations. Let's proceed to these important configurations next.
GoPish SMTP Configuration
To enable the sending of emails through GoPhish, we need to set up a sending profile. I'll use my own SMTP server to demonstrate this process in this guide.
It's important to note that this tutorial will not cover the installation of an SMTP server. Our focus will solely be configuring GoPhish to work with an existing SMTP server setup. This step is important as it allows GoPhish to manage and dispatch the emails for your phishing simulation campaigns effectively.
Creating a New Phishing Template on GoPhish
Creating a phishing template in GoPhish involves two key components: email and landing page templates. Let's break down the steps to create each part.
Creating a Phishing Email Template
To start, navigate to 'Email Templates' and select 'New Template'. Here, you will be able to design the email used in your phishing simulation. This is where you craft the content and appearance of the phishing email.
Designing a Phishing Landing Page Template
The next step involves setting up a landing page. Go to 'Landing Pages' and choose 'New Template' to create your landing page. This page is what recipients of your phishing email will see if they interact with your email, such as by clicking on a link.
Once the email template and the landing page are ready, you are ready to launch a new campaign. Go to 'Campaigns' and click on 'New Campaign'. A popup will appear where you can select the email template and landing page you created. This will be the foundation of your phishing simulation campaign.
This tutorial is designed to guide you through installing and using GoPhish to launch phishing simulation campaigns.
Why do Phishing Simulation Program Managers Choose Keepnet over GoPhish?
Setting up GoPhish can be tough and confusing. You have to get a new phishing domain and set it up, create a phishing email, and find an SMTP service to send the emails. Many SMTP services don't allow phishing tests, making your own SMTP server even harder.
But there's an easier way: Keepnet Labs' Phishing Simulator. It's easy to start using it – you can get it ready in just 5 minutes! This simulator has lots of ready-to-use email designs and web page templates. You can easily change these designs or make your own with our simple editor.
Watch our AI-powered Phishing Simulator on YouTube to learn how easy it is to run a phishing simulation.
If you’re a penetration tester or a security researcher, you should watch advanced phishing simulation integration with Evinginx2.
Watch Keepnet Labs’ “Hack Smarter, Not Harder Webinar” Webinar on YouTube below and learn how to automate social engineering tests, including Email Phishing, SMS Phishing, Voice Phishing, QR Code, MFA Phishing, and Callback Phishing, and reduce social engineering test times from days to minutes.