Intro
Table of Contents
Gophish is a powerful, easy-to-use, open-source phishing toolkit meant to help pentesters and businesses conduct real-world phishing simulations. This user guide introduces Gophish and shows how to use the software, building a complete campaign from start to finish.
the usage of gophish and very neat installation procedures inspired by note post on ired.team blog . so i will get brief installation of gophish with postfix server first then a show a tiny trick to bypass Digital Ocean public Blockced or blacklisted IP address for sending emails.
as attacker you can benifit from this trick to use alternative IP address from the private subnet to deliver and send your malicious phishing emails.
installation of postfix server
apt-get install postfix
configuration of postfix
then you have to modify the following value as your own digital ocean droplet
nano /etc/postfix/main.cf
myhostname = {SMTP SERVER }
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, ubt, ubuntu-s-1vcpu-1gb-fra1-01, localhost.localdomain, localhost
relayhost =
mynetworks={PUBLIC_IP_ADDRESS}
Code language: JavaScript (javascript)after saving this information, you have to reload the postfix configuration
service postfix reload
from your terminal, execute the following commands
wget https://github.com/gophish/gophish/releases/download/0.7.1/gophish-v0.7.1-linux-64bit.zip
apt install unzip
unzip gophish-v0.7.1-linux-64bit.zip
chmod +x gophish
after installation is finished , run it
./gophish
## Access GoPhish by SSH tunneling
gophish in default is running on local interface with port 3333 , so we have to start ssh tunneling to access it
ssh root@ipofdroplet -L3333:localhost:3333 -N -f
access it https:\\localhost:3333
installation of Free SSL Certification for Postfix or Gophish
apt install certbot
generate SSL certification
certbot certonly --standalone -d mail.phish.com the paths of certifications comes as following examples /etc/letsencrypt/live/mail.phish.com/ to activate ssl on **postfix** you have to edit `main.cf` as smtpd_tls_cert_file=/etc/letsencrypt/live/mail.phish.com/fullchain.pem smtpd_tls_key_file=/etc/letsencrypt/live/mail.phish.com/privkey.p
in case want to activate SSL certification on Gophish, edit config.json and replace it with the correct path
"admin_server": {
"listen_url": "127.0.0.1:3333",
"use_tls": true,
"cert_path": "gophish_admin.crt",
"key_path": "gophish_admin.key"
},
"phish_server": {
"listen_url": "0.0.0.0:80",
"use_tls": false,
"cert_path": "example.crt",
"key_path": "example.key"Code language: JavaScript (javascript)Bypass Blocked Public IP While sending through SMTP
access your droplet via ssh then execute the following command first
curl -s 169.254.169.254/metadata/v1/interfaces/public/0/anchor_ipv4/gatewayCode language: PHP (php)then copy the IP address from the output and execute the following
route add default gw {IP}
route del default gwCode language: JavaScript (javascript)to validate execute the following from box cli
curl icanhazip.comCode language: CSS (css)
offensive security expert and founder of 0xsp security research and development (SRD), passionate about hacking and breaking stuff, coder and maintainer of 0xsp-mongoose RED, and many other open-source projects