Gophish on Digital Ocean with Blacklist Range

Gophish is a powerful, easy-to-use, open-source phishing toolkit meant to help pentesters and businesses conduct real-world phishing simulations.

This user guide introduces Gophish and shows how to use the software, building a complete campaign from start to finish.

the usage of gophish and very neat installation procedures inspired by note post on blog . so i will get brief installation of gophish with postfix server first then . bypass Digital ocean public IP address blacklisted .

installation of postfix server

apt-get install postfix

configuration of postfix

nano /etc/postfix/

then you have to modify the following value as your own digital ocean droplet

myhostname = {SMTP SERVER }
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, ubt, ubuntu-s-1vcpu-1gb-fra1-01, localhost.localdomain, localhost
relayhost =

after saving these information , you have to reload postfix configuration

service postfix reload

Domain Configuration

since i am using digital ocean , i only add digital ocean name servers values into my domain , so i can on this way control the dns through digital ocean networking section easily , so adding these values into your domain will solve this issue

and then through networking section , should be like this

installation of Gophish

from your terminal , execute the following commands

apt install unzip
chmod +x gophish

after installation is finished , run it


Access GoPhish by SSH tunneling

gophish in default is running on local interface with port 3333 , so we have to start ssh tunneling to access it

ssh root@ipofdroplet -L3333:localhost:3333 -N -f

access it https:\\localhost:3333

installation of Free SSL Certification for Postfix or Gophish

apt install certbot

then generate free ssl certification

certbot certonly --standalone -d

the paths of certifications comes as following examples


to activate ssl on postfix you have to edit as :


in case want to activate ssl certification on Gophish , edit config.json and replace it with correct path

"admin_server": {
"listen_url": "",
"use_tls": true,
"cert_path": "gophish_admin.crt",
"key_path": "gophish_admin.key"
"phish_server": {
"listen_url": "",
"use_tls": false,
"cert_path": "example.crt",
"key_path": "example.key"

Bypass Public IP black list on Digital Ocean

about 60 % of ip address comes from Digital ocean considered as spam or black listed , so servers like Gmail or outlook will refuse to accept your phishing email completely , so what we are going to do as trick with 5 $ box is by using floating ip out bound routing

Bypass Blocked Public IP While sending through SMTP

access your droplet via ssh then execute the following command first

curl -s

then copy the ip address from output and execute the following

route add default gw {IP}


route del default gw <INSTANCE IP GATEWAY>

to validate your work


in case SSH terminated , make sure to connect again into floating IP instead of Public IP

make sure to allow port 25 outbound from ufw firewall