Bot releases are visible (Hide)
Gophish just got better.
We're excited to announce the release of Gophish v0.12.1. This is a minor release that includes a couple of bug fixes and one great new feature.
Added Trusted Origins to CSRF Handler
We've added the ability to set trusted_origins in the config.json file. This allows you to add addresses that you expect incoming connections to come from, which is helpful in cases where TLS termination is handled by a load balancer upstream, rather than the application itself. This has been a long discussed and requested feature so it's great to have! Thanks to @mcab and everyone else in this thread.
Updated Workflows
Our Continuous Integration workflow has been updated and is succeeding again. We've also updated the Release workflow, mitigating some security concerns and adapting it be able to build Windows releases again. These are (hopefully!) at the bottom of this post.
Minor fixes
Some JavaScript files hadn't been minified properly, causing problems with adding customer headers. A small bug was fixed where copying a campaign would not show [Deleted] in an edge case - see https://github.com/gophish/gophish/pull/2482. Thanks @29vivek.
Changelog
You can find the full changelog for this release here.
How to Upgrade
To upgrade, download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new Gophish binary and you'll be good to go!
Now, one more thing:
We want to hear from you!
Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue.
Enjoy
| SHA256 Hash | Filename |
|---|---|
| 9ed2f88d6582b798a3448fb51080ff782b40cec8fb4855895720e9f782f68511 | gophish-v0.12.1-linux-32bit.zip |
| 44f598c1eeb72c3b08fa73d57049022d96cea2872283b87a73d21af78a2c6d47 | gophish-v0.12.1-linux-64bit.zip |
| f80786dcb2c4037d7f9d6c9e8e8655c5eeaa8e46ef4032bda704b9ce18e23491 | gophish-v0.12.1-osx-64bit.zip |
| e6936b8a472c730dcb0da64024d82341806869af666fad10f8639e7f85b1b7e6 | gophish-v0.12.1-windows-64bit.zip |
Published by glennzw about 2 years ago
Gophish just got better.
We're excited to announce the release of Gophish v0.12.0. This release includes important security fixes, adds some features, and fixes some bugs.
Attachment Tracking
This has been a long time requested feature, and we're super excited to release it! We've added the ability to add gophish variables to a number of file types which can be attached to emails. As a trivial example it is possible to include Hello {{.FirstName}}, please click here: {{.URL}} to a Word document, or with a little more effort add tracking pixels to documents. This will allow notification of when users have opened attached files, or enabled macros in Office documents. We currently support the following file extensions: docx, docm, pptx, xlsx, xlsm, txt, html, ics. Please see the documentation for more guidance and examples.
Inline Image Attachments #1525
Images in emails are now marked as embedded rather than attached, so email clients don't show them as attachments. This is a great addition to improve the quality of campaigns. Thanks @dzsibi
Custom Sender Envelopes #2334
We've added the ability to specify an envelope sender in templates. If left empty, it will fallback to the SMTP-From in the Sender-settings. This can be used to pass SPF-checks but still send a spoofing email. Thanks @ChessSpider and @ptitdoc
Added functionality to lock accounts #2060
Added minor functionality to display last login time for each user in the User Management page and the ability to lock user accounts.
Open Redirect #2262
Fixed a minor Open Redirect issue. Thanks @Kirill89
Changelog
You can find the full changelog for this release here.
How to Upgrade
To upgrade, download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new Gophish binary and you'll be good to go!
Now, one more thing:
We want to hear from you!
Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue.
Enjoy
| SHA256 Hash | Filename |
|---|---|
| 42f228158e91e2fce182fbd60a6669fcbed21f76186563f264a941efbc9c1159 | gophish-v0.12.0-linux-64bit.zip |
| d06945497f0f3467748c50e518aa4e526e8c71cd7fa58c23541cb65477539306 | gophish-v0.12.0-osx-64bit.zip |
| c0fdc4a980914893a9d19544bb6233586db8d81a139657e9773ca8e03c387a02 | gophish-v0.12.0-windows-64bit.zip |
Published by jordan-wright about 4 years ago
Gophish just got better.
We're excited to announce the release of Gophish v0.11.0. This release includes important security fixes, adds some minor features, and fixes some bugs.
Security Fixes
This release addresses multiple security issues that were identified and reported by the community. As always, we encourage sending in security reports via our security policy, and are appreciative of all the work that went in to finding and reporting these vulnerabilities.
The following vulnerabilities were fixed in this latest release:
Server-side Request Forgery (SSRF)
Reported by: Marcus Nilsson of usd AG
Reported by: @dunderhay in #1908
An authenticated user could use certain features of Gophish to make inbound connections to the local network. The most critical of these is via the Landing Page import feature, which could be used to make arbitrary upstream web requests.
Since importing local webpages, or otherwise making local network connections (e.g. for SMTP/IMAP servers, webhook URLs, etc.) is an expected use case for Gophish we've decided to implement an opt-in allowlist. By default, we block access only to known IP addresses commonly associated with cloud metadata services, but it is now possible to explicitly set the allowed_internal_hosts configuration variable in the admin_server section of config.json to a list of allowed internal addresses.
More information can be found here.
Cross-Site Scripting (XSS)
Reported By: Marcus Nilsson of usd AG
Reported By: @dunderhay in #1901
Various cross-site scripting issues were identified and fixed. All issues required authenticated access and only affected either the user that created the objects, or an administrator using our "Impersonate" issue to impersonate the user that created the objects.
More information can be found in 4e9b94b and 19ef924d89f6e2459387d5645233f16fd07e01b3.
CSV Injection
Reported By: Marcus Nilsson of usd AG
Malicious data could be submitted during a campaign that, when exported as a CSV and opened in a spreadsheet viewer, is interpreted as a formula leading to command execution.
More information on CSV Injection can be found here. More information about the fix can be found in b25f5ac5e468f6730e377f43c7995e18f8fccc2b.
Clickjacking
Reported By: Marcus Nilsson of usd AG
An attacker could create an iframe which tricks an authenticated administrator into unexpectedly clicking the "Reset" button in the settings page, causing their API key to be reset, potentially causing a denial of service condition.
More information about the fix can be found in 6df62e85fd60f0931d3c8bfdb13b436a961bc9b6.
Adding a Password Policy
This release adds a basic password policy for administrators, and removes the default password "gophish". Instead, an initial password is randomly generated and printed in the terminal when Gophish is launched for the first time.
It is possible to override the initial password and API key with environment variables if needed.
More Robust IMAP Support
This release adds the ability to mark emails as reported that were sent as an attachment. Additionally, it changes the underlying IMAP library to be more robust, eliminating some possible bugs.
Credit to @glennzw for the changes!
Changelog
You can find the full changelog for this release here.
How to Upgrade
To upgrade, download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new Gophish binary and you'll be good to go!
Now, one more thing:
We want to hear from you!
Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue.
Enjoy
| SHA256 Hash | Filename |
|---|---|
| beb32e243e888f21849d3ee09a979a33cd1da7a7cd79438c8f56fce1a2d9d44c | gophish-v0.11.0-linux-32bit.zip |
| f33ac7695850132c04d190f83ef54732421a8d4578be1475d3a819fe6173c462 | gophish-v0.11.0-linux-64bit.zip |
| f1af96033c946ed2fe757b9b3a7aefc63ec3548f0ab21f01c44d70a58410ffbe | gophish-v0.11.0-osx-64bit.zip |
| f5083bc084715319a4e671bc58dc28f66828fec78a43bd41456373fcc024703c | gophish-v0.11.0-windows-64bit.zip |
Published by jordan-wright over 4 years ago
Gophish Just Got Better.
We're excited to announce v0.10.1. This release significantly improves the performance of sending emails, adds some features and fixes bugs.
Here's just a couple of the exciting changes.
Faster Email Sending
Thanks to the detailed report from @edermi in #1726, we were able to dramatically increase the speed at which we send emails- especially for large campaigns.
Impersonation
Administrators often have a need to help troubleshoot issues other users are seeing with Gophish. To make this easier, @glennzw added an impersonation feature in #1812 that allows system administrators to login to a user's account. This is available from the User Management page.
More Frequent Releases
We've also changed our release process to use GitHub Actions. The bad news is that this means we won't be supporting 32-bit Mac or Windows releases at this time (we do support 64-bit releases!). The good news is that this will enable us to do much more frequent Gophish releases, getting awesome features and bugfixes out to the community even quicker.
With this in mind, please do let us know if you run into any issues with the releases below!
Changelog
You can find the full changelog for this release here.
How to Upgrade
To upgrade, download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!
Now, one more thing:
We want to hear from you!
Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue.
Enjoy
| SHA256 Hash | Filename |
|---|---|
| e236fea0628623c9158e01d189cf20766b2ebbb7cc1e6e53c1d4f49e039c98f7 | gophish-v0.10.1-linux-32bit.zip |
| d075245dd146494ee1d25d2c6201ef84a5a2cdb6d38adc152df3b71ab8e91845 | gophish-v0.10.1-linux-64bit.zip |
| 1c8e4cbd8da090b9f6f38eb5605d7b1753b3f60ccf705e943befe98ff4969ab4 | gophish-v0.10.1-osx-64bit.zip |
| 7c01df6bbeeca6a9a6dd0fc28e12eb329414c3d15c8f0dec237bf6535e4d268a | gophish-v0.10.1-windows-64bit.zip |
Published by jordan-wright over 4 years ago
| SHA256 Hash | Filename |
|---|---|
| e9b754682d6476d0ff07e9d0bb4d7634e0e4d0ebba570c3a0f27574358636415 | gophish-v0.10.0-linux-32bit.zip |
| 7a6186d90eb4d75f773a09baf035b877f952136e7e73d2e8f680c83bb1524082 | gophish-v0.10.0-linux-64bit.zip |
| 4abbb083be9f5b9f11a92cbe024449be3825e60b67140356bc236fe82f244723 | gophish-v0.10.0-osx-64bit.zip |
| 087edf7e1b64aa66912b4780a5914d4cfbfd78b8e1fd8046da7c6b08c79388cd | gophish-v0.10.0-windows-64bit.zip |
Published by jordan-wright over 4 years ago
Gophish Just Got Better.
We're excited to announce v0.9.0. This release adds big features, improves performance, and fixes bugs.
Here's just a couple of the exciting changes.
Webhooks
Ever since Gophish was launched, we've had the ability to fetch campaign results via the API. But sometimes, you may want to have campaign updates pushed directly to you as they happen.
To solve this problem, we've added support for webhooks.
When you configure a webhook, Gophish will make (optionally signed) HTTP requests to an endpoint you control. These requests include the JSON body of the event that just happened- the exact same JSON that you would normally receive via the API. This gives you real-time updates to your campaign as they happen.
You can find more information about using webhooks in our documentation.
Webhook support was sponsored by Al Lowenstein and implemented by @GildedHonour in #1642. Thank you both for all your help making this happen!
IMAP Support
I always encourage folks using Gophish to focus not only on minimizing the click through rates, but even more so on increasing the reporting rate. To that end, many companies have an email address they encourage employees to send any potential phishing emails.
I've often got feedback that it'd be great if Gophish emails sent to that email address would automatically show as "reported" in the campaign results. Now that's possible!
Thanks to the great work from @glennzw, you can now configure IMAP details which Gophish will use to fetch any campaign emails, marking them as reported. Thank you for all your amazing work @glennzw!
You can find more information about configuring reporting via IMAP in our documentation.
Thank You
While there are amazing performance improvements and bug fixes included in this release, you'll notice something about the two big features listed above- neither were built by me (@jordan-wright).
This is incredibly exciting. I've long held that the community around Gophish is my favorite thing about the entire project. We have a group of folks contributing to issues, offering advice and feature requests and, with this release, contributing core features that make Gophish even better.
Thank you all for everything you do. We have big things planned for Gophish, and I'm excited to build them alongside you all.
How to Upgrade
To upgrade, download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!
Now, one more thing:
We want to hear from you!
Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue.
Enjoy
| SHA256 Hash | Filename |
|---|---|
| f12ad070007b4d764e7e7816db8dae1f8002483c9aff81e2437319e9c6521465 | gophish-v0.9.0-linux-32bit.zip |
| ffcdf7a1a8590b6de70660754c88ef2be3c3b69e1dd5ae18c472dbd26d5ff534 | gophish-v0.9.0-linux-64bit.zip |
| 6780ea4124eeaefa1cd0a5c2a825f4457dfda807b43be741bbbd22ab8e870099 | gophish-v0.9.0-osx-32bit.zip |
| ab283c49625af335bf6fee1b65f386bd69cece68d2ed9bd051b4de9b43b3dd5e | gophish-v0.9.0-osx-64bit.zip |
| d63ae01b2152f1964ffb9dc1d4d36fe3e8b8abcaffa74e1750770e6b8b321c3f | gophish-v0.9.0-windows-32bit.zip |
| 7f1593d5fafe3590acaed4157c47d5c00ba9a30df86382d3f6c531369f8d9123 | gophish-v0.9.0-windows-64bit.zip |
Published by jordan-wright about 5 years ago
Gophish Just Got Better.
tl;dr - New version of Gophish. Lots of improvements. Binaries can be found above. π
We're excited to announce v0.8.0. This release fixes a bunch of bugs, adds a few features, and lays the groundwork for really cool features to come.
RBAC Support
This release includes initial support for Role-Based Access Control (RBAC). Specifically, it introduces global roles that separates admins from non-admins. You can find more information here.
Users API
Users with the admin role have access to the user management API. This API allows you to create and manage users programmatically. You can find documentation for this API here.
Added Docker Support
We've added a Dockerfile so that you can build Gophish in a container. We'll be uploading an official Docker image at gophish/gophish shortly.
Code Refactoring
While this isn't a user-facing change, it's a big one. We've refactored a bunch of the code to be cleaner and more structured. This will help new developers coming into Gophish to get up and running more quickly.
Those are the big changes, but that's certainly not everything! You can find a full changelog here.
How to Upgrade
To upgrade, simply download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!
Thank You
I want to also take a quick moment to say thank you to everyone. The community is what makes Gophish great. I'm so thankful to everyone who leaves questions, suggests features, and goes the extra mile to help others out.
Thank you all for everything you do!
Now, one more thing:
We want to hear from you!
Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue.
Enjoy!
Note: The
VERSIONfile for these releases still says 0.7.1. This was an oversight during the release process. After upgrading, even if you see 0.7.1, you're certainly running the 0.8.0 codebase. I apologize for the inconvenience!
| SHA256 Hash | Filename |
|---|---|
| 80cb2c13b9f34dd2a5454c15065af81c15d09fbf30298cce276ba1fa7318462b | gophish-v0.8.0-linux-32bit.zip |
| 8a64368f31a10d7e0bbedfce8827fcd9fbbfa8d0fc5b5d6a3c467569a7818d26 | gophish-v0.8.0-linux-64bit.zip |
| 9209ccab7087e432e0fbd1ecf8772ac5d1cb92839b89907cdbe02ff3b392dd6b | gophish-v0.8.0-osx-32bit.zip |
| 95a1adcd9c1e56c2cc6525140fb65e4dda7f89e91497ed5498d09c4319e9c2f7 | gophish-v0.8.0-osx-64bit.zip |
| 68de55454a4fca68a61b3bd3359986b26423484350ff947e59a31e0b174ff4cc | gophish-v0.8.0-windows-32bit.zip |
| 8bd15a7484e363e0573d0afad31b56e3bbf634dcce377bb4b1ef24a7146823d0 | gophish-v0.8.0-windows-64bit.zip |
Published by jordan-wright about 6 years ago
Whoops!
In the previous version, we introduced the {{.BaseURL}} template variable that points to the root URL. This helps make things like pointing to static files easier. See #1189 for more details.
Turns out, this didn't work for email template validation, since we weren't checking for all possible template tags. I'm sorry for the inconvenience!
Should Be Fixed Now π
The good news is that this is fixed now, and should have only been an issue if you were trying to use the new {{.BaseURL}} tag. Since this was something I promised and it didn't work, I wanted to roll out a hotfix.
For all the full details in the latest release, check out the 0.7.0 release notes.
Enjoy!
| SHA1 Hash | Filename |
|---|---|
| 9bf4cf0905b1d171092a726cae6eafc6c837d926 | gophish-v0.7.1-linux-32bit.zip |
| 77d8cf20e8b9591b3e8b8123653156d77a4ff0cb | gophish-v0.7.1-linux-64bit.zip |
| 0b88b6d42a7907cfbd1f18574c230158c280d766 | gophish-v0.7.1-osx-32bit.zip |
| 1a628ff9aa9a3f398d060e1644bc52a68aa102d4 | gophish-v0.7.1-osx-64bit.zip |
| 798486c3bdb6c261625bd2b0605b1311b3ab3c7d | gophish-v0.7.1-windows-32bit.zip |
| 1651769aa4f66401107efc04c035d96c8ef4e463 | gophish-v0.7.1-windows-64bit.zip |
Published by jordan-wright about 6 years ago
Gophish Just Got Better.
tl;dr - New version of Gophish. Lots of improvements. Binaries can be found above. π
We're excited to announce v0.7.0. This release is packed with improvements that make Gophish more powerful than ever.
Campaign Preview
When setting up a campaign, you want to know what the email and landing page looks like. Previously, to do this you would have to set up a separate campaign just for yourself, since there was no way of testing the full flow.
This isn't good.
In this Gophish release, we've fixed this! Now, when sending a test email from the campaign builder, clicking on the links will load up the landing page, showing you exactly what your recipients would see.
Timed Campaigns
Before this release, emails for a Gophish campaign were all sent at the same time. This is great in some cases, but sometimes you want to spread out the emails over a period of minutes, hours, or even days.
Now you can!
In this release, we've added a new field called "Send Emails By". If you set this field, then Gophish will spread out the emails evenly between the campaign launch and this date.
Device Details
No one likes looking through raw logs to see what kinds of devices are clicking on links. Now you don't have to!
In this release, we parse the user-agents for devices that click links or submit credentials, and we show that information in the campaign details:
Transparency
As mentioned in #1057, we can do a better job of running friendly phishing simulations. The only approved use of Gophish is to run authorized phishing simulations, so we've added some features to make these campaigns more transparent.
Specifically, we've added:
- A
contact_addressfield to theconfig.json. This field is inserted as anX-Gophish-Contactheader in outgoing emails - An
X-Mailerheader is set togophishfor outgoing emails - We've added a transparency handler if you add a "+" to a valid
rid. This returns a JSON response containing the contact address and indicates that the email was generated by Gophish
Those are the big features, but that's certainly not everything! You can find a full changelog here.
How to Upgrade
To upgrade, simply download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!
Thank You
I want to also take a quick moment to say thank you to everyone. The community is what makes Gophish great. I'm so thankful to everyone who leaves questions, suggests features, and goes the extra mile to help others out.
Thank you all for everything you do!
Now, one more thing:
We want to hear from you!
Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue.
Enjoy!
| SHA1 Hash | Filename |
|---|---|
| 63149165688d3ca989974e32b5716be7e87ed6b4 | gophish-v0.7.0-linux-32bit.zip |
| f113435940626c3f13448ce8e12aafb3e347c504 | gophish-v0.7.0-linux-64bit.zip |
| 45736f416e475541ac214611f41c40fb967167dd | gophish-v0.7.0-osx-32bit.zip |
| d9b3ac3a2cf11f53bd33196d0310167ffb43cd8a | gophish-v0.7.0-osx-64bit.zip |
| 98ad9756fa95d43af99b12f8d08423f71dc7fc14 | gophish-v0.7.0-windows-32bit.zip |
| f069cc4f4c9c50e422923f205c34eb226a2ea550 | gophish-v0.7.0-windows-64bit.zip |
Old hashes (only valid if you downloaded the release immediately after it was published before I got a chance to bump the VERSION file):
| SHA1 Hash | Filename |
|---|---|
| dfddc8a8038fa612022bb22e823e2a51b343e261 | gophish-v0.7.0-linux-32bit.zip |
| 261efd81c727021dfa039fe081ff7941cd86f9ee | gophish-v0.7.0-linux-64bit.zip |
| 5ca9e90bc8c6ed0494ddb29deb907548859c5ab0 | gophish-v0.7.0-osx-32bit.zip |
| c0ffcc5f06799c807b79c3b41cefa6785c853dd8 | gophish-v0.7.0-osx-64bit.zip |
| fd12ebc44c964e8577f688405f6c01d470335d9f | gophish-v0.7.0-windows-32bit.zip |
| 8000eec9d77a3d6987aa57b7d61736717238c471 | gophish-v0.7.0-windows-64bit.zip |
Published by jordan-wright over 6 years ago
Gophish Just Got Better.
tl;dr - New version of Gophish. Lots of improvements. Binaries can be found above. π
We're excited to announce v0.6.0 of Gophish! This fix has a bunch of bug fixes (including a couple of low-severity security fixes) and a couple of new features.
Email Reporting
The biggest new feature in this release is the ability for users to report phishing emails to Gophish and to have those reports displayed in the dashboard. We don't have email clients ready for this quite yet, so everything is just implemented on the server-side for now.
Huge thanks to @S0larflare for making this happen!
Bugs Fixed
Here are just a few of the bugs fixed in this release:
- All API endpoints now require an API key. Previously, the /api/reset endpoint required a valid session, but this has been changed for consistency. (#1028)
- We've made some improvements to the way our mailer handles errors (#963)
- Fixed the way the initial admin account is created to avoid throwing errors when using MySQL (#948)
And more!
How to Upgrade
To upgrade, simply download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!
Thank You
I want to also take a quick moment to say thank you to everyone. The community is what makes Gophish great. I'm so thankful to everyone who leaves questions, suggests features, and goes the extra mile to help others out.
Thank you all for everything you do!
Now, one more thing:
We want to hear from you!
Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue.
Enjoy!
| SHA1 Hash | Filename |
|---|---|
| 301620234118f7d33a22beaebeb772f3211b1592 | gophish-v0.6.0-linux-32bit.zip |
| 6e6c621cab279f136f8d7b29b60b291b441e4bba | gophish-v0.6.0-linux-64bit.zip |
| a87e2eeebc8d62b6905a9d7eb59c7b7b4d2291e9 | gophish-v0.6.0-osx-32bit.zip |
| 426def461471012f274dbeca01c37471934b723e | gophish-v0.6.0-windows-32bit.zip |
| ed5ed65b9e0d1a98fb1034fd080d76e7da8f0273 | gophish-v0.6.0-windows-64bit.zip |
Published by jordan-wright over 6 years ago
Gophish Just Got Better.
tl;dr - New version of Gophish. Lots of improvements. Binaries can be found above. π
We're excited to announce v0.5.0 of Gophish! This release fixes all sorts of pesky bugs, and includes some big changes to the way emails are handled.
Big Changes
We've completely redone the way emails are sent by Gophish. In previous versions, we made a single pass at sending campaign emails. If anything went wrong, the rest of the emails would fail. As you can imagine, this isn't ideal.
We've rearchitected this process where Gophish now queues up emails and tries to send them, retrying as necessary. This is far more fault tolerant and reliable. You can refer to #878 for details.
This also has other benefits. For example, in previous versions of Gophish, if you launched a campaign immediately, it might still take up to a minute for emails to be sent. Now, they're sent as soon as the campaign is launched. No more waiting!
Faster Release Process
I've now fully automated the process of compiling and uploading Gophish binaries. This is huge because it means we can make Gophish releases much more quickly and reliably. I'll write up a blog post later with the details.
This is the first run using the new process, so let me know if you encounter any issues.
How to Upgrade
To upgrade, simply download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!
Now, one more thing:
We want to hear from you!
Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue.
Enjoy!
Details:
| SHA1 Hash | Filename |
|---|---|
| 49dea979cc829ea3c0750791aa22cb890bbfac72 | gophish-v0.5.0-linux-32bit.zip |
| d3278c0d5e6cb382b137d2e3720ed30c0a03e8df | gophish-v0.5.0-linux-64bit.zip |
| 61cab355927c3f9907a94ca3c5346ff97d428d6a | gophish-v0.5.0-osx-32bit.zip |
| 437a2a6cbdbbe8523c41e6822791e6d3c6bd293f | gophish-v0.5.0-osx-64bit.zip |
| eaf0d5358c0244c90ee454e10b174155ae96a90b | gophish-v0.5.0-windows-32bit.zip |
| 2f01937ecc6bc6ab007361424ecb03f61ff3ba5b | gophish-v0.5.0-windows-64bit.zip |
Published by jordan-wright about 7 years ago
Gophish Just Got Better.
tl;dr - New version of Gophish. Lots of improvements. Binaries can be found below. π
We're excited to announce v0.4.0 of Gophish! This release fixes all sorts of pesky bugs, gives 100% more donut charts and 100% fewer useless maps. Give it a shot! We think you'll really like it.
Big Changes
This release doesn't come with any completely new features but we still made big changes we think you'll like.
-
The target map is now an optional feature. We realized that most tests are internal and that even if it's an external test, the map simply takes up space. Now, you can re-enable it in the "Settings" page. (#747)
-
We've moved all charts from Chartist.js to Highcharts. Highcharts is a well established library that gives good performance and tons of great features. So, for example, now the campaign timeline is fully zoomable. π
- We also split out the results status donut chart into multiple charts - one for each status. Previously the results were a bit misleading since we only showed the final status. Now, we show the counts for every status! And hey, who doesn't love more donuts? (#680)
-
Datetimes are now stored in UTC format in the database. So, the API will now return dates in UTC as opposed to the browser's local time zone. This gives us more consistency in the case where browser's and servers have different time zones when campaigns are scheduled. It's worth noting that we adjust the times on the frontend so that all campaigns and scheduling in the browser still show local time. We just convert everything to UTC for storage. (#316)
-
We changed the font size in the UI from 18px to 16px. This should give a bit more space and improve the look and feel. I guess this was a π small change.
New Website!
We just launched the new version of our website at getgophish.com. This was created with hand crafted artisanal HTML, so be sure to check it out.
How to Upgrade
To upgrade, simply download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!
Now, one more thing:
We want to hear from you!
Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue directly.
Enjoy!
Details:
| SHA1 Hash | Filename |
|---|---|
| 0254e5b9a1febc34611271cc0b56e42c5b9d4bb1 | gophish-v0.4-darwin-32bit.zip |
| 80a6017a0080aaacf2ceb042a78e67e301bba623 | gophish-v0.4-darwin-64bit.zip |
| 4502fa44fe0a7ea0e9defcc49f33fe76fbf5bac4 | gophish-v0.4-linux-32bit.zip |
| 252f0f2d7712d83c3495734b6e74485f0f3f35d9 | gophish-v0.4-linux-64bit.zip |
| db5324935450e5a8377c81d213c59937a594e551 | gophish-v0.4-windows-32bit.zip |
| 4d9082b97ca9fd36c8195a536f45197b07b37989 | gophish-v0.4-windows-64bit.zip |
Published by jordan-wright over 7 years ago
Say Hello to the New Gophish.
tl;dr - New version of Gophish. Tons of features. Binaries can be found below. π
We're excited to announce Gophish v0.3.0. This release is packed with updates, so we think you'll really enjoy it.
New Features
Here are just some of the new features in this release:
- More granular result status (e.g. "Submitted Data" and "Clicked Link" instead of "Success")
- Support for custom SMTP headers
- Performance improvements and "summary" API endpoints
- Automatic SSL certificate creation
- Support for MySQL
- Now using select2 instead of typeahead.js when building a campaign
- Shorter result ID's
- A whole bunch of bug fixes!
A Python API Client!
To make working with the API even easier, we've developed an official Python API client.. This will make it easier to orchestrate Gophish to create, launch, and manage campaigns.
Community Contributions
Gophish has an incredible community. I wanted to make a spot in these release notes to call out some key contributions that helped make this release amazing:
- @chrismaddalena has created an awesome tool called GoReport that leverages the Gophish API to generate campaign reports.
- @LarryGrim has created a comprehensive guide on building a simulated phishing program from scratch.
- @S0larflare and @snori74 have done an outstanding job of always being quick to answer new issues as they are reported. Thank you both so much!
- @svigne1 has contributed performance improvements, as well as the MySQL support!
Documentation has moved
All documentation is being moved to our Gitbooks repo here: https://www.gitbook.com/@gophish. Gitbooks allows us to easily manage our documentation and publish both online hosted docs, as well as downloadable PDFs.
We're still finalizing our docs, so please bear with us as we make sure everything is fully documented - especially related to API endpoints.
How to Upgrade
To upgrade, simply download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!
Now, one more thing:
We want to hear from you!
Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue directly.
Enjoy!
Published by jordan-wright almost 8 years ago
Say Hello to the New Gophish.
Sorry for the wait. We promise it was worth it.
This release marks Gophish's 3 year anniversary. When I first set out to build Gophish, I wanted to create the best phishing framework possible. This release gets us one step closer to that goal.
We've been busy! Here are just some of the new features in this release:
- Now sending emails faster via
gomail - Introduced beautiful modal dialogs via
sweetalert2 - Can now schedule campaigns
- Can now mark a campaign as complete
- Automatically converting
<a>tags in imported emails to point to Gophish listener - Added Redirect URL to redirect users after they submit credentials
In addition to new features, we've also fixed a ton of bugs including:
- Stored XSS vulnerabilities (only affected admin)
- Fixed issue where attachments weren't sent in campaigns
Here are all issues we closed during this release.
Moving Forward
There are a couple of important things to note moving forward:
No longer providing email support
I want to provide the best support possible for gophish. While I like the idea of email support, it's just not the right way to move forward with gophish for a few reasons.
Specifically, I want support cases to be transparent so that the community can work together to solve them. If I receive an email, it's completely subject to me remembering to respond to it when I can if I remember.
I also found that I receive a significant amount of duplicate questions via email. Responding to each of these takes up cycles that could otherwise be spent innovating on Gophish features.
That being said, feel free to send nice words about gophish to our email address, but from now on all support tickets will be required to go through our Github issues, where all of them have been and will continue to be responded to. π
Moving Documentation
You'll notice that this release no longer contains a PDF of our User Guide. I'm experimenting with different ways to open up documentation to changes from the community. Right now, I've moved nearly everything to our wiki, but will continue tracking down the right fit for the Gophish documentation.
Update 12/14 - All documentation is being moved to our Gitbooks repo here: https://www.gitbook.com/@gophish
How to Upgrade
To upgrade, simply download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!
Now, one more thing:
We want to hear from you!
Have questions, comments, or feature ideas about gophish? Let us know by filing an issue directly, or contacting us through our support page.
Enjoy!
Published by jordan-wright over 8 years ago
Say Hello to the New gophish
This is the second release of gophish, and we couldn't be more excited! In this release, you'll find insanely cool features, numerous bug (or feature) fixes, and more.
Here are just a few of the added features since our last release:
- Added the ability to capture credentials with just a click
- Added the ability to store SMTP settings
- Added polling on the campaign results page for near-realtime updates
- Added the ability to ignore SMTP server certificate errors
- Multiple UI fixes/tweaks (datatables, etc.)
These features came in the form of over 15 pull requests, and 56 closed issues.
This release is awesome, and you should feel awesome for using it.
How to Upgrade
To upgrade, simply download the release for your platform, extract into a folder, and copy your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go!
Now, one more thing:
We want to hear from you!
Have questions, comments, or feature ideas about gophish? Let us know by filing an issue directly, or contacting us through our support page.
Enjoy!
Published by jordan-wright over 8 years ago
It's finally here!
This release is the first public beta release of gophish. We are excited about all the awesome features this release brings, and are excited for you to give it a spin.
Here are just a few of the added features since the initial alpha pre-release:
- Added the timeline feature for campaign results
- Added default tracking to email templates
- Added additional events (such as when errors occur)
- Added the ability to access admin server/ phishing server over TLS
- Multiple UI fixes/tweaks (datatables, etc.)
- Added the ability to export results as CSV
These features came in the form of over 10 pull requests, and over 30 closed issues.
In addition to the added software features, we launched our public website! We will be updating the blog periodically with software updates as well as engineering notes. You can find our official release announcement here.
We want to hear from you!
Have questions, comments, or feature ideas about gophish? Let us know by filing an issue directly, or contacting us through our support page.
Enjoy!
Published by jordan-wright almost 9 years ago
gophish v0.1 - alpha
This is the alpha release of gophish. It contains all the functionality needed to create and launch a realistic simulated phishing campaign and record the results.
