this is an open source phishing toolkit. it enables red teamers to quickly and easily setup and execute phishing engagements. it can track the number of phishing emails were delivered to targets and the number of users that opened the malicious emails. one of its unique feature is the embedding of phishing links directly in the phishing templates.
DATA FLOW
Email is sent to the SMTP Server
SMTP Server delivers email to the target
Target interacts with the Hyperlinks/URL which then creates a session directly to the EvilGinx External IP
Target credentials are harvested via EvilGinx spoofed legitimate page
Target get sent to the payload server
VPS INSTANCE INSTALLATION
#create the ec2/azure instance
root@oco:~$ BROWSER > https://portal.azure.com > Virtual Machines
Project Details
Subscription: {subscription}
Resource Group: {resourceGroup}
Instance Details
Virtual Machine Name: {gophish}
Region: US
Availability Options: No Infrastructure Redundancy Required
Security Type: Standard
Image: Ubuntu Server 20.04 LTS - x64 Gen2
VM Architecture: x64
Run w/ Azure Spot Discount: Disabled
Size: Standard D2as_v4 - 2 vcpus 8GiB memory ($$$)
Administrator Account
Authentication Type: SSH public Key
Username: {gophishUser}
SSH Public Key Source: Generate new key pair
Key pair name: {arbitraryValue}
Inbound Port Rules
Public Inbound ports: None //this disabled public access to instance
Select Inbound Ports: N/A
Disks
Encryption at host: Disabled
OS Disk
OS Disk Type: Premium SSD (locally-redundant storage - LRS)
Delete w/ VM: Enabled
Key Management: Platform-managed key
Enable Ultra Fisk Compatibility: Disabled
Data Disks for {evilginx}: Create and attach a new disk
Name: {evilginx}_DataDisk_0
Source Type: None (Empty Disk)
Size: 16 GiB
Key management: Platform-managed key
Enable shared disk: No
Delete disk w/ VM: Enabled
Management
Network Interface
Virtual Network: {...LabVNet}
Subnet: default (.../24)
Public IP: {...}
NIC Network Security Group: Basic
Public Inbound Ports: None
Select Inbound Ports: N/A
Delete NIC when VM is deleted: Disabled
Enable Accelerated Networking: Enabled
Load Balancing
Place VM Behind Existing LB Solution: Disabled
* Create the VM after review
GOPHISH INSTALLATION
#https://github.com/gophish/gophish
root@oco:~$ curl -O https://github.com/gophish/gophish/releases/download/v0.12.1/gophish-v0.12.1-linux-64bit.zip
root@oco:~$ unzip gophish-v0.12.1-linux-64bit.zip
root@oco:~$ ls
phish
root@oco:~$ cd phish
root@oco:~$ ls
...gophish templates
root@oco:~$ chmod 700 gophish
root@oco:~$ sudo ./gophish
...msg="starting admin server at https://0.0.0.0:3333"
...msg="starting phishing server at http://0.0.0.0:80"
* change the default settings such as ports, ip address, etc if required by modifying parameters at /phish/config.json
* the random username/password are displayed when gophish is run for the first time
