« Previous 1 2 3 4 Next »
Test your system to help fight phishing attacks
Phish Food
Receiving Reports by Email
If you have carefully monitored the console output during the Gophish startup process, you are probably aware that the IMAP manager started up. Because Gophish does not yet have its own function for sending reports by email, the developers decided to implement a reporting mechanism. Ideally, only a small number of users will have fallen for the fake email, but the administrator can only take action if notified of these incidents. To use the Gophish reporting mechanism, you need to set up an email address that will receive the relevant notifications.
Gophish offers the option of accessing an IMAP mailbox. Once it identifies a campaign email, the software reports this result. You first need to configure the IMAP settings for each Gophish user in the Account Settings | Reporting Settings option. The Advanced Settings button lets you determine the folders and the polling frequency. You can also check the configuration by clicking Test Settings .
Email Attachments
One genuine highlight of Gophish is the Attachment Tracking function that lets you add attachments with DOCX, DOCM, PPTX, XLSX, XLSM, TXT, HTML, and ICS file types to Gophish templates. When a campaign is launched, the variables defined in these documents are replaced with the matching values. The benefits are obvious, because, for example, in the case of an Office attachment, you can determine whether a victim opened it: When a prepared document is opened, the Office application tries to load the image, and this access attempt is then registered by the Gophish server.
To begin, create a Word document and insert a module by clicking Quick Parts
on the Insert
tab in the Text group. Select Field
and enter {{.TrackingURL}}
in its properties, and in the field options enable the Data not saved in document
option. To use the first and last name variables in the Word document, you need to disable the grammar and spelling checker, otherwise Word will register an error. Gophish can also register macro execution with this pattern. In the template settings, attach the modified document.
Managing Gophish
The internal admin functions are limited to user management, webhook configuration, and logging. In addition to the admin user you created when Gophish went live, you can create users by selecting User Management | New User . In the associated dialog, assign a role, the username, and a password. You can choose between the admin and standard user roles. The current version does not envisage the addition of more roles.
Basically, Gophish retrieves results through an API. In practice, though, it is often desirable for updates to be reported immediately after an event is registered. Gophish solves this problem by providing webhook support. In a webhook configuration, Gophish sends an HTTP request to a specific endpoint – the request can be signed if required. The request contains the JSON text of the currently registered event, which can then be processed downstream in a third-party application. The webhook configuration is set up in the menu of the same name.
The logging functionality is fairly rudimentary. By default, the logs are output to the standard error output (stderr). If you want the logs to be written to a file, use the command:
gophish.log 2>&1
You can also use an external security information and event management (SIEM) system in this way.
« Previous 1 2 3 4 Next »
Buy this article as PDF
(incl. VAT)