Phishing is something we do on a regular basis at Onvio. Phishing campaigns are one of the most effective techniques to compromise an organization. Phishing has a very high success rate to, for example, steal credentials from a user.
For our phishing campaigns we make use of the Open-Source Phishing Framework Gophish. Gophish is an excellent tool, designed for sending and tracking multiple Phishing campaigns for multiple targets.
But that is not how we use it. To minimize the risk of data leaks, we use a fresh VPS and Gophish instance for every campaign. This requires some changes to the Gophish design.
So we made a fork of Gophish to optimize it for a one-time, more stealthy, use.
New phishing features
- When a user opens a Word or Excel attachment, this is tracked. When he enables the Macro, it is tracked as well. This simulates a succesful infection of the host.
- HTTP & HTTPS
- Gophish now supports HTTP and HTTPS. When the user visits the landing page on HTTP he is no longer presentated an error, but is redirected to the HTTPS version.
- If the landing page is visited without an rID, the visitor no longer faces a 404 page, but is shown the landing page.
- Automatic setup
- A script to perform a complete setup of your Gophish instance on a clean VPS.
- Instant setup of Lets Encrypt Certificates for your phishing (sub)domains.
And more features to come! Get it on Github.