Everyone needs to conduct phishing attacks to see the organisation’s defence against Phishing during a penetration test . Here is an Open source Solution : GoPhish.
Gophish is an open source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily set-up and execute phishing engagements and security awareness training.
What is Gophish?
Gophish is a phishing framework that makes the simulation of real-world phishing attacks dead-simple. The idea behind gophish is simple – make industry-grade phishing training available to everyone.
“Available” in this case means two things –
Affordable – Gophish is currently open-source software that is completely free for anyone to use.
Accessible – Gophish is written in the Go programming language. This has the benefit that gophish releases are compiled binaries with no dependencies. In a nutshell, this makes installation as simple as “download and run”!
The idea of a phishing simulation platform isn’t new. Let’s take a look at some of the features that really set gophish apart and make it awesome.
Hosted On-Prem
There are many commercial offerings that provide phishing simulation/training. Unfortunately, these are SaaS solutions that require you to hand over your data to someone else.
Gophish, an Open Source Phishing Toolkit is different in that it is meant to be hosted in-house. This keeps you data where it belongs – with you.
GoPhish Phishing Toolkit
Installing Gophish Using Pre-Built Binaries
Gophish is provided as a pre-built binary for most operating systems. With this being the case, installation is as simple as downloading the ZIP file containing the binary that is built for your OS and extracting the contents.
To install gophish, simply run
go get github.com/gophish/gophish
This downloads gophish into your
$GOPATH.
Next, navigate to
$GOPATH/src/github.com/gophish/gophish
and run the command
go build
This builds a gophish binary in the current directory.
Running Gophish
Now that you have gophish installed, you’re ready to run the software. To launch gophish, simply open a command shell and navigate to the directory the gophish binary is located. Then, execute the gophish binary. You will see some informational output showing both the admin and phishing web servers starting up, as well as the database being created. This output will tell you the port numbers you can use toconnect to the web interfaces.
$ ./gophish
worker.go:34: Background Worker Started Successfully - Waitingfor Campaigns
models.go:64: Database not found... creating db at gophish.db
gophish.go:49: Admin server started at http://127.0.0.1:3333
gophish.go:51: Phishing server started at http://0.0.0.0:80
Enjoy !!
#To be used only for Authorized Penetration Testing .
How to Watch Security Cameras on the Internet : Camera hacking is not very new for hacker community . Due to mis-configuration in the Camera security , the cameras that can be accessed over the internet can be viewed by anyone without any Authentication . Though there is no real hacking in this but its somewhat nice to explore .
I would use this to explain the necessity of security configuration for IP cams . The Cams that have been used to provide the security , are now accessible to anyone without any authentication , and have become the biggest security Loophole.
The hacking tutorial section is now full of useless threads,The worst of all most of them are questions and other shits.
So yeah here i am writing a new tutorial trying to make this section back to what it used to be.
====================
Pro Tip :
Secure yourself before doing this.
This is Purely for Educational Purposes and Dangerous . Don’t Access Password Protected Cameras
====================
0 comments:
Post a Comment