I’ll demonstrate in this post how to successfully use Gophish tools on our Linux computer. Right now, Gophish is the most effective email phishing tool. With the help of this software, you may spoof any email and copy any email template.
What is Gophish tool?
Open-source phishing tools Gophish is made for companies and penetration testers. It offers the opportunity to build up and carry out security awareness training and phishing encounters fast and with ease.
- Clone email templates
- Spoof email
- Insert Phishing page
- Get trget information
- Track email sending process
How to install Gophish tool?
If we need to produce a phishing email using this Gophish tool, we must first install it on our Linux device so follow the procedures outlined below.
Step 1: First, download the Gophish tool. so click the download button below
Step 2: Now extract the Zip file
Step 3: Now Open the config.json file and edit the listen_url IP address and port number.
Step 4: Now, open the terminal within the Gophish folder and enter the following command.
sudo apt-get install sendmail-bin
After installing Sendmail, use the following command to start the Sendmail service.
sudo service sendmail start
Step 5: Allow the Gophish file to read, write, and execute by typing the following.
chmod +x gophish
Step 6: To launch the Gophish utility, enter the following command into your terminal.
After that, copy the admin server link and paste it into the browser to access the gophish tool’s online view.
That’s it now log in the Gophish tool
If you type this above username and password the Gophish tool redirects to a password reseting page
This Gophish page will be redirected to the Gophish dashboard when you reset your password.
Setup Gophish tool before sending phishing mails
We can’t send phishing emails right away after installing the gophish tool; we have to first decide what kind of phishing emails we want to send and then alter the program accordingly.
Create User & Group
Step 1: First, you select the user & groups option
Step 2: Now click the new group button.
Step 3: Now write the name, which only helps to identify the user groups, and also write the first name, last name, and email address of the victim. Then click the Add button.
Step 4: After this click, the Save Changes button ends the user & group.
Step 1: First, you need to select the email templates option.
Step 2: Now click the new template button in the email templates then Type Template name, which is only to identify the template.
Step 3: After typing the templte name you just click the import email button. nd then you copy paste the raw source of the email template you want to phish.
If you don’t know how to copy the raw source code of an email template, just follow the steps below.
How to get an email template raw source code?
First, you choose which email template you want to phish. I choose the below email to show an image.
Then click the right side corner three-dot button to choose the email Show original
After that click the copy to clipboard button to copy the all email source files
Step 4: Now paste the email raw source in the import email box in the Gophish tool.
After that click the import button. check the HTML section of the copied email was shown or not. if not show means the source code was a problem so gain copy and past the source code.
Step 5: Once you complete the above process scroll down to click the save template button.
Step 1: After finishing the above process select the landing pages and click the new page button.
Step 2: Now type the name on the landing page then click the import site button.
Step 3: Now type which website username password you want from the victim.
For Example – If you type to facebook.com it means that this tool will clone the Facebook page and insert all clickable dots (buttons) in your phishing email, so if your victim clicks any button or link on the email you sent you will be redirected to the Facebook login page. … Your victim type username and password means they will be sent to your control panel.
Now click the import button and check the HTML section the page was imported or not. then click the save page button
Set gophish sending profile (SMTP configuration)
Step 1: First of all, you need to click the sending profile inside the Gophish dashboard.
Step 2: Then click the New profile button inside the sending profile.
Step 3:Now type the following details.
Name: Type any name
Interface Type: SMTP
From: From Gmail Address
Username: Your Gmail Address Username
Password: Your Gmail address password
Step 4: After completing the steps above, scroll down and click the Save Profile button.
How to enable the Gmail less secure app?
Go to your (Google Account).
On the left navigation panel, click Security.
On the bottom of the page, in the Less secure app access panel, click Turn on access.
Click the Save button.
Send Phishing mail on Gophish tool
Step 1: First of all, you need to open the Gophish tool and select campaigns.
Step 2: Now click on the new campaigns button as shown in the below image.
Step 3: Now type the campaign name (you can type any name), and load the email template and landing page already we created, after that you paste the URL. the URL is nothing but a phishing server, as shown in the image below.
Step 4: Once you complete the above process click the launch campaigns button.
After completing the bove all the steps, That’s it now the phishing mail sent to the target.
If your victim clicks any button or links to this mail that will redirect to the given phishing page.
We can track Every victim movement on gophish dashboard.
I hope I have fully explained how to use the gophish tool and if you have any doubts about using this tool feel free to ask me through the command section below.