def getuserwithID(idgophish):
try:
api = Gophish(API_KEY_GOPHISH, host=ADDRESS_GOPHISH, verify=False)
for current in api.campaigns.get():
if current.name in CAMPAINGN_NAME:
for currentresult in current.results:
if currentresult.id == idgophish:
return currentresult.email
except:
print "ERROR GOPHISH"
return "ERROR"
def main():
global api, sender_host, verify
if sys.version_info < (3, 0, 0):
exit('\nNot compatible with python 2\n')
config = configparser.ConfigParser()
config.read('phish.cfg')
api_key = config.get('DEFAULT','api_key')
host_url = config.get('DEFAULT','host_url')
sender_host = config.get('DEFAULT','sender_host')
verify = config.get('DEFAULT','verify')
test = ["True", "False"]
if verify in test:
if not eval(verify):
requests.packages.urllib3.disable_warnings()
else:
exit('Error: configuration variable (verify) is undefined')
api = Gophish(api_key, host_url, verify=False)
if len(sys.argv) == 10:
args = sys.argv[1:]
launch(args)
elif len(sys.argv) == 2:
flag = sys.argv[1]
if flag == '-g':
guide()
exit('\nWrong number of command line arguments'
'\n\nFormat: ./phish.py <title> <sendername> <senderemail> <targetlist.csv> <email.html> <emailsubject> <pageurl> <page.html> <launchtime>'
'\n\n eg: ./phish.py "Campaign Name" "John Doe" [email protected] targets.csv email.html "Email Subject Line" http://phishing.com page.html 2018/06/29@14:30'
'\n ./phish.py "Phish Test Title" "JK Rowling" [email protected] /path/targets.csv email.html "New Book" https://login.phishing.com page.html 1999/12/31@23:59\n'
'\n\n title.............name for new campaign objects'
'\n sendername........first and last name as should appear in email header'
'\n senderemail.......address as should appear in email header'
'\n targetlist........csv file (fieldnames=First Name,Last Name,Email,Position)'
'\n email.html........contents of email in html format'
'\n emailsubject......subject line as will appear in email'
'\n pageurl...........phony link address to be used in email'
'\n page.html.........contents of landing page in html format'
'\n launchtime........date and time (24hr) to send email'
'\n\n Alternative:'
'\n -g................campaign creation guide '
'\n\n !format for launchtime MUST use format YYYY/MM/DD@HH:MM [eg: 2018/06/14@4:22]\n'
)
def send_to_gophish(userList):
''' create a group with the forged email addresses into gophish '''
print(okBox + 'Connecting to the goPhish API')
api = Gophish(apiKey, host=host, verify=False)
targets = [
User(first_name=u.firstname,
last_name=u.lastname,
email=u.getMail(),
position=u.position) for u in userList
]
group = Group(name='l2gp - ' + company, targets=targets)
api.groups.post(group)
print(okBox + 'Group created !')
def connect_api(api_key, server):
"""Create a Gophish API connection."""
api = Gophish(api_key, host=server, verify=False)
# Sets up connection and test that it works.
try:
api.campaigns.get()
return api
except Error as e: # Bad API Key
raise Exception(f"Error Connecting: {e.message}")
except MissingSchema as e:
message = e.args[0].split(" '")[0]
raise Exception(f"Error Connecting: {message}")
except ConnectionError:
raise Exception("Networking Error, unable to reach Gophish.")
except Exception:
raise Exception("Cannot connect to Gophish.")
def __init__(self, directory, target_domain, username_format,
output_format, gophish_url, gophish_api_key):
self.directory = directory
self.target_domain = target_domain
self.username_format = username_format
self.output_format = output_format
self.gophish_api = Gophish(
gophish_api_key, host=gophish_url,
verify=False) if (gophish_url and gophish_api_key) else None
if self.directory and self.output_format:
# If the output directory doesn't exist then create it
if not os.path.exists(self.directory):
os.mkdir(self.directory)
self.output_path = f'{self.directory}/{self.target_domain}-{self.username_format}'
# if the user wants to store results as a csv, write the csv header first
if self.output_format == 'csv':
self._write_csv_header()
def testparam():
if PORT_LISTEN < 1024 and os.geteuid() != 0:
print "Droits root necessaire pour ecouter sur " + str(PORT_LISTEN)
sys.exit(1)
if NAME_MALICIOUS_BASIC_FILE != "":
if not os.path.isfile(NAME_MALICIOUS_BASIC_FILE):
print "Fichier " + NAME_MALICIOUS_BASIC_FILE + " introuvable"
sys.exit(1)
else:
print "Aucun fichier francophone specifie"
oui = raw_input('Continuer sans fichier francophone ? [y/n]')
if oui != 'y':
sys.exit(2)
if NAME_MALICIOUS_BASIC_FILE_EN != "":
if not os.path.isfile(NAME_MALICIOUS_BASIC_FILE_EN):
print "Fichier " + NAME_MALICIOUS_BASIC_FILE_EN + " introuvable"
sys.exit(3)
else:
print "Aucun fichier anglophone specifie"
oui = raw_input('Continuer sans fichier anglophone ? [y/n]')
if oui != 'y':
sys.exit(4)
try:
api = Gophish(API_KEY_GOPHISH, host=ADDRESS_GOPHISH, verify=False)
api.campaigns.get()
except:
print "Erreur connexion Gophish"
oui = raw_input('Continuer sans Gophish ? [y/n]')
if oui != 'y':
sys.exit(5)
print "Les campagnes observees seront \"" + ', '.join(
CAMPAINGN_NAME) + "\""
oui = raw_input('Continuer ? [y/n]')
if oui != 'y':
sys.exit(4)
print "Le domaine de destination du fichier sera \"" + ADDRESS_SERVER + "\""
oui = raw_input('Continuer ? [y/n]')
if oui != 'y':
sys.exit(4)
from gophish import Gophish
from gophish.models import *
from prettytable import PrettyTable
from modules.creds import Credentials
from modules.owa import OwaCredsTester
from modules.netscaler import NetscalerCredsTester
from modules.juniper import JuniperCredsTester
import config
DEBUG = False
if hasattr(config, 'GophishClient'):
api = Gophish(config.API_KEY,
host=config.API_URL,
client=config.GophishClient)
else:
api = Gophish(config.API_KEY, host=config.API_URL)
# Some constants
BROWSER_MSG = ['Email Opened', 'Clicked Link', 'Submitted Data']
class EventsFilter():
def __init__(self, email=None, ip=None, group=None):
self.email = email
self.ip = ip
self.group = group
from gophish.models import *
import urllib.request, json
import ssl
import re
import config
import fileimport
import imaplib
import email
import io
import base64
#Required declarations
api_key = (config.api_key)
gohost = "GOPHISH_ADMINURL HERE"
campaignurl = "GOPHISH_CAMPAIGNURL_HERE"
api = Gophish(api_key, host=gohost, verify=False)
phishers = []
listReporters = []
uniqReporters = []
print("|" * 10 + "WELCOME TO GoEmailReporter" + "|" * 10)
print("\n********An EMAIL REPORTING TOOL for GOPHISH*******")
print("#######By ASHISH CHALKE#######\n")
#Get campaign Name
campaigndict = {} #Create an empty campaign dictionary
print("Printing a list of available campaigns:")
for campaign in api.campaigns.get(): #Use API Call to get all campaigns
#Update campaigns to the campaigndict dictionary with campaignname:id format
campaigndict.update([(campaign.name, str(campaign.id))])
#Print all the available Campaigns.
#!/usr/bin/env python3
import requests, sys, argparse, csv, os
from gophish import Gophish
from gophish.models import *
from resources import config, hunterio, harvester, bing, mailshunt, webpage, github, hibp
from datetime import datetime
from resources.ui import *
# Suppress certificate verification warnings.
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
# Define the GoPhish API connection
API = Gophish(config.GOPHISH_API_KEY, config.BASE_URL, verify=False)
# Lists resources that Lure can use to search for e-mail addresses
def list_resources():
gophish_status = check_connection()
hibp_status = check_hibp_status(enable_hibp)
if config.HUNTERIO == True:
print(" [X] Hunter.io" + "\t\t\t" + gophish_status)
if config.HUNTERIO == False:
print(" [ ] Hunter.io" + "\t\t\t" + gophish_status)
if config.LINKEDIN == True:
print(" [X] LinkedIn" + "\t\t\t" + hibp_status)
if config.LINKEDIN == False:
print(" [ ] LinkedIn" + "\t\t\t" + hibp_status)
if config.GITHUB == True:
print(" [X] GitHub")
def main():
parser = argparse.ArgumentParser(
description='Loads demo data into a Gophish instance',
formatter_class=argparse.ArgumentDefaultsHelpFormatter)
parser.add_argument('--api-key',
type=str,
required=True,
help='The Gophish API key')
parser.add_argument('--api-url',
type=str,
default='https://localhost:3333',
help='The URL pointing to the Gophish admin server')
parser.add_argument('--phish-url',
type=str,
default='http://localhost',
help='The URL pointing to the Gophish phishing server')
parser.add_argument('--num-groups',
type=int,
default=10,
help='The number of groups to create')
parser.add_argument('--num-members',
type=int,
default=100,
help='The number of recipients in each group')
parser.add_argument(
'--percent-opened',
type=int,
default=50,
help='Percent of users to open the emails in the campaign')
parser.add_argument(
'--percent-clicked',
type=int,
default=20,
help='Percent of users to click the links in the campaign')
parser.add_argument('--percent-submitted',
type=int,
default=5,
help='Percent of users to submit data in the campaign')
parser.add_argument(
'--percent-reported',
type=int,
default=5,
help='Percent of users to report the emails in the campaign')
args = parser.parse_args()
# Start our null SMTP server
smtp = Controller(Sink(), hostname='127.0.0.1')
smtp.start()
api = Gophish(api_key=args.api_key, host=args.api_url, verify=False)
# Generate our groups
print('Generating Groups...')
sys.stdout.flush()
group_names = generate_groups(api,
num_groups=args.num_groups,
num_members=args.num_members)
groups = [Group(name=group) for group in group_names]
print('Generating SMTP')
sys.stdout.flush()
smtp = generate_sending_profile(api,
'{}:{}'.format(smtp.hostname, smtp.port))
print('Generating Template')
sys.stdout.flush()
template = generate_template(api)
print('Generating Landing Page')
sys.stdout.flush()
landing_page = generate_landing_page(api)
print('Generating Campaigns')
sys.stdout.flush()
campaign = Campaign(name='Demo Campaign',
groups=groups,
page=landing_page,
template=template,
smtp=smtp,
url=args.phish_url)
campaign = api.campaigns.post(campaign)
# Wait for the emails to be received
while True:
summary = api.campaigns.summary(campaign_id=campaign.id)
if summary.stats.sent < len(campaign.results):
if summary.stats.error:
print(
'Encountered an error... Check the Gophish logs for details.'
)
print('Exiting...')
sys.exit(1)
print(
'Waiting for mock emails to finish sending (this takes a few seconds)...'
)
sys.stdout.flush()
time.sleep(1)
continue
break
generate_results(api,
campaign,
percent_opened=args.percent_opened,
percent_clicked=args.percent_clicked,
percent_submitted=args.percent_submitted,
percent_reported=args.percent_reported)
print(
'\n\nAll set! You can now browse to {} to view the Gophish dashboard'.
format(args.api_url))
print('The credentials are admin:gophish')
print('Enjoy!')
groups = [Group(name='Group_Name')]
template = Template(name='Email_Template_Name')
page = Page(name='Landing_Page_Name')
smtp = SMTP(name='Sender_Name')
url = 'https://example.com'
campaign = Campaign(name=name, groups=groups, template=template, page=page, url=url, smtp=smtp)
campaign = api.campaigns.post(campaign)
return campaign
def delete_campaign(api, campaign_id):
resp = api.campaigns.delete(campaign_id=campaign_id)
return resp
api = Gophish(API_KEY, host=HOST, verify=False)
args = parser.parse_args()
if args.id:
resp = delete_campaign(api, args.id)
if resp.success:
print(f'[+] Deleted campaign with id {args.id}')
else:
print(f'[-] Failed to delete campaign with id {args.id}')
campaign = start_campaign(api)
if campaign.id:
print(f'[+] Started new campaign with id {campaign.id}')
else:
print(f'[-] Failed to start new campaign')
useraccesskey=useraccesskey,
usersecret=usersecret)
#Get HTML from S3
landing_html = get_phish_template_landing_html(
bucketname,
template_id,
useraccesskey=useraccesskey,
usersecret=usersecret)
mail_html = get_phish_template_mail_html(bucketname,
template_id,
useraccesskey=useraccesskey,
usersecret=usersecret)
host = "https://" + subdomain + ":" + port
api = Gophish(API_KEY, host=host) #, verify=False)
#Create variable names
campaignName = campaignid + "-campaign"
pageName = campaignid + "-page"
groupName = campaignid + "-group"
templateName = campaignid + "-template"
smtpName = campaignid + "-smtp"
#Create Landing Page
landingpage = Page(name=pageName,
capture_credentials=True,
capture_passwords=True,
redirect_url=redirect_url_text,
html=landing_html)
page = api.pages.post(landingpage)
def createGophishClient():
# This client has all methods attached to it necessary to create, read, and run our campaigns.
return Gophish(GophishUtility.apiKey,
host=GophishUtility.baseUri,
verify=False)
from json import load
__author__ = "binexisHATT"
__version__ = 1.0
if __name__ == "__main__":
set_completer(auto_complete)
parse_and_bind("tab: complete")
packages.urllib3.disable_warnings()
prog_color = randint(1, 220)
config_file = load(open("config.json"))
config_file["api_key"] = environ["GOPHISH_API_KEY"]
config_file["host"] = environ["GOPHISH_HOST"]
gophish_client = Gophish(config_file["api_key"],
host=config_file["host"],
verify=False)
print("""
\t┌────────────────────────────┐
\t│░█▀█░█░█░█▀█░█░█░▀█▀░█▀▀░█░█│
\t│░█▀▀░░█░░█▀▀░█▀█░░█░░▀▀█░█▀█│
\t│░▀░░░░▀░░▀░░░▀░▀░▀▀▀░▀▀▀░▀░▀│
\t└────────────────────────────┘
\tAuthor: @{}
\tVersion: {}
""".format(("%s" + __author__ + "%s") % (fg(randint(1, 220)), attr(0)),
__version__))
main_menu_options = [("campaigns", "Enter campaigns menu"),
("groups", "Enter groups menu"),
targets_submitted = []
# Lists and dicts for holding prepared report data
campaign_results_summary = []
# Output options
report_format = None
output_word_report = None
output_xlsx_report = None
xlsx_header_bg_color = "2d80b7"
xlsx_header_font_color = "#FFFFFF"
# Gain access to GoPhish
api_key = 'c21434defd36f0158cb2803b2947cfec1bb0dd52296d9e645c41ecbbf4bdc27c'
urllib3.disable_warnings()
api = Gophish(api_key, host='https://127.0.0.1:3333/', verify=False)
def get_report(user_in):
print("do we get here")
# Campaign Information
campaign = api.campaigns.get(campaign_id=user_in)
api.campaigns.complete(user_in) # Mark Campaign as complete
cam_name = campaign.name
cam_status = campaign.status
launch_date = campaign.launch_date
completed_date = campaign.completed_date
cam_url = campaign.url
# Collect SMTP information
smtp = campaign.smtp
from gophish import Gophish
#Change These!
api_key = ''
server = "http://GophishIP:port"
campaignID = 0
api = Gophish(api_key, host='', verify=False)
campaign = api.campaigns.get(campaign_id=campaignID)
print("Submitted Data:")
for event in campaign.timeline:
if event.message == "Submitted Data":
time = event.time
login = event.details['payload']['login'][0]
password = event.details['payload']['password'][0]
print(time + "\tLogin:"******"\tPassword:"******"Clicked Link")
for event in campaign.timeline:
if event.message == "Clicked Link":
time = event.time
email = event.email
print(time + "\tEmail:" + email)
from gophish import Gophish
from gophish.models import *
from pip._vendor.distlib.compat import raw_input
api_key = raw_input("Enter your API Key:\n")
host = raw_input("Enter your Host (I.E. https://server.net:3333):\n")
api = Gophish(api_key, host=host, verify=False) # Ignore SSL Errors
group_name = raw_input("Enter your Target Group:\n")
groups = [Group(name=group_name)]
page_name = raw_input("Enter the Name of your Landing Page:\n")
page = Page(name=page_name)
template_name = raw_input("Enter the name of your Template:\n")
template = Template(name=template_name)
smtp_name = raw_input("Enter the name of your Sending Profile:\n")
smtp = SMTP(name=smtp_name)
campaign_name = raw_input("Name your campaign!\n")
campaign = Campaign(name=campaign_name,
groups=groups,
page=page,
template=template,
smtp=smtp)
campaign = api.campaigns.post(campaign)
print("Your Campaign ID is: " + campaign.id + "\n")
"--vverbose",
required=False,
help="Switch: very verbose output",
action='store_true')
args = vars(ap.parse_args())
gophishURL = args["gophish"]
if gophishURL[-1] != "/":
gophishURL = gophishURL + "/"
apikey = args["apikey"]
#response = requests.get(gophishURL+"api/campaigns/?api_key="+apikey, verify=False)
#data = json.loads(response.text)
urllib3.disable_warnings()
api = Gophish(apikey, host=gophishURL, verify=False)
if args["stats"] is not None:
try:
campaign = api.campaigns.get(campaign_id=args["stats"])
timeline = campaign.timeline
for item in timeline:
print(item.email + " | " + item.message)
except (Exception, e):
print(str(e))
finally:
exit()
if args["results"] is not None:
try:
campaign = api.campaigns.get(campaign_id=args["results"])
