Penetration Testing: Gophish Tutorial (Phishing Framework)
Вставка
- Опубліковано 18 вер 2024
- Gophish is a powerful, open-source phishing framework that makes it easy to test your organization's exposure to phishing. This is an important tool for penetration testers and ethical hackers. Learn to use Gophish in this tutorial.
🎥Course from Sagar Bansal.
🔗Sagar's UA-cam channel: / @sagarbansal
🔗Sagar's website: sagarbansal.com/
--
Learn to code for free and get a developer job: www.freecodeca...
Read hundreds of articles on programming: www.freecodeca...
This is the only course in you tube that teaches how to do real social engineering campaigns on remote network using Gophish...thank Bro and may your knowldge be increased
I have recently been tasked with pentesting my coworkers and this tutorial has been a huge help. Thank you!
Is there option to send attachment in gophish
So is it legit to use gmail or outlook to send phishing email?
Wow free code camp is covering pentesting tools, awesomeness.
Mini Bit010 agreed.
hopefully for ethical hacking :)
This course is so good. I followed from beginning to end and you did such a great job explaining every detail! Thank you so much!
Hey, how
does the CD Command work for you on 18:24?
@@NV-qe3px Hey NV, the CD (change directory ) command worked as expected for me. I downloaded the zip file from the the gophish website and placed it in my documents folder then I unzipped it. I used the GUI (just right click on the folder and selected 'extract here'. Then I pulled up the terminal and used the cd (change directory) command to move to the directory where my gophish application was.
Linux is case sensitive so 'cd' is different from 'CD'.
Actual tutorial starts until minute 57:00
Nice video man! I understood it from the third time but I finally get it :D
cheers and keep up the good work
Great video!
Could you also make a video on how to avoid spam filters? Thank you
great tutorial being a python programmer I find penetration and such topic very interesting thank you so much for this tutorial ... in half way only i understood that its worth watching
All your words were just flying above my head using a JetPack..... LOL...
this is a nice tutorial, please can I get the windows version
Hit my DM. adamsfrank1995@gmail.com
Tysm sir for sharing your knowledge
This Is the real phishing 😍
@Sagar Bansal, you recorded this course on 13th Jan 2018, and released it on 17th June 2019,
why so?
Kindly do a Video on how to do penetrating test with Gophish using Windows.
Appreciate for the awareness.Thanks
I agree with others here, this is a very helpful and well-paced guide. And the only full one that I have found.
I have a question though, regarding Digital Ocean now blocking the SMTP port by default: I have not contacted them yet, hoping to get some current comments about it before I do.
I'm running on my usual motto of hope for the best, anticipate the worst. So if I get knocked back on my request, does anyone have a way of getting around the restriction? (and I'm open to any suggestions, like hosting it elsewhere, etc).
I have the brief to do some penetration testing for a couple of small organisations that I support. THis was looking promising - till I hit this roadblock.
Any suggestions would be greatly appreciated. Thanks.
I'm not allowed to use my own SMTP as well for some reason not letting sendgrid to get registered. Anyone help? This is regards to using gophish.
Excellent 👌
I'm not sure how to setup URL Correctly for Gophish Listening Server for Launch Campaign
Can you elaborate on that??
or is it somewhere specific in the Video
Thankyou !
That's great but what about call vicitum
Hello, how are you? I really need your help.
I can't get gophish to count "submitted data". I've done campaigns for imported sites and also for handmade HTML on login and password. But the gophish does not identify credentials at all. What do you need to do in the code for gophish to collect this information?
Thanks for this bro. I am hosting my gophish server internally in my organization and using an internal IP address to access it and not a domain name. Could that be the reason why my campaigns do not redirect me to the landing page when I click the link on the phishing email just like on your video? Even after clcking the link, the dashboard only updates the number of emails sent and no click stats
your content is very nice but it would be better if you add automatic translation subtitle.
Maybe the test email failed cause of the port. When I use 465, it works fine. That's if u enabled access for less secure apps
Hey bro, I am a bit confused.... I dont understand how 6:29 became 6:39 ... where did the new files come from during your break?
I would appreciate an explanation. Thanks
When you click on Quora, how does it go to the landing page? what part of the video is that? I am having issues with data capture
On 18:24 in the video, whenever I use the CD command, it doesn't work for some reason.
Amazing as always! Sagar Sir 🔥 😎
all this to just install the it
Wdym
is there another alternative for digital ocean droplet
I keep getting the same error "max connection exceeded - unencrypted connection" even after following step by step this video..I dont understand why
there is a sittings in google account you need to downgrade the security of your account in order to receive mails.
Hi, did you have some icloud phishing panel for sale?
i have problem after luching with ./gophish, my ip refused to load i use azure vps and i have the port 80 open on the portal
The ZeroSSL generation is slightly different now - you can verify via email, and it gives you three files - does it still work?
yes. it works too :) just ignore the another cert with bundler.
@@kuyadjvlogs yeah I figured that out too, you can literally just copy and paste the text of each cert into the files within Gophish
I have set up a VPS droplet in Digital Ocean with a domain name (I got a free domain and it has been published) to launch the phishing campaign and I'm trying to obtain an SSL certificate for the domain using ZeroSSL. The domain verification always fails (domain verification using DNS (CNAME)). It shows the error " We were unable to verify your CNAME entry. Please check for errors on your side and try again after 5-10 minutes. " The Name, Address to point to, and TTL values for the new CNAME record which ZeroSSL asks me to add have been entered correctly as a new CNAME record in DigtalOcean but the verification test keeps failing. I have sent an email to ZeroSSL support but some annoying bot responded. Please help!
@khunthai6738 for hostname copy only what is behind the dot
Hey bro please how can I reach you, I’m having issues with the ssl certificate. What’s your telegram channel?
another thing, stop making questions on why u cant execute this and that, and how unzip the file, etc etc. first learn how to use a linux distro, learn how to use the file system, user permissions, google search and you will easily find the answers. you all want to run before knowing how to walk..
Is paid VPS neccessary for external phishing attacks?
hi , can you please tell me where is the referral link for digital ocean
My landing page keeps coming up with the gophish login when clicking a link from a test email. Does anyhbody know how to fix this?
im not able to connect to the phish page hosted on vps
I have a hosted a site and it is perfectly working fine but i used the certificate and key of that site in the config.json file as "phish_server" and update the certificate and key path. The site is working fine. I am not able to track the details in gophish dashboard. Could you suggest something ?
Thank you! Really good video, specially that you teach how configure domain and ssl (free) like in a real world test. I didn't do it in digitalocean but aws, but everything was almost the same. It will be great if you make a video of how to configure the server to send emails also (including the reverse dns)
When I run the server everything is ok but I can't see the login page, Im using AWS too, can u help me? I don´t speak english so I hope you can understand me xD
Does aws open port 25?
@@evercastillo4767 check the firewall rules. You need to open port 80,443 to everyone and 22 to your ip.
I have successfully created and sent my first campaign but it doesn’t seem to load the requested landing page. I don’t know what I’m doing wrong. It just shows Apache 2 running . Can you reply me back?
Gophish laggy why?
Hi digital ocean is not unblocking smtp 25 port, can you please help me in unblocking the port.
Hey did you receive any help with that am having the same problem
i am getting max connection attempts exceeded. Kindly let me know how to resolve this
Thank you!
STMP2GO doens't work thou
Am trying on how to install gophish on my digital ocean vps server but cannot .... Please can you show a video on this...
Congrats by your video
hi i was working with this tool for a while until stoped to work correctly i cant spoof anymore can i add you to talk about what i have bad in my sending profile?
Gophish default password is not working
its showing password wrong at 7:58 for me.
edit : password will provided by the system during the run time. default password is will not work !
Why gophish very slow when sending email?
who can put me through gophish because mine keeps saying wrong password.
i am using wonders
I'm unable to get DigitalOcean to unblock my smtp server. I need help with that please
all u need is a working smtp server, u can use microsoft server (using an outlook/hotmail adress and server config), gmail, whatever you want, keep in mind that some email providers prevent you from using unsecured applications, like gophish, limit the emails that you can send, and the most important in phishing, spoofing your email.
i'm currently fighting with that problem, i'm going to test sendgrid. look up for that..
Sorry, please I need help
My DNS is not going through but my IP address does
Hello sir please how can I get the email raw source code thank you
🙋 Hello guys! But is it legit to use gmail or outlook to send phishing email using this gophish in a company?
My emails are landing into the spam category :(
when i enter user name (admin) but the password (gophish) it tells me wrong password pls help me
gophish isnt the default password anymore, when you launch the server for the first time, the console outputs the username and password for that session, this is before you change the password. With the outputed password you can login then change it.
I wish you are using windows
Actual phishing tutorial starts at ua-cam.com/video/S6S5JF6Gou0/v-deo.html. Irma gerd.
Timestamps?
echo > [file you want to empty]. Next time.
Or scp :)
how to register free domain in 2020 june (freenom not working)
Bro these is working
@@harshildobariya no bro
@@prashanthravichandhran5688 it's working...
Sagar is always the best
Please do course on automatic security by rest API tutorial it may be helpful for many people
@@sagarbansal Hey! My VPS from Digital Ocean just got disconnected from the network. They say that it could have bem used for spam or DDOS. How can we prevent this from happening?
সুন্দর
Great sagar
this is a clickbait title xD
@@sagarbansal oh sweet summer child xD
yes
@@icyguyxd7807 lol. He is the creator of this course - Sagar Bansal
Hey! My VPS from Digital Ocean just got disconnected from the network. They say that it could have bem used for spam or DDOS. How can we prevent this from happening?
@Sagar Bansal
Hi, thank's for your video it's very helpful to me ! I'm doing a phishing campaign with my job and I need to sent 400/500 mails someone have a solution ? cause outlook gmail ... are limited and I can't sent more than 10 mails there is a solution except buy a domain and configure an smtp server ?
Thanks :)
I solve the problem with sendgrid
@@weezycrew6039 how do you do?
50:00
my mails are ending in spam help me out guys
./gophish -permission denied
thank you 😊
@Sadia Parvin Ripa chmodd 777 gophish
Hello, does anyone know why the folder wont show? After I unzipped the download on the server, and press ls I dont see the folder, but I do see the zipped file. I don't understand this. Please Help!!
Abel Rosalez unzip /gophish
Abel Rosalez or create a folder name gophish and move files to it
WoW!! that is really helpful!! Thank you!!!!!!
u rocked it!1
hey do you think you can make me one
Make video on Android development please
Freecodecamp has dev tutorials just like this in their channel, they might have android tuts already, check out their channel
Hi all, great video, i'm having issues with running the gophish server after loading the certificates getting the message " level=fatal msg="tls: failed to parse private key"
Anyone got any ideas or can help?
i suggest checking your file that you might have copied the key information with some empty spaces or not a full copy paste of all text from the private key you created
Waste of time. Speak coherently
No contact address has been configured
Not much g9od
at-least appreciate his work he's giving out for free.
DON'T CRITICISE THEM.
Go learn first you wasted time
at 38:58, we're so impatient.
I keep getting the "Cant execute binary file". Obviosly im new at this. Anything I can do?
gophish: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, ... , not stripped
Linux usrv 5.8.0-1034-oracle #35~20.04.2-Ubuntu SMP ... aarch64 aarch64 aarch64 GNU/Linux
PS. I already executed "chmod u+x" on it. Gophish v0.11.0
whats wrong with your accent bro
u r wasting most of the time
very bad and unnecessary accent. seems there is no script, very unplanned or not properly executed
Wow
He cant do anything about his accent?????
at-least appreciate his work he's giving out for free.
DON'T CRITICISE THEM.
@@lunaticloomer7461 nothing is given out for free. I bet this course was made for some paid platform, when reached the minimal profit he uploaded it to youtube, still making profit from views and adds, not saying that we dont have to be grateful, i am grateful for its effort, but since it was made to be bought at least he should had organize better for recording, scripting the lessons and prepare them before recording, we can see how in many situations he's completely blind on what he is doing, that's not a good professor.. i'm sorry but its the truth.
./2023>July
i got this after unzipping .. well i am using parrot os .. ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=ce2b024de4886db5f77a4b8a437385d17892a60a, for GNU/Linux 3.2.0, with debug_info, not stripped