Evilgophish – Evilginx2 + Gophish
Combination of
Once you have run setup.sh
, the next steps are:
- Configure
SMS
message template. You will useText
only when creating aSMS
message template, and you should not include a tracking link as it will appear in theSMS
message. LeaveEnvelope Sender
andSubject
blank like below:
- Configure
SMS Sending Profile
. Enter your- Import groups. The
CSV
template values have been kept the same for compatibility, so keep theCSV
column names the same and place your target phone numbers into theEmail
column. Note thatTwilio
accepts the following phone number formats, so they must be in one of these three:
- Start
evilginx2
and configure phishlet and lure (must specify full path toGoPhish
sqlite3
database with-g
flag) - Ensure
Apache2
server is started - Launch campaign from
GoPhish
and make the landing URL your lure path forevilginx2
phishlet - PROFIT
Live Feed Setup
Realtime campaign event notifications are handled by a local websocket/http server and live feed app. To get setup:
-
Select
true
forfeed bool
when runningsetup.sh
-
cd
into theevilfeed
directory and start the app with./evilfeed
-
When starting
evilginx2
, supply the-feed
flag to enable the feed. For example:
./evilginx2 -feed -g /opt/evilgophish/gophish/gophish.db
- You can begin viewing the live feed at:
http://localhost:1337/
. The feed dashboard will look like below:
IMPORTANT NOTES
- The live feed page hooks a websocket for events with
JavaScript
and you DO NOT need to refresh the page. If you refresh the page, you will LOSE all events up to that point.
Phishlets Surprise
Included in the
evilginx2/phishlets
folder are three custom phishlets not included in evilginx2.o3652
– modified/updated version of the originalo365
(stolen from Optiv blog)google
– updated from previous examples online (has issues, don’t use in live campaigns)knowbe4
– custom (don’t have access to an account for testing auth URL, works for single-factor campaigns, have not fully tested MFA)
A Word About Phishlets
I feel like the world has been lacking some good phishlet examples lately. It would be great if this repository could be a central repository for the latest phishlets. Send me your phishlets at
[email protected]
for a chance to end up inevilginx2/phishlets
. If you provide quality work, I will create aPhishlets Hall of Fame
and you will be added to it.Changes To evilginx2
- All IP whitelisting functionality removed, new proxy session is established for every new visitor that triggers a lure path regardless of remote IP
- Fixed issue with phishlets not extracting credentials from
JSON
requests - Further “bad” headers have been removed from responses
- Added logic to check if
mime
type was failed to be retrieved from responses - All
X
headers relating toevilginx2
have been removed throughout the code (to remove IOCs)
Changes to GoPhish
- All
X
headers relating toGoPhish
have been removed throughout the code (to remove IOCs) - Custom 404 page functionality, place a
.html
file named404.html
intemplates
folder (example has been provided) - Default
rid
string in phishing URLs is chosen by the operator insetup.sh
- Transparency endpoint and messages completely removed
- Added
SMS
Campaign Support
Changelog
See the
CHANGELOG.md
file for changes made since the initial release.Issues and Support
I am taking the same stance as Kuba Gretzky and will not help creating phishlets. There are plenty of examples of working phishlets and for you to create your own, if you open an issue for a phishlet it will be closed. I will also not consider issues with your
Apache2
,DNS
, or certificate setup as legitimate issues and they will be closed. However, if you encounter a legitimate failure/error with the program, I will take the issue seriously.Future Goals
- Additions to IP blacklist and redirect rules
- Add more phishlets
Contributing
I would like to see this project improve and grow over time. If you have improvement ideas, new redirect rules, new IP addresses/blocks to blacklist, phishlets, or suggestions, please email me at:
[email protected]
or open a pull request.Download Evilgophish - Import groups. The
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.