GoPhish

IRJ

I finally got a chance to setup GoPhish. I sent out a test phishing email out to our IT department and I must say it works pretty well. Social Engineering is really easy with GoPhish. You can clone any website automatically including OWA with a fake link that our employees should catch.

You can also easily clone legit emails and legit users. I want to test some CEO fraud since that is the latest popular scam. Oh I was also able to pull a csv from Active Directoy and import the entire organization.

0_1474916415469_upload-3e5077e5-572a-4b39-8e3e-df8500a2cbe3

0_1474916423286_upload-120f27c5-50f0-452d-aad5-4e2a0ca1a553

dafyre

This is on my list of things to test out... on my family... using the Nigerian prince scam... after I warn them, of course... maybe.

Dashrender

@dafyre said in GoPhish:

This is on my list of things to test out... on my family... using the Nigerian prince scam... after I warn them, of course... maybe.

Sadly, many will still fail even after being warned.

scottalanmiller

Nice, is GoPhish free?

coliver

@scottalanmiller said in GoPhish:

Nice, is GoPhish free?

Open Source.

IRJ

Another cool thing is that it does not capture passwords by default. You only get their username. If you want to capture passwords you can, but they will be in plain text..

0_1474916988408_upload-1a105f43-346e-4cf7-816e-22e8cec58273

IRJ

@scottalanmiller said in GoPhish:

Nice, is GoPhish free?

Yes 100% and it stays on your local network.

StrongBad

Very cool, looks like a good tool.