Gophish – Golang Open-Source Phishing Toolkit

Gophish – Golang Open-Source Phishing Toolkit

Environment
Fedora 23 x86_64

Database
sqlite3

Git clone
https://github.com/gophish/gophish.git

adicitional packages install
go get github.com/gophish/gophish/config
go get bitbucket.org/liamstask/goose/lib/goose
go get github.com/PuerkitoBio/goquery
go get github.com/gorilla/context
go get github.com/gorilla/mux
go get github.com/gorilla/securecookie
go get github.com/jinzhu/gorm
go get github.com/jordan-wright/email
go get github.com/justinas/nosurf
go get github.com/oschwald/maxminddb-golang
go get golang.org/x/crypto/bcrypt
go get github.com/gorilla/sessions
go get github.com/gorilla/handlers

compile
go build gophish.go
./gophish

Interface Admin
http://127.0.0.1:3333/login

SiteFake and Phishing
http://0.0.0.0:80/

Screenshots

Gophish-Login

 

Selection_012

 

 

 

 

 

Selection_013

 

 

 

 

 

Selection_014

 

 

 

 

 

Selection_015

 

 

 

 

 

Selection_016

 

 

 

 

 

Selection_017

 

 

 

 

 

 

Selection_018

 

 

 

 

 

 

 

 

Happy Pentesting!

@firebitsbr

Running nmap via golang

Hi. Another post about golang 😉

I was developing a small source code in golang to automate the use of nmap , based on these examples:

https://github.com/mmcgrana/gobyexample/blob/master/examples/spawning-processes/spawning-processes.go
https://gobyexample.com/spawning-processes

But it was not succeed until I developed it and it worked :

[root@localhost golang]# vim go-nmap.go

// Mauro Risonho de Paula Assumpção aka firebits
// mauro.risonho@gmail.com
// example os/exec nmap
// 24.07.2015 15:04:23
// fedora 22 x86-64
// go version go1.4.2 linux/amd64
// go build

package main

import “syscall”
import “os”
import “os/exec”

func main() {

// For our example we’ll exec `ls`. Go requires an
// absolute path to the binary we want to execute, so
// we’ll use `exec.LookPath` to find it (probably
// `/bin/nmap`).

binary, lookErr := exec.LookPath(“/usr/bin/nmap”)
if lookErr != nil {
panic(lookErr)
}

// `Exec` requires arguments in slice form (as
// apposed to one big string). We’ll give `ls` a few
// common arguments. Note that the first argument should
// be the program name.
// args := []string{“nmap”, “-A”, “-O”, “127.0.0.1”}
args := []string{“nmap”, “-A”, “127.0.0.1”}

// `Exec` also needs a set of [environment variables](environment-variables)
// to use. Here we just provide our current
// environment.
env := os.Environ()

// Here’s the actual `syscall.Exec` call. If this call is
// successful, the execution of our process will end
// here and be replaced by the `/bin/ls -a -l -h`
// process. If there is an error we’ll get a return
// value.
execErr := syscall.Exec(binary, args, env)
if execErr != nil {
panic(execErr)
}
}

I installed a vm with Fedora 22 x86_64 and CUPS server and did a spot scanning in localhost 127.0.0.1

[root@localhost golang]# go build go-nmap.go
[root@localhost golang]# ./go-nmap

Starting Nmap 6.47 ( http://nmap.org ) at 2015-07-24 15:06 BRT
Nmap scan report for localhost.localdomain (127.0.0.1)
Host is up (0.00015s latency).
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
631/tcp open ipp CUPS 2.0
| http-methods: Potentially risky methods: PUT
|_See http://nmap.org/nsedoc/scripts/http-methods.html
| http-robots.txt: 1 disallowed entry
|_/
|_http-title: Home – CUPS 2.0.3
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.7 – 3.15
Network Distance: 0 hops

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.06 seconds

So it works!

@firebitsbr

Solucionando problemas com “go get” para import packages de terceiros

Você está contente e feliz com golang e sabe que há outros “imports” de outros desenvolvedores/terceiros que podem ser interessantes para seu projeto.

Então quando você tentar importar esse côdigo para seu projeto, por exemplo:

# go get github.com/astaxie/beego

Dá um erro, falando que está faltando o comando para obter o repositório de source code, no caso, para este projeto Beego, que usaram o Git:

[root@localhost github.com]# go get github.com/astaxie/beego
go: missing Git command. See http://golang.org/s/gogetcmd
package github.com/astaxie/beego: exec: “git”: executable file not found in $PATH

Então para resolvermos este problemas e outros similares, devemos instalar o git, mas já vamos instalar outras comandos de outros projetos de repositórios de source codes, pois a experiência que já tive anteriormente é que estes são os mais usados (no caso do fedora, será como o comando abaixo, mas em outras distros, deve-se verificar antes como fazer):

yum install git mercurial subversion bzr -y

Geralmente ao clonar o código de uma área remota (ex: github) para um área local (seu filesystem), todo código clonado irá para este path:

/usr/lib64/golang/src/
/usr/lib64/golang/pkg/linux_amd64/

Sendo criado os paths acima + github.com/astaxie/beego baseado em go get github.com/astaxie/beego

Por exemplo:

/usr/lib64/golang/src/github.com/astaxie/beego
/usr/lib64/golang/pkg/linux_amd64/github.com/astaxie/beego

Agora funciona!

@firebitsbr

Setar variável persistente do $GOPATH no Fedora 20

É sempre chato ter que setar a variável de ambiente ($GOPATH) para trabalhar com Golang, no Fedora 20 a cada vez que se abre um shell.

Então para tornar essa variável persistente (export GOPATH=/usr/lib64/golang), é só setar nos arquivos:

.bashrc
.bash_profile

Exemplo abaixo:

[root@localhost test]# cat .bashrc
# .bashrc

# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi

# Uncomment the following line if you don’t like systemctl’s auto-paging feature:
# export SYSTEMD_PAGER=

# User specific aliases and functions

export GOPATH=/usr/lib64/golang

[root@localhost test]# cat .bash_profile
# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi

# User specific environment and startup programs

PATH=$PATH:$HOME/.local/bin:$HOME/bin

export PATH

export GOPATH=/usr/lib64/golang

Fechar todos os terminais (no caso de estar usando X11) ou efetuar logoff em caso de um server sem X11.

Depois, para testar é só digitar no shell:

[root@localhost test]# $GOPATH
bash: /usr/lib64/golang: Is a directory

se retornar “Is a directory” está setado corretamente.

@firebitsbr