Install Gophish on Ubuntu 18.04/Debian 9.8

6
6911

In this guide, we are going to discuss how to install Gophish on Ubuntu 18.04/Debian 9.8. Gophish is a powerful open-source phishing framework that enables organizations to quickly and easily setup and execute phishing engagements and security awareness training.

When a phishing campaign is launched, Gophish updates the results automatically. Using the UI, you can view a timeline for each recipient, tracking email opens, link clicks, submitted credentials, etc

Install Gophish on Ubuntu 18.04/Debian 9.8

Installing Gophish on Ubuntu 18.04/Debian 9.8 is one easy step. There are two approaches through that you can use in this case. One is installing Gophish on Ubuntu 18.04/Debian 9.8 using OS-specific binary and the other is building Gophish from source.

Install Gophish on Ubuntu 18.04/Debian 9.8 Using Linux Binary

Download Gophish

Download Gophish pre-built binary for Linux from the releases page.

wget https://github.com/gophish/gophish/releases/download/0.7.1/gophish-v0.7.1-linux-64bit.zip

Install Gophish on Ubuntu 18.04/Debian 9.8

Once you get Gophish zipped binary file, you need to unzip it to get the binary itself. You can unzip the binary to /opt/gophish directory, which will act as the installation directory for Gophish.

apt install zip
sudo unzip gophish-v0.7.1-linux-64bit.zip -d /opt/gophish

The Gophish installer is now located under /opt/gophish.

ls /opt/gophish
config.json  db  gophish  LICENSE  README.md  static  templates  VERSION

Run Gophish

Now that the installation of Gophish is done, we can run it and begin phishing campaigns.

Stop and disable Apache if it is installed and running;

systemctl stop apache2
systemctl mask apache2

Start Gophish by navigating to the install directory and run the gophish binary as follows;

cd /opt/gophish
sudo ./gophish

If you need to free the terminal, send Gophish to the background

sudo ./gophish &

You can verify that Gophish is listening on tcp port 3333 on localhost using netstat command.

netstat -al | grep 3333
tcp        0      0 localhost:3333          0.0.0.0:*               LISTEN     
tcp        0      0 localhost:3333          localhost:55844         TIME_WAIT

Gophish is set to listen on localhost tcp port 3333 by default and hence can be accessed via https://localhost:3333.

If you are accessing Gophish from a remote system, then you can do SSH port forwarding if Gophis is running locally.

You can as well reconfigure Gophish to listen on all interfaces or just a specific interface.

To perform a local SSH port forwarding, run the command below. In this example, 192.168.0.113 is the IP of the Gophish server.

ssh -L 3333:127.0.0.1:3333 [email protected]

To explicitly configure Gophish to listen on an interface IP, edit the config.json file on the installation folder, /opt/gophish, in this case and substitute the loopback IP, 127.0.0.1 with an interface IP as shown below.

sudo vim /opt/gophish/config.json
    "admin_server": {
            "listen_url": "192.168.0.113:3333",
            "use_tls": true,
            "cert_path": "gophish_admin.crt",
            "key_path": "gophish_admin.key"
    },

Save the changes and run gophish binary;

cd /opt/gophish
sudo ./gophish

If UFW is running, allow remote access to Gophish.

ufw allow 3333/tcp

You can then access Gophish web UI using the address, https://192.168.0.113:3333. The login credentials for Gophish are admin and gophish for username and password respectively.

install Gophish on Ubuntu 18.04/Debian 9.8

Login to Gophish dashboard.

install Gophish on Ubuntu 18.04/Debian 9.8

That is the default Gophish dashboard. In our next guide, we will learn how to create phishing campaigns.

Run Gophish as a service

To run Gophish as a service, you need to create the service configuration file. In this guide, we are going to create a systemd service configuration file.

To run Gophish as a service, you need to create a non-privileged user used to run the service.

sudo useradd -r gophish

Next, create a Gophish systemd service configuration with the following content.

sudo vim /etc/systemd/system/gophish.service
[Unit]
Description=Gophish is an open-source phishing toolkit Documentation=https://getgophish.com/documentation/
After=network.target

[Service]
WorkingDirectory=/opt/gophish
User=gophish
Environment='STDOUT=/var/log/gophish/gophish.log'
Environment='STDERR=/var/log/gophish/gophish.log'
PIDFile=/var/run/gophish
ExecStart=/bin/sh -c "/opt/gophish/gophish >>${STDOUT} 2>>${STDERR}"

[Install]
WantedBy=multi-user.target
Alias=gophish.service

Next, create the log directory.

mkdir /var/log/gophish

Set the proper ownership for the Gophish installation as well as the log directory.

sudo chown -R gophish:gophish /opt/gophish/ /var/log/gophish/

Give Gophish binary capabilities to open port 80

sudo setcap cap_net_bind_service=+ep /opt/gophish/gophish

Reload Systemd Configurations

sudo systemctl daemon-reload

Start and enable Gophish service to run on system boot.

sudo systemctl start gophish
sudo systemctl enable gophish

Check Gophish service status

sudo systemctl status gophish
● gophish.service - GoPhish Service
Loaded: loaded (/etc/systemd/system/gophish.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2019-04-19 22:51:56 EAT; 4min 25s ago
Main PID: 2649 (sh)
Tasks: 6 (limit: 1117)
CGroup: /system.slice/gophish.service
├─2649 /bin/sh -c /opt/gophish/gophish >>/var/log/gophish/gophish.log 2>>/var/log/gophish/gophish.log
└─2650 /opt/gophish/gophish
Apr 19 22:51:56 u18server systemd[1]: Started GoPhish Service.

Great, until in our next article when we will cover how to run phishing campaigns with Gophish, you have learnt how to install Gophish on Ubuntu 18.04/Debian 9.8.

6 COMMENTS

  1. Thank you for the great article which was incredibly useful. I do however have one issue in that when I start GoPhish as a service, port 80 works just fine but I cannot connect to port 3333 despite changing the listen URL to “0.0.0.0:3333”.

    Any assistance would be much appreciated!

  2. Many thanks for the great tutorial which has been a lifesaver. The only thing I have an issue with is that the admin port (3333) despite being active on all interfaces within the configuration and working just fine when run from the command line, will not work when configured as a service. The service starts fine, the logs show that everything apparently started ok and requests to port 80 are fine and logged but port 3333 remains closed.

    Any help would be gratefully received!

LEAVE A REPLY

Please enter your comment!
Please enter your name here