In this guide, we are going to discuss how to install Gophish on Ubuntu 18.04/Debian 9.8. Gophish is a powerful open-source phishing framework that enables organizations to quickly and easily setup and execute phishing engagements and security awareness training.
When a phishing campaign is launched, Gophish updates the results automatically. Using the UI, you can view a timeline for each recipient, tracking email opens, link clicks, submitted credentials, etc
Install Gophish on Ubuntu 18.04/Debian 9.8
Installing Gophish on Ubuntu 18.04/Debian 9.8 is one easy step. There are two approaches through that you can use in this case. One is installing Gophish on Ubuntu 18.04/Debian 9.8 using OS-specific binary and the other is building Gophish from source.
Install Gophish on Ubuntu 18.04/Debian 9.8 Using Linux Binary
Download Gophish
Download Gophish pre-built binary for Linux from the releases page.
wget https://github.com/gophish/gophish/releases/download/0.7.1/gophish-v0.7.1-linux-64bit.zip
Install Gophish on Ubuntu 18.04/Debian 9.8
Once you get Gophish zipped binary file, you need to unzip it to get the binary itself. You can unzip the binary to /opt/gophish directory, which will act as the installation directory for Gophish.
apt install zip sudo unzip gophish-v0.7.1-linux-64bit.zip -d /opt/gophish
The Gophish installer is now located under /opt/gophish.
ls /opt/gophish config.json db gophish LICENSE README.md static templates VERSION
Run Gophish
Now that the installation of Gophish is done, we can run it and begin phishing campaigns.
Stop and disable Apache if it is installed and running;
systemctl stop apache2 systemctl mask apache2
Start Gophish by navigating to the install directory and run the gophish
binary as follows;
cd /opt/gophish
sudo ./gophish
If you need to free the terminal, send Gophish to the background
sudo ./gophish &
You can verify that Gophish is listening on tcp port 3333
on localhost
using netstat command.
netstat -al | grep 3333
tcp 0 0 localhost:3333 0.0.0.0:* LISTEN
tcp 0 0 localhost:3333 localhost:55844 TIME_WAIT
Gophish is set to listen on localhost tcp port 3333 by default and hence can be accessed via https://localhost:3333.
If you are accessing Gophish from a remote system, then you can do SSH port forwarding if Gophis is running locally.
You can as well reconfigure Gophish to listen on all interfaces or just a specific interface.
To perform a local SSH port forwarding, run the command below. In this example, 192.168.0.113 is the IP of the Gophish server.
ssh -L 3333:127.0.0.1:3333 [email protected]
To explicitly configure Gophish to listen on an interface IP, edit the config.json
file on the installation folder, /opt/gophish
, in this case and substitute the loopback IP, 127.0.0.1 with an interface IP as shown below.
sudo vim /opt/gophish/config.json
"admin_server": {
"listen_url": "192.168.0.113:3333",
"use_tls": true,
"cert_path": "gophish_admin.crt",
"key_path": "gophish_admin.key"
},
Save the changes and run gophish binary;
cd /opt/gophish
sudo ./gophish
If UFW is running, allow remote access to Gophish.
ufw allow 3333/tcp
You can then access Gophish web UI using the address, https://192.168.0.113:3333
. The login credentials for Gophish are admin and gophish for username and password respectively.

Login to Gophish dashboard.

That is the default Gophish dashboard. In our next guide, we will learn how to create phishing campaigns.
Run Gophish as a service
To run Gophish as a service, you need to create the service configuration file. In this guide, we are going to create a systemd service configuration file.
To run Gophish as a service, you need to create a non-privileged user used to run the service.
sudo useradd -r gophish
Next, create a Gophish systemd service configuration with the following content.
sudo vim /etc/systemd/system/gophish.service
[Unit]
Description=Gophish is an open-source phishing toolkit Documentation=https://getgophish.com/documentation/
After=network.target
[Service]
WorkingDirectory=/opt/gophish
User=gophish
Environment='STDOUT=/var/log/gophish/gophish.log'
Environment='STDERR=/var/log/gophish/gophish.log'
PIDFile=/var/run/gophish
ExecStart=/bin/sh -c "/opt/gophish/gophish >>${STDOUT} 2>>${STDERR}"
[Install]
WantedBy=multi-user.target
Alias=gophish.service
Next, create the log directory.
mkdir /var/log/gophish
Set the proper ownership for the Gophish installation as well as the log directory.
sudo chown -R gophish:gophish /opt/gophish/ /var/log/gophish/
Give Gophish binary capabilities to open port 80
sudo setcap cap_net_bind_service=+ep /opt/gophish/gophish
Reload Systemd Configurations
sudo systemctl daemon-reload
Start and enable Gophish service to run on system boot.
sudo systemctl start gophish
sudo systemctl enable gophish
Check Gophish service status
sudo systemctl status gophish
● gophish.service - GoPhish Service
Loaded: loaded (/etc/systemd/system/gophish.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2019-04-19 22:51:56 EAT; 4min 25s ago
Main PID: 2649 (sh)
Tasks: 6 (limit: 1117)
CGroup: /system.slice/gophish.service
├─2649 /bin/sh -c /opt/gophish/gophish >>/var/log/gophish/gophish.log 2>>/var/log/gophish/gophish.log
└─2650 /opt/gophish/gophish
Apr 19 22:51:56 u18server systemd[1]: Started GoPhish Service.
Great, until in our next article when we will cover how to run phishing campaigns with Gophish, you have learnt how to install Gophish on Ubuntu 18.04/Debian 9.8.
Thank you for the great article which was incredibly useful. I do however have one issue in that when I start GoPhish as a service, port 80 works just fine but I cannot connect to port 3333 despite changing the listen URL to “0.0.0.0:3333”.
Any assistance would be much appreciated!
Many thanks for the great tutorial which has been a lifesaver. The only thing I have an issue with is that the admin port (3333) despite being active on all interfaces within the configuration and working just fine when run from the command line, will not work when configured as a service. The service starts fine, the logs show that everything apparently started ok and requests to port 80 are fine and logged but port 3333 remains closed.
Any help would be gratefully received!
Hey guys. We will look into this issue and revert back as soon as possible.
Hey, i tried and when I do;
tail /var/log/gophish/gophish.log
…
time=”2019-09-07T17:33:45+03:00″ level=info msg=”Starting admin server at https://192.168.0.113:3333”
time=”2019-09-07T17:33:45+03:00″ level=info msg=”Starting phishing server at http://127.0.0.1:80”
And I can access gophish on https://192.168.0.113:3333.
Not sure why this is happening to your. Will look further into it.
is it able to bind to port 443?
Yes, as long as you define it on the listen URL