{"id":18303532,"url":"https://github.com/gosecure/gophish-cli","last_synced_at":"2025-04-05T15:30:58.764Z","repository":{"id":97083461,"uuid":"81143682","full_name":"GoSecure/gophish-cli","owner":"GoSecure","description":"Gophish Python cli to perform huge phishing campaigns","archived":false,"fork":false,"pushed_at":"2018-10-19T08:52:39.000Z","size":73,"stargazers_count":40,"open_issues_count":2,"forks_count":8,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-03-21T06:33:24.515Z","etag":null,"topics":["campaign","phishing"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GoSecure.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-02-06T23:16:56.000Z","updated_at":"2024-02-16T20:06:28.000Z","dependencies_parsed_at":null,"dependency_job_id":"0d73eff4-7fee-4edf-a5b2-32577d5a45cf","html_url":"https://github.com/GoSecure/gophish-cli","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoSecure%2Fgophish-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoSecure%2Fgophish-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoSecure%2Fgophish-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoSecure%2Fgophish-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GoSecure","download_url":"https://codeload.github.com/GoSecure/gophish-cli/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247358449,"owners_count":20926221,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["campaign","phishing"],"created_at":"2024-11-05T15:25:57.620Z","updated_at":"2025-04-05T15:30:58.750Z","avatar_url":"https://github.com/GoSecure.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Gophish Python CLI\n\nThis tool aim to perform huge phishing campaigns by using the very respected gophish toolkit. If you need to run a campaign for more than 10 000 email addresses or need to split a batch of email addresses into smaller groups for any reasons (lower risks with anti-Spam, avoid being banned by IPS, bypass Email service limitations, etc.), that tool could help you!\n\nThe tool is based the [api-client-python](https://github.com/gophish/api-client-python) library.\n\nA reporting feature was recently added (2018-03-10) allowing users to generate statistics for your report. You can configure the tool to download apache logs, access sendgrid stats (including bounces, deffered, spam reports, etc.), access empire agents and correlate other useful data.\n\n\n## Installation\n\nTo begin, you need a gophish instance. Find more about the gophish project [here](https://github.com/gophish/gophish).\n\nTo install `gophish-cli`, simply run the command:\n\n```bash\ngit clone --recursive https://github.com/gosecure/gophish-cli\ncd gophish-cli/api-client-python\npip3 install -r requirements.txt --user\npython3 ./setup.py install --user\ncd ..\npip3 install -r requirements.txt --user\n```\n\nTo install `gophish-cli` in a virtualenv, run:\n\n```bash\ngit clone --recursive https://github.com/gosecure/gophish-cli\n\nvirtualenv ./gophish-cli\ncd gophish-cli\nsource bin/activate\n\ncd api-client-python\npip3 install -r requirements.txt\npython3 ./setup.py install\ncd ..\npip3 install -r requirements.txt\n```\n\nTo test harvested credentials on OWA, you will also need to install the [exchangelib](https://github.com/ecederstrand/exchangelib/) submodule.\n\n```bash\ncd exchangelib\npython3 ./setup.py install --user\n```\n\nIt is currently using a forked version of the [API library](https://github.com/gosecure/api-client-python/) for development purpose.\n\n\n## Configuration\n\nYou need the API key found in the [Settings page](https://gophish.gitbooks.io/user-guide/content/documentation/changing_user_settings.html#changing-your-password--updating-settings).\n\nThen run `cp config.default.py config.py` and edit the `config.py` file using your favourite text editor.\n\n### Step 1 - Connection to the gophish instance\n\n```python\nAPI_KEY = ''\nAPI_URL = 'http://127.0.0.1:3333\n```\n\n\n### Step 2 - Define the campaign parameters\n\nAs mentionned earlier, `gophish-cli` true power is for campaign spliting. Thus, the objects below must be created using the webUI:\n\n * Landing Page\n * Email Template\n * Sending Profile\n\nThe tool will take care of the email groups and campaigns creation. It will also let you retrieve statistics and credentials from the same batch.\n\nThe three parameters below should be configured based on the number of email addresses:\n\n * GROUP_SIZE: Number of email addresses per group. \n * START_INTERVAL: Interval before starting the first batch.\n * BATCH_INTERVAL: Interval between each batches.\n\n\n### Step 3 - Spam!\n\nThe most automated way to run the tool is as follow:\n\n```bash\n$ python3 ./gophish-cli.py campaign --start --new-groups\n[-] Preparing new groups creation.\n[-]   Campaign Name: JohnDoe\n[-]   File Path: /path/to/test_emails.txt\n[-]   Batch size: 30\n[-]   Group count: 4\nDo you want to continue? [y/N] y\n[-] Creating group \"JohnDoe - Group 1\" with 30 targets. First email is johndoe1@trash-mail.com\n[-] Creating group \"JohnDoe - Group 2\" with 30 targets. First email is johndoe31@trash-mail.com\n[-] Creating group \"JohnDoe - Group 3\" with 30 targets. First email is johndoe61@trash-mail.com\n[-] Creating group \"JohnDoe - Group 4\" with 10 targets. First email is johndoe91@trash-mail.com\n[-] Preparing to launch campaigns\n[-]   Campaign Name: JohnDoe\n[-]   Landing Page: LP - EN - aCampaign - JohnDoe\n[-]   Email Template: ET - EN - aCampaign - JohnDoe\n[-]   Sending Profile: imgonahackyou.com (provider X)\n[-]   URL: https://johndoe.imgonahackyou.com\n[-]   Group count: 4\n[-]   Launch Date: 2017-02-06 17:54:46.813515-05:00\n[-]   Time interval: 1 minute(s)\nDo you want to continue? [y/N] y\n[-] Launching campaign \"JohnDoe - Group 1\" at 2017-02-06 17:54:46.813515-05:00\n[-] Launching campaign \"JohnDoe - Group 2\" at 2017-02-06 17:55:46.813515-05:00\n[-] Launching campaign \"JohnDoe - Group 3\" at 2017-02-06 17:56:46.813515-05:00\n[-] Launching campaign \"JohnDoe - Group 4\" at 2017-02-06 17:57:46.813515-05:00\n```\n\n\n## Help\n\n```\n$ python3 ./gophish-cli.py -h               \nusage: gophish-cli.py [-h] [-v] [-c CONFIG] [-d]\n                      {group,campaign,creds,stats,report} ...\n\nGophish cli. Use this tool to quickly setup a phishing campaign using your\ngophish infrastructure.\n\npositional arguments:\n  {group,campaign,creds,stats,report}\n    group               Manage groups.\n    campaign            Manage campaigns.\n    creds               Manage credentials.\n    stats               Manage statss.\n    report              Generate report (currently multiple CSV files).\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -v, --version         show program's version number and exit\n  -c CONFIG, --config CONFIG\n                        Alternative config file. Default is config.py (Not\n                        implemented yet)\n  -d, --debug           Run the tool in debug mode\n```\n\nEvery positional arguments have its own help page. For example: `./gophish-cli.py campaign -h`. Read them for more details. \n\n\n## Post-campaign useful commands\n\nTo get results\n\n```\n$ python3 ./gophish-cli.py campaign --results\n[-] Exported 2492 timeline entries to /some/path/campaign_results_JohnDoe.csv\n[-] Exported 40 credentials to /some/path/campaign_creds_JohnDoe.csv.\n```\n\nTo print credentials\n\n```\n$ python3 ./gophish-cli.py creds --print\n+---------------------+--------------+------------+\n| Email               | User         | Pass       |\n+---------------------+--------------+------------+\n| mdube@gosecure.ca   | mdube        | P@$$w0rd1! |\n| somebody@gouv.qc.ca | lddoei       | Winter2017 |\n| ...                 | ...          | ...        |\n+---------------------+--------------+------------+\n```\n\n\nTo test credentials by using OWA\n\n```\n$ python3 ./gophish-cli.py creds --test-owa\n[-] **WARNING**\n[-] Too many attempts could lock accounts. Be easy with this feature.\n[-]\n[-] Preparing to test credentials on OWA\n[-]   Campaign Name: Mart\n[-]   OWA Domain: LAB\n[-]   OWA Server: owa.lab.local\n[-]   Credentials count: 123\nDo you want to continue? [y/N] y\nLAB\\user1 - Fall2008: Successful login\nLAB\\user2 - Milhouse44$: Failed login\n...\n```\n\n\nTo get source IP addresses\n\n```\n$ python3 ./gophish-cli.py stats --targets-ip\n\n+------------------------+-----------+\n| IP Address             | Hit Count |\n+------------------------+-----------+\n| No IP. Email Sent Only |    1251   |\n| 31.10.39.30            |     50    |\n| 2.21.14.65             |     2     |\n| ...                    |    ...    |\n+------------------------+-----------+\n```\n\n## Reporting\n\nPhishing is fun but often comes with a reporting phase. Once configured, the reporting feature is a great kickstarter for your report.\n\n```\n$ ./gophish-cli.py -d report\n\nDEBUG    Arguments: Namespace(action='report', config=None, debug=True)\nINFO     Getting 1 campaign timelines for Client X\nDEBUG      Got 7605 events\nINFO     Getting 1 campaign results for Client X\nDEBUG      Got 4820 events\nINFO     Generating report.\nINFO     Setting up folders\nDEBUG    Creating folder: /home/user/client/phishing/report_20180310-133544/\nDEBUG    Creating folder: /home/user/client/phishing/report_20180310-133544/apache_logs/\nINFO     Downloading apache logs\nDEBUG    [SSH] Attempting to authenticate\nDEBUG    [SSH] Trying ssh-agent key \u003csome fingerprint\u003e\nDEBUG    [SSH]... success!\nDEBUG    [SSH] Authentication successful\nDEBUG    [SSH] Changing directory: /var/log/apache2/\nDEBUG    [SSH] Downloading: meh.domain.com.access.log\nDEBUG    [SSH] Downloading: meh.domain.com.access.log.1\nDEBUG    [SSH] Downloading: meh.domain.com.error.log\nDEBUG      Got 119 lines\nINFO     Getting Sendgrid Stats\nINFO     Getting Empire Agents\nDEBUG      Got 82 agents\nINFO     Extracting stats\nINFO     Printing Report\nRaw Data: \n\n  Timeline: \n    First Event: 2018-03-09 08:09:46\n    Last Event: 2018-03-10 09:20:15\n    Email sent: 6165\n    Email opened: 1052\n    Clicked Link: 238\n    Submitted Data: 149\n    Unique Email opened: 188\n    Unique Clicked Link: 158\n    Unique Submitted Data: 103\n    Source IPs: \n      None (6166)\n      1.2.3.4 (800)\n      5.6.7.8 (225)\n      ...\n\n  Sendgrid stats:\n    Blocks: 13\n    Bounce Drops: 188\n    Bounces: 98\n    Clicks: 0\n    Deffered: 10\n    Delivered: 5101\n    Invalid Emails: 0\n    Open: 1227\n    Processed: 6014\n    Requests: 6068\n    Spam Report Drops: 0\n    Spam Reports: 0\n    Unique Clicks: 0\n    Unique Opens: 193\n    Subscribe Drops: 0\n    Unsubscribes: 0\n\n  Apache: \n    Malware Download: 149\n    Source IPs: \n      1.2.3.4 (123)\n      5.6.7.8 (45)\n\n  Empire: \n    Agents count: 82\n    Agents HighPriv count: 10\n    Unique Agents username count: 78\n    Unique Agents Hostnames count: 76\n    OS Details: \n      Microsoft Windows 7 Professional  (75)\n      Microsoft Windows 10 Enterprise (4)\n      Microsoft Windows 10 Home (1)\n      Microsoft Windows 7 Ultimate  (1)\n      Microsoft Windows 10 Pro (1)\n    Source IPs: \n      1.2.3.4 (40)\n      5.6.7.8 (10)\n      ...\n\nAnalyzed Data: \n\n  Conversion Percentage:\n    Email Received (6165) -\u003e Email Opened (1052): 17.06\n    Email Open (1052) -\u003e Link Clicked (158): 15.02\n    Page Visit (158) -\u003e Send Credentials (103): 65.19\n    Malware Download (149) -\u003e Malware Execution (78) (Empire): 52.35\n    Malware Download (149) -\u003e Malware Execution (0) (Msf): 0.0\n    Malware Download (149) -\u003e Malware Execution (0) (Cobalt): 0.0\n```\n\n## Known issues \u0026 Troubleshooting\n\n### Issues with Outlook 365\n\nOutlook 365 limit the number of email sent per connection to 30. `GROUP_SIZE` must be set to 30 when using this provider.\n\n### Emails keep the status \"Sending\"\n\nOn previous version of gophish (\u003c 0.5), some email addresses were stuck with status \"Sending\" if too many emails were sent at once. The fix was to split in groups of 100 and put a delay between each waves. \n\nExample: `GROUP_SIZE=100` and `BATCH_INTERVAL=5`\n\n### My emails are flagged as SPAM.\n\nTest your campaign here: [https://www.mail-tester.com/](https://www.mail-tester.com/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgosecure%2Fgophish-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgosecure%2Fgophish-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgosecure%2Fgophish-cli/lists"}