Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/l4rm4nd/phishdock
Automated Docker infrastructure with Gophish, Nginx Proxy Manager, Nginx and PHP
https://github.com/l4rm4nd/phishdock
docker gophish nginx nginx-fpm nginx-proxy-manager phishing php reverse-proxy
Last synced: 2 months ago
JSON representation
Automated Docker infrastructure with Gophish, Nginx Proxy Manager, Nginx and PHP
- Host: GitHub
- URL: https://github.com/l4rm4nd/phishdock
- Owner: l4rm4nd
- Created: 2022-12-14T11:44:15.000Z (about 2 years ago)
- Default Branch: master
- Last Pushed: 2022-12-15T15:51:13.000Z (about 2 years ago)
- Last Synced: 2023-03-03T10:22:24.336Z (almost 2 years ago)
- Topics: docker, gophish, nginx, nginx-fpm, nginx-proxy-manager, phishing, php, reverse-proxy
- Language: HTML
- Homepage:
- Size: 272 KB
- Stars: 4
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
Automated Docker infrastructure with Gophish, Nginx Proxy Manager, Nginx and PHP
## Usage
Just spawn up the PhishDock infrastructure via:
````
git clone https://github.com/l4rm4nd/PhishDock
cd PhishDock
docker compose up
````This will spawn up the following containers:
- Nginx Proxy Manager
- Used as SSL reverse proxy. Supports a management UI, Let's Encrypt, automated SSL certificate renewals and various APIs of popular DNS providers.
- Gophish
- Used as phishing framework. Supports a management UI to create phishing campaigns, landing pages, site cloning etc.
- Nginx
- Optional web server to provide awareness sites, redirect sites or custom web pages.
- PHP
- PHP support for the optional nginx web server**Note**: Nginx Proxy Manager is pre-configured and already defines three proxy hosts:
- `gophish.phishdock.com` is a proxy host for the Gophish admin backend UI. It uses an access list and is only accessible from local LAN IP ranges.
- `landing.phishdock.com` is a proxy host for Gophish landing pages provided by the Gophish docker container on TCP/80.
- `awareness.phishdock.com` is a proxy host for the nginx docker container. It serves the purpose of being able to create custom awareness pages to redirect on. For example after a victim submitted data on a Gophish landing page. The victim may then be redirected to this nginx docker container via NPM reverse proxy.SSL/TLS was not configured on purpose within the NPM container. All configured proxy host domains are imaginary and an example, please adjust. Gophish was not configured at all. Please adjust to your needs and setup. Do not forget to configure SSL/TLS as well as DNS (A-records, MX-records, PTR-record, SPF, DKIM, DMARC). Test your setup with an exemplary Gophish domain!
## Default credentials
### Nginx Proxy Manager
The Nginx Proxy Manager instance will be available at http://127.0.0.1:81.
The default login credentials are:
````
[email protected]:PhishDock!
````**Note**: You may change this default password at first login.
### Gophish
The Gophish instance will be available at http://127.0.0.1:3333.
The default login credentials are:
````
admin:PhishDock!
````**Note**: You must change this default password at first login.
## Goreport
After finishing a phishing campaign, one can use Goreport to extract statistics via the Gophish API. I've forked the Goreport GitHub repository and added support for Docker. The image is built by GitHub Actions and available on Dockerhub at `l4rm4nd/goreport`.
You can export a report via the following Docker run command:
````
docker run -it --network=phishdock_default --rm -v $(pwd):/opt l4rm4nd/goreport --id --format excel --combine --config /opt/goreport.config
````**Note**: Please adjust the `goreport.config` file to your needs. Place your API keys and validate the Gophish `gp_host` URL (HTTP vs. HTTPS).
## Considerations
### SSL Proxying
If you will use NPM to also proxy to the gophish admin backend on TCP/3333 with SSL, you must change the environment variables for gophish. In detail, when using a reverse proxy with SSL, the gophish admin backend on TCP/3333 must also run with SSL and you have to define your subdomain at `ADMIN_TRUSTED_ORIGINS` env variable. Otherwise, the login will brick and you won't be able to authenticate. Currently, plaintext HTTP is configured as default, which works only when no SSL certificates are in use.
If you want to proxy with SSL, modify the docker-compose.yml and adjust the following env variables for the gophish container:
````
- ADMIN_USE_TLS=true # set to true if you will use a reverse proxy with SSL; otherwise login will break
- ADMIN_TRUSTED_ORIGINS=gophish.phishdock.com # set to your subdomain name if you will use a reverse proxy with SSL; otherwise login will break
````### Visitor Real IP Address
It is usually recommended to put the gophish landing page behind Cloudflare CDN to obscure the phishing actor's server location.
If Cloudflare is used, you must uncomment the following configuration line at the proxy host's advanced section:
````
# if behind cloudflare, enable this
real_ip_header CF-Connecting-IP;
````Otherwise, gophish and the NPM logs in general will not obtain the correct IP address of your phishing victims. This will affect the phishing campaign's evaluation and IP analysis stats since the logged IP address will be one of Cloudflare's IPv4 or IPv6 range and not the real site visitor's IP address.
If you do not use Cloudflare, you may have to define an other HTTP client header like `X-Forwarded-For` to obtain the visitor's real IP. This requires further testings.