Gophish MODs

Modify Gophish to Bypass Detection

Was recently working on a Phishing Engagement. I always modified Gophish manually to evade detection. This time I thought of the principle, "Don't Do Anything Twice: When it Makes Sense to Automate" . Before I started manually typing scripts I searched for gold (basically if someone else tried to do it). I found this amazing docker-compose file which does all of the things which I wanted to do.

So I'm stealing work? Probably yeah !! I dont want docker so I'll probably just extract useful content from the docker-container file and run it on my gophish server 🤷‍♂️

#clone gophish
git clone

#Get a Custom 404 Page
wget "" -O "404.html"

#Get a Custom  Phish.go
wget "" -O "phish.go"

#copy Custom Phish.go
rm gophish/controllers/phish.go
mv phish.go gophish/controllers/phish.go

#Copy new 404.html
mv 404.html gophish/templates/404.html

cd gophish

sed -i 's/X-Gophish-Contact/X-Contact/g' models/email_request_test.go
sed -i 's/X-Gophish-Contact/X-Contact/g' models/maillog.go
sed -i 's/X-Gophish-Contact/X-Contact/g' models/maillog_test.go
sed -i 's/X-Gophish-Contact/X-Contact/g' models/email_request.go

# Stripping X-Gophish-Signature
sed -i 's/X-Gophish-Signature/X-Signature/g' webhook/webhook.go

# Changing servername
sed -i 's/const ServerName = "gophish"/const ServerName = "IGNORE"/' config/config.go

# Changing rid value
read -p 'Custom RID Parameter: ' uservar
sed -i 's/const RecipientParameter = "rid"/const RecipientParameter = "'$uservar'"/g' models/campaign.go

go build

Acknowledgements for his amazing sneaky_gophish repository

Vincent Yiu for his support and guidance always

Last updated