Merge with base

.github/workflows/ci.yml

@@ -0,0 +1,36 @@
+name: CI
+on:
+  - pull_request
+  - push
+jobs:
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        goVer: [1.21, 1.22, 1.23]
+
+    steps:
+    - name: Set up Go ${{ matrix.goVer }}
+      uses: actions/setup-go@v5
+      with:
+        go-version: ${{ matrix.goVer }}
+      id: go
+
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v4
+
+    - name: Get dependencies
+      run: |
+        go get -v -t -d ./...
+        go get gopkg.in/check.v1
+
+    - name: Build
+      run: go build -v .
+
+    - name: Format
+      run: diff -u <(echo -n) <(gofmt -d .)
+
+    - name: Test
+      run: go test ./...

.github/workflows/release.yml

@@ -0,0 +1,153 @@
+name: Build Gophish Release
+on:
+    release:
+        types: [created]
+
+jobs:
+    build:
+        name: Build Binary
+        runs-on: ${{ matrix.os }}
+        strategy:
+            matrix:
+                os: [windows-latest, ubuntu-latest, macos-latest]
+                arch: ['386', amd64]
+                # We sometimes use different verbiage for things (e.g. "darwin"
+                # for the GOOS build flag and "osx" in the actual release ZIP).
+                # We need to specify those here.
+                include:
+                    - os: windows-latest
+                      goos: windows
+                      bin: 'gophish.exe'
+                      releaseos: windows
+                    - os: ubuntu-latest
+                      goos: linux
+                      bin: 'gophish'
+                      releaseos: linux
+                    - os: macos-latest
+                      goos: darwin
+                      bin: 'gophish'
+                      releaseos: osx
+                # Don't build windows-32bit due to missing MinGW dependencies
+                # Don't build osx-32bit due to eventual drop in Go support
+                exclude:
+                    - os: windows-latest
+                      arch: '386'
+                    - os: macos-latest
+                      arch: '386'
+        steps:
+            - name: Set up Go
+              uses: actions/setup-go@v2
+              with:
+                go-version: 1.22
+            - if: matrix.os == 'ubuntu-latest'
+              run: sudo apt-get update && sudo apt-get install -y gcc-multilib
+            - if: matrix.arch == '386'
+              run: echo "RELEASE=gophish-${{ github.event.release.tag_name }}-${{ matrix.releaseos }}-32bit" >> $GITHUB_ENV
+            - if: matrix.arch == 'amd64'
+              run: echo "RELEASE=gophish-${{ github.event.release.tag_name }}-${{ matrix.releaseos }}-64bit" >> $GITHUB_ENV
+            - if: matrix.os == 'windows-latest'
+              run: echo "RELEASE=gophish-${{ github.event.release.tag_name }}-${{ matrix.releaseos }}-64bit" | Out-File -FilePath $env:GITHUB_ENV -Append # https://github.com/actions/runner/issues/1636
+            - uses: actions/checkout@v4
+            - name: Build ${{ matrix.goos }}/${{ matrix.arch }}
+              run: go build -o ${{ matrix.bin }}
+              env:
+                GOOS: ${{ matrix.goos }}
+                GOARCH: ${{ matrix.arch }}
+                CGO_ENABLED: 1
+            - name: Upload to artifacts
+              uses: actions/upload-artifact@v4
+              with:
+                name: ${{ env.RELEASE }}
+                path: ${{ matrix.bin }}
+
+    package:
+        name: Package Assets
+        runs-on: ubuntu-latest
+        needs: build
+        steps:
+            - uses: actions/checkout@v4
+            - uses: actions/download-artifact@v4
+              with:
+                path: bin
+            - name: Package Releases
+              run: |
+                mkdir releases;
+                for RELEASE_DIR in bin/*
+                do
+                  echo "Creating release $RELEASE_DIR"
+                  for BINARY in $RELEASE_DIR/*
+                  do
+                    cp $BINARY .;
+                    zip -r releases/$(basename $RELEASE_DIR).zip \
+                      $(basename ${BINARY}) \
+                      static/js/dist \
+                      static/js/src/vendor/ckeditor \
+                      static/css/dist \
+                      static/images \
+                      static/font \
+                      static/db \
+                      db \
+                      templates \
+                      README.md \
+                      VERSION \
+                      LICENSE \
+                      config.json;
+                    rm $BINARY;
+                  done
+                done
+            - name: Upload to artifacts
+              uses: actions/upload-artifact@v4
+              with:
+                name: releases
+                path: releases/*.zip
+
+    upload:
+        name: Upload to the Release
+        runs-on: ubuntu-latest
+        needs: package
+        steps:
+            - uses: actions/download-artifact@v4
+              with:
+                name: releases
+                path: releases/
+            # I would love to use @actions/upload-release-asset, but they don't
+            # support wildcards in the asset path. Ref #9, #24, and #47
+            - name: Upload Archives to Release
+              env:
+                UPLOAD_URL: ${{ github.event.release.upload_url }}
+                API_HEADER: "Accept: application/vnd.github.v3+json"
+                AUTH_HEADER: "Authorization: token ${{ secrets.GITHUB_TOKEN }}"
+              run: |
+                UPLOAD_URL=$(echo -n $UPLOAD_URL | sed s/\{.*//g)
+                for FILE in releases/*
+                do
+                  echo "Uploading ${FILE}";
+                  curl \
+                    -H "${API_HEADER}" \
+                    -H "${AUTH_HEADER}" \
+                    -H "Content-Type: $(file -b --mime-type ${FILE})" \
+                    --data-binary "@${FILE}" \
+                    "${UPLOAD_URL}?name=$(basename ${FILE})";
+                done
+            - name: Generate SHA256 Hashes
+              env:
+                API_HEADER: "Accept: application/vnd.github.v3+json"
+                AUTH_HEADER: "Authorization: token ${{ secrets.GITHUB_TOKEN }}"
+                RELEASE_URL: ${{ github.event.release.url }}
+              run: |
+                HASH_TABLE="| SHA256 Hash | Filename |"
+                HASH_TABLE="${HASH_TABLE}\n|-----|-----|\n"
+                for FILE in releases/*
+                do
+                  FILENAME=$(basename ${FILE})
+                  HASH=$(sha256sum ${FILE} | cut -d ' ' -f 1)
+                  HASH_TABLE="${HASH_TABLE}|${HASH}|${FILENAME}|\n"
+                done
+                echo "${HASH_TABLE}"
+                curl \
+                  -XPATCH \
+                  -H "${API_HEADER}" \
+                  -H "${AUTH_HEADER}" \
+                  -H "Content-Type: application/json" \
+                  -d "{\"body\": \"${HASH_TABLE}\"}" \
+                  "${RELEASE_URL}";

.gitignore

@@ -13,6 +13,7 @@ node_modules
 # Architecture specific extensions/prefixes
 *.[568vq]
 [568vq].out
+.DS_Store
 
 *.cgo1.go
 *.cgo2.c
@@ -27,4 +28,4 @@ gophish_admin.key
 
 *.exe
 gophish.db*
-gophish
+gophish

Dockerfile

@@ -10,7 +10,7 @@ RUN gulp
 
 
 # Build Golang binary
-FROM golang:1.11 AS build-golang
+FROM golang:1.15.2 AS build-golang
 
 WORKDIR /go/src/github.com/gophish/gophish
 COPY . .
@@ -23,7 +23,7 @@ FROM debian:stable-slim
 RUN useradd -m -d /opt/gophish -s /bin/bash app
 
 RUN apt-get update && \
-	apt-get install --no-install-recommends -y jq libcap2-bin && \
+	apt-get install --no-install-recommends -y jq libcap2-bin ca-certificates && \
 	apt-get clean && \
 	rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
@@ -40,6 +40,6 @@ USER app
 RUN sed -i 's/127.0.0.1/0.0.0.0/g' config.json
 RUN touch config.json.tmp
 
-EXPOSE 3333 8080 8443
+EXPOSE 3333 8080 8443 80
 
 CMD ["./docker/run.sh"]

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2013-2017 Jordan Wright
+Copyright (c) 2013-2020 Jordan Wright
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software ("Gophish Community Edition") and associated documentation files (the "Software"), to deal in

README.md

@@ -3,7 +3,7 @@
 Gophish
 =======
 
-[![Build Status](https://travis-ci.org/gophish/gophish.svg?branch=master)](https://travis-ci.org/gophish/gophish) [![GoDoc](https://godoc.org/github.com/gophish/gophish?status.svg)](https://godoc.org/github.com/gophish/gophish)
+![Build Status](https://github.com/gophish/gophish/workflows/CI/badge.svg) [![GoDoc](https://godoc.org/github.com/gophish/gophish?status.svg)](https://godoc.org/github.com/gophish/gophish)
 
 Gophish: Open-Source Phishing Toolkit
 
@@ -14,15 +14,21 @@ Gophish: Open-Source Phishing Toolkit
 Installation of Gophish is dead-simple - just download and extract the zip containing the [release for your system](https://github.com/gophish/gophish/releases/), and run the binary. Gophish has binary releases for Windows, Mac, and Linux platforms.
 
 ### Building From Source
-**If you are building from source, please note that Gophish requires Go v1.9 or above!**
+**If you are building from source, please note that Gophish requires Go v1.10 or above!**
 
-To build Gophish from source, simply run ```go get github.com/gophish/gophish``` and ```cd``` into the project source directory. Then, run ```go build```. After this, you should have a binary called ```gophish``` in the current directory.
+To build Gophish from source, simply run ```git clone https://github.com/gophish/gophish.git``` and ```cd``` into the project source directory. Then, run ```go build```. After this, you should have a binary called ```gophish``` in the current directory.
 
 ### Docker
-You can also use Gophish via an unofficial Docker container [here](https://hub.docker.com/r/matteoggl/gophish/).
+You can also use Gophish via the official Docker container [here](https://hub.docker.com/r/gophish/gophish/).
 
 ### Setup
-After running the Gophish binary, open an Internet browser to https://localhost:3333 and login with the default username (admin) and password (gophish).
+After running the Gophish binary, open an Internet browser to https://localhost:3333 and login with the default username and password listed in the log output.
+e.g.
+```
+time="2020-07-29T01:24:08Z" level=info msg="Please login with the username admin and the password 4304d5255378177d"
+```
+
+Releases of Gophish prior to v0.10.1 have a default username of `admin` and password of `gophish`.
 
 ### Documentation
 
@@ -38,7 +44,7 @@ Gophish - Open-Source Phishing Framework
 
 The MIT License (MIT)
 
-Copyright (c) 2013 - 2018 Jordan Wright
+Copyright (c) 2013 - 2020 Jordan Wright
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software ("Gophish Community Edition") and associated documentation files (the "Software"), to deal

SECURITY.md

@@ -0,0 +1,9 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Thank you for taking the time to find and report a security vulnerability in Gophish!
+
+I'd ask that you please send me an email with the details at [email protected] rather than posting any details in the public issue tracker.
+
+I'll happily work with you to get the vulnerability resolved as quickly as possible, and will be sure to credit you (if you'd like!) in the release notes for the following release.

VERSION

@@ -1 +1 @@
-0.7.1
+0.12.1

ansible-playbook/README

@@ -1,4 +1,4 @@
-Tested on Ubuntu 16.04.4.
+Tested on Ubuntu 20.04 LTS.
 
 Installs Postfix (to listen on localhost only) and the latest Linux gophish binary.  setcap is used to allow the gophish binary to listen on privileged ports without running as root.
 
@@ -17,7 +17,7 @@ ansible-playbook site.yml -i hosts -u root --private-key=private.key
 ansible-playbook site.yml -i hosts -u root --ask-pass
 
 # Log in as non-root user with SSH key (if root login has been disabled)
-ansible-playbook site.yml -i hosts --private-key=private.key -u user --become --ask-sudo-pass
+ansible-playbook site.yml -i hosts --private-key=private.key -u user --become --ask-become-pass
 
 # Logging in as non-root user without SSH keys
-ansible-playbook site.yml -i hosts -u ubuntu --ask-pass --become --ask-sudo-pass
+ansible-playbook site.yml -i hosts -u ubuntu --ask-pass --become --ask-become-pass

ansible-playbook/roles/gophish/files/config.json

@@ -1,17 +1,22 @@
 {
-    "admin_server" : {
-        "listen_url" : "127.0.0.1:3333",
-        "use_tls" : true,
-        "cert_path" : "gophish_admin.crt",
-        "key_path" : "gophish_admin.key"
-    },
-    "phish_server" : {
-        "listen_url" : "0.0.0.0:80",
-        "use_tls" : false,
-        "cert_path" : "example.crt",
-        "key_path": "example.key"
-    },
-    "db_name" : "sqlite3",
-    "db_path" : "gophish.db",
-    "migrations_prefix" : "db/db_"
+	"admin_server": {
+		"listen_url": "127.0.0.1:3333",
+		"use_tls": true,
+		"cert_path": "/etc/ssl/crt/gophish.crt",
+		"key_path": "/etc/ssl/private/gophish.pem"
+	},
+	"phish_server": {
+		"listen_url": "127.0.0.1:8080",
+		"use_tls": true,
+		"cert_path": "/etc/ssl/crt/gophish.crt",
+		"key_path": "/etc/ssl/private/gophish.pem"
+	},
+	"db_name": "sqlite3",
+	"db_path": "gophish.db",
+	"migrations_prefix": "db/db_",
+	"contact_address": "",
+	"logging": {
+		"filename": "gophish.log",
+		"level": ""
+	}
 }