Central InfoSec Cyber Security

Central InfoSec

Central InfoSec Penetration Testing

GoPhish Phishing Server Setup

Setup a GoPhish phishing server to run custom phishing campaigns and raise security awareness using the steps below.

This blog provides an introduction to GoPhish and does not highlight the following configurations: mail server, DNS, SPF, DKIM, DMARC, HTTPS, or GoPhish IOCs.

Create a new directory

mkdir gophish && cd gophish

Download GoPhish

wget --no-check-certificate -O gophish.zip https://github.com/gophish/gophish/releases/download/v0.12.1/gophish-v0.12.1-linux-64bit.zip

Install unzip

sudo apt install -y unzip

Unzip GoPhish

unzip gophish.zip && rm gophish.zip

Change "listen_url" from "" to ""

sed -i -e "s/127\.0\.0\.1:3333/0\.0\.0\.0:3333/g" config.json

WARNING: The command above exposes the admin interface. Exposing the admin interface to the Internet should only be used if needed. Before exposing the admin server to the Internet, it's highly recommended to change the default password. It is also highly recommended to use a firewall to restrict source IP addresses. You can also use the "phish_server.trusted_origins" option to add IP addresses that you expect incoming connections to come from.

Start the GoPhish Server

Start GoPhish

chmod +x gophish
# Browse to https://localhost:3333

Setup a Phishing Campaign

  • Create a Target Group
  • Create a Sending Profile
  • Create a Landing Page
  • Create an Email Template
  • Create a Phishing Campaign
  • Generate Reports
  • Calculate Metrics

Hook Security Co. Phishing Resources

50+ Free Phishing Examples


Central InfoSec Phishing Resources

GoPhish - Server Setup & Custom Reporting

GoPhish Phishing Server Setup


Create Custom Phishing Reports from GoPhish Results


Excel Workbook Idea to Automate the Management of Phishing Campaign Reporting and Historical Metrics


Slack - Live Phishing Notifications

Slack Notifications for Phished Credentials in Real Time


Cobalt Strike - Phishing

Cobalt Strike Phishing Profiler Aggressor Script


Cobalt Strike Phishing Reporting


Keyloggers for Phishing

Setup a Keylogger to Capture Credentials and Bypass Two-Factor Authentication (2FA) for Phishing - v2


Setup a Keylogger to Capture Credentials and Bypass Two-Factor Authentication (2FA) for Phishing - v1


Other Phishing Tools

Send & Track Phishing Emails


Setup a Mail Server for Phishing


Test for Open Mail Relays that can be Leveraged for Phishing


Generate Email Addresses by Scraping LinkedIn


Create a Let’s Encrypt SSL Certificate using Certbot for Phishing


Central InfoSec - Pen Test & Red Team Services

Central InfoSec named Best Boutique Pen Test Company in the Global 100 Awards.

Best Boutique Pentesting Companies Central InfoSec

Contact Central InfoSec Today!

Don't wait for a data breach to invest into your cybersecurity.

Central InfoSec can uncover your vulnerabilities before the cyber criminals do!