When to Use
- When conducting security assessments that involve performing red team phishing with gophish
- When following incident response procedures for related security events
- When performing scheduled security testing or auditing activities
- When validating security controls through hands-on testing
Prerequisites
- Familiarity with security operations concepts and tools
- Access to a test or lab environment for safe execution
- Python 3.8+ with required dependencies installed
- Appropriate authorization for any testing activities
Instructions
- Install dependencies:
pip install gophish requests
- Deploy GoPhish server and obtain an API key from Settings.
- Use the Python gophish library to automate campaign setup:
- Create email templates with HTML body and tracking
- Configure SMTP sending profiles
- Import target groups from CSV
- Create landing pages for credential capture
- Launch and monitor campaigns
- Analyze campaign results: opens, clicks, submitted data, reported.
# For authorized penetration testing and lab environments only
python scripts/agent.py --gophish-url https://localhost:3333 --api-key <key> --campaign-name "Q1 Awareness" --output phishing_report.json
Examples
Create Campaign via API
from gophish import Gophish
from gophish.models import Campaign, Template, Group, SMTP, Page
api = Gophish("api_key", host="https://localhost:3333", verify=False) # Self-signed cert on localhost lab
campaign = Campaign(name="Q1 Test", groups=[Group(name="Sales Team")],
template=Template(name="IT Password Reset"), smtp=SMTP(name="Internal SMTP"),
page=Page(name="Credential Page"))
api.campaigns.post(campaign)