Cov yam ntxwv tshiab thiab hloov tshiab los ntawm GoPhish rau Kev Tshawb Fawb Txog Kev Ruaj Ntseg
Introduction
GoPhish yog ib qho yooj yim-rau-siv thiab pheej yig phishing simulator koj tuaj yeem ntxiv rau koj qhov kev cob qhia phishing. Tsis zoo li qee qhov nrov phishing simulators, GoPhish tau hloov kho tsis tu ncua nrog cov yam ntxwv tshiab. Hauv tsab xov xwm no, peb yuav mus dhau qee qhov tseem ceeb tshaj plaws tshiab nta txij li version 0.9.0.
Tshiab nta
- Ntxiv Trusted Keeb Kwm rau CSRF Handler GoPhish tam sim no tso cai hloov kho cov neeg tuaj yeem ntseeg hauv cov ntaub ntawv config.json. Qhov no tso cai rau koj ntxiv qhov chaw nyob uas koj xav tau los ntawm kev sib txuas tuaj. Qhov no yuav pab tau thaum tus nqi thauj khoom nce siab ua haujlwm TLS txiav tawm tsis yog daim ntawv thov nws tus kheej.
- Taw qhia cov ntawv txuas ntxiv los ntawm kev ntxiv GoPhish sib txawv rau hauv ntau hom ntaub ntawv uas tuaj yeem txuas rau emails. Piv txwv li, tam sim no nws muaj peev xwm suav nrog "Nyob zoo {{.FirstName}}, thov nyem qhov no: {{.URL}}" hauv cov ntaub ntawv Word lossis ntxiv cov pixels taug qab rau cov ntaub ntawv. Qhov no tam sim no yuav ceeb toom thaum cov neeg siv qhib cov ntaub ntawv txuas lossis qhib macros hauv Office cov ntaub ntawv. GoPhish txhawb nqa cov ntaub ntawv txuas ntxiv hauv qab no: docx, docm, pptx, xlsx, xlsm, txt, html, thiab ics.
- Ntxiv lub peev xwm los qhia ib lub hnab ntawv xa hauv cov qauv. Yog tias sab laug khoob, nws yuav poob rov qab rau SMTP-Los ntawm hauv Sender-settings. Qhov no tuaj yeem siv los hla kev kuaj xyuas SPF tab sis tseem xa email spoofing.
- Ua raws li txoj cai tswj hwm tus password yooj yim rau cov thawj coj thiab tshem tawm tus password "gophish". Hloov chaw, tus password thawj zaug yog tam sim no randomly generated thiab tso tawm nyob rau hauv lub davhlau ya nyob twg thaum launching Gophish thawj zaug. Yog tias tsim nyog, thawj tus password thiab API tus yuam sij tuaj yeem hla dhau los ntawm kev hloov pauv ib puag ncig.
- Ntxiv kev txhawb nqa rau webhooks. Los ntawm kev teeb tsa lub webhook, Gophish tuaj yeem xa HTTP thov mus rau qhov kawg tswj. Cov kev thov no suav nrog JSON lub cev ntawm cov xwm txheej sib raug, uas yog tib yam JSON uas koj ib txwm tau txais los ntawm API. Qhov kev txhim kho no muab cov kev hloov tshiab ntawm lub sijhawm tiag tiag ntawm cov phiaj xwm phiaj xwm. Qhov no muab kev hloov tshiab rau koj lub sijhawm tiag tiag rau koj cov phiaj xwm tsis tu ncua.
- Taw qhia lub peev xwm los teeb tsa IMAP cov ntsiab lus hauv Gophish, uas tso cai rau nqa cov phiaj xwm email thiab cim lawv raws li qhia.
xaus
Nrog cov yam ntxwv tshiab no, tam sim no koj tuaj yeem siv GoPhish muaj kev nyab xeeb dua thiab siv tau zoo. Raws li kev tshaj tawm ntxiv tuaj rau yav tom ntej, GoPhish yuav tseem yog lub cuab yeej tseem ceeb rau cov koom haum tab tom nrhiav kom ntxiv dag zog rau lawv cov kev cob qhia phishing.
