http://open-source-security-software.net/project/gophish/releases.atom 2025-04-24T06:52:20.054672+00:00 python-feedgen gophish v0.1 2016-01-13T02:26:14+00:00 # gophish v0.1 - alpha This is the alpha release of gophish. It contains all the functionality needed to create and launch a realistic simulated phishing campaign and record the results. 2016-01-13T02:26:14+00:00 gophish v0.1.1 2016-02-01T13:00:11+00:00 ### It's finally here! This release is the first public beta release of gophish. We are excited about all the awesome features this release brings, and are excited for you to give it a spin. Here are just a few of the added features since the initial alpha pre-release: - Added the _timeline_ feature for campaign results - Added default tracking to email templates - Added additional events (such as when errors occur) - Added the ability to access admin server/ phishing server over TLS - Multiple UI fixes/tweaks (datatables, etc.) - Added the ability to export results as CSV These features came in the form of over 10 pull requests, and over 30 closed issues. In addition to the added software features, we launched our [public website!](https://getgophish.com) We will be updating the [blog](https://getgophish.com/blog/) periodically with software updates as well as engineering notes. You can find our official release announcement [here.](https://getgophish.com/blog/post/release-0.1.1/) ### We want to hear from you! Have questions, comments, or feature ideas about gophish? Let us know by [filing an issue](https://github.com/gophish/gophish/issues) directly, or contacting us through [our support page](https://getgophish.com/support). ### Enjoy! 2016-02-01T13:00:11+00:00 gophish v0.1.2 2016-04-21T00:30:06+00:00 ### Say Hello to the New gophish This is the second release of gophish, and we couldn't be more excited! In this release, you'll find insanely cool features, numerous bug (or **feature**) fixes, and more. Here are just a few of the added features since our last release: - Added the ability to capture credentials with just a click - Added the ability to store SMTP settings - Added polling on the campaign results page for near-realtime updates - Added the ability to ignore SMTP server certificate errors - Multiple UI fixes/tweaks (datatables, etc.) These features came in the form of over [15 pull requests](https://github.com/gophish/gophish/pulls?q=is%3Apr+milestone%3A%22Release+0.1.2%22+is%3Aclosed), and [56 closed issues](https://github.com/gophish/gophish/issues?q=is%3Aissue+milestone%3A%22Release+0.1.2%22+is%3Aclosed). This release is awesome, and you should feel awesome for using it. ### How to Upgrade To upgrade, simply download the release for your platform, extract into a folder, and copy your existing `gophish.db` file into the new directory. Then, run the new gophish binary and you'll be good to go! Now, one more thing: ### We want to hear from you! Have questions, comments, or feature ideas about gophish? Let us know by [filing an issue](https://github.com/gophish/gophish/issues) directly, or contacting us through [our support page](https://getgophish.com/support). ### Enjoy! 2016-04-21T00:30:06+00:00 gophish v0.2.0 2016-11-14T04:44:21+00:00 ### Say Hello to the New Gophish. Sorry for the wait. We promise it was worth it. This release marks Gophish's 3 year anniversary. When I first set out to build Gophish, I wanted to create the best phishing framework possible. This release gets us one step closer to that goal. We've been busy! Here are just some of the new features in this release: - Now sending emails faster via `gomail` - Introduced beautiful modal dialogs via `sweetalert2` - Can now schedule campaigns - Can now mark a campaign as complete - Automatically converting `<a>` tags in imported emails to point to Gophish listener - Added Redirect URL to redirect users after they submit credentials In addition to new features, we've also fixed a ton of bugs including: - Stored XSS vulnerabilities (only affected admin) - Fixed issue where attachments weren't sent in campaigns [Here](https://github.com/gophish/gophish/issues?page=2&q=is%3Aissue+milestone%3A%22Release+0.2%22+is%3Aclosed) are all issues we closed during this release. ### Moving Forward There are a couple of important things to note moving forward: #### No longer providing email support I want to provide the best support possible for gophish. While I like the idea of email support, it's just not the right way to move forward with gophish for a few reasons. Specifically, I want support cases to be transparent so that the community can work together to solve them. If I receive an email, it's completely subject to me remembering to respond to it when I can _if I remember_. I also found that I receive a significant amount of duplicate questions via email. Responding to each of these takes up cycles that could otherwise be spent innovating on Gophish features. That being said, feel free to send nice words about gophish to our email address, but from now on all support tickets will be required to go through our Github issues, where all of them have been and will continue to be responded to. 😄 #### Moving Documentation You'll notice that this release no longer contains a PDF of our User Guide. I'm experimenting with different ways to open up documentation to changes from the community. Right now, I've moved nearly everything to our [wiki](https://github.com/gophish/gophish/wiki), but will continue tracking down the right fit for the Gophish documentation. **Update 12/14 - All documentation is being moved to our Gitbooks repo here: [https://www.gitbook.com/@gophish](https://www.gitbook.com/@gophish)** ### How to Upgrade To upgrade, simply download the release for your platform, extract into a folder, and copy (**remember to copy, not move so that you have a backup**) your existing `gophish.db` file into the new directory. Then, run the new gophish binary and you'll be good to go! Now, one more thing: ### We want to hear from you! Have questions, comments, or feature ideas about gophish? Let us know by [filing an issue](https://github.com/gophish/gophish/issues) directly, or contacting us through [our support page](https://getgophish.com/support). ### Enjoy! 2016-11-14T04:44:21+00:00 gophish v0.3.0 2017-03-02T02:44:33+00:00 ### Say Hello to the New Gophish. > tl;dr - New version of Gophish. Tons of features. Binaries can be found below. 😄 We're excited to announce Gophish v0.3.0. This release is packed with updates, so we think you'll really enjoy it. ### New Features Here are just some of the new features in this release: - More granular result status (e.g. "Submitted Data" and "Clicked Link" instead of "Success") - Support for custom SMTP headers - Performance improvements and "summary" API endpoints - Automatic SSL certificate creation - Support for MySQL - Now using select2 instead of typeahead.js when building a campaign - Shorter result ID's - A whole bunch of bug fixes! ### A Python API Client! To make working with the API even easier, we've developed an official [Python API client.](https://github.com/gophish/api-client-python). This will make it easier to orchestrate Gophish to create, launch, and manage campaigns. ### Community Contributions Gophish has an incredible community. I wanted to make a spot in these release notes to call out some key contributions that helped make this release amazing: - @chrismaddalena has created an awesome tool called [GoReport](https://github.com/chrismaddalena/goreport) that leverages the Gophish API to generate campaign reports. - @LarryGrim has created a[ _comprehensive_ guide](http://tinyurl.com/PhishCampaign) on building a simulated phishing program from scratch. - @S0larflare and @snori74 have done an outstanding job of always being quick to answer new issues as they are reported. Thank you both so much! - @svigne1 has contributed performance improvements, as well as the MySQL support! ### Documentation has moved All documentation is being moved to our Gitbooks repo here: [https://www.gitbook.com/@gophish](https://www.gitbook.com/@gophish). Gitbooks allows us to easily manage our documentation and publish both online hosted docs, as well as downloadable PDFs. We're still finalizing our docs, so please bear with us as we make sure everything is fully documented - especially related to API endpoints. ### How to Upgrade To upgrade, simply download the release for your platform, extract into a folder, and copy (**remember to copy, not move so that you have a backup**) your existing `gophish.db` file into the new directory. Then, run the new gophish binary and you'll be good to go! Now, one more thing: ### We want to hear from you! Have questions, comments, or feature ideas about Gophish? Let us know by [filing an issue](https://github.com/gophish/gophish/issues) directly. ### Enjoy! 2017-03-02T02:44:33+00:00 gophish v0.4.0 2017-09-18T13:44:24+00:00 ### Gophish Just Got Better. > tl;dr - New version of Gophish. Lots of improvements. Binaries can be found below. 😄 We're excited to announce v0.4.0 of Gophish! This release fixes all sorts of pesky bugs, gives 100% more donut charts and 100% fewer useless maps. Give it a shot! We think you'll really like it. ### Big Changes This release doesn't come with any completely new features but we still made big changes we think you'll like. * The target map is now an optional feature. We realized that most tests are internal and that even if it's an external test, the map simply takes up space. Now, you can re-enable it in the "Settings" page. (#747) * We've moved all charts from Chartist.js to Highcharts. Highcharts is a well established library that gives good performance and tons of great features. So, for example, now the campaign timeline is fully zoomable. 🎊  * We also split out the results status donut chart into multiple charts - one for each status. Previously the results were a bit misleading since we only showed the final status. Now, we show the counts for every status! And hey, who doesn't love more donuts? (#680)  * Datetimes are now stored in UTC format in the database. So, the API will now return dates in UTC as opposed to the browser's local time zone. This gives us more consistency in the case where browser's and servers have different time zones when campaigns are scheduled. It's worth noting that we adjust the times on the frontend so that all campaigns and scheduling in the browser still show local time. We just convert everything to UTC for storage. (#316) * We changed the font size in the UI from 18px to 16px. This should give a bit more space and improve the look and feel. I guess this was a 😎 _small change_. ### New Website! We just launched the new version of our website at [getgophish.com](https://getgophish.com). This was created with hand crafted _artisanal_ HTML, so be sure to check it out. ### How to Upgrade To upgrade, simply download the release for your platform, extract into a folder, and copy (**remember to copy, not move so that you have a backup**) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go! Now, one more thing: ### We want to hear from you! Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue directly. ### Enjoy! Details: | SHA1 Hash | Filename | | ------------- |-------------| | 0254e5b9a1febc34611271cc0b56e42c5b9d4bb1 | gophish-v0.4-darwin-32bit.zip |80a6017a0080aaacf2ceb042a78e67e301bba623 | gophish-v0.4-darwin-64bit.zip |4502fa44fe0a7ea0e9defcc49f33fe76fbf5bac4 | gophish-v0.4-linux-32bit.zip |252f0f2d7712d83c3495734b6e74485f0f3f35d9 | gophish-v0.4-linux-64bit.zip |db5324935450e5a8377c81d213c59937a594e551 | gophish-v0.4-windows-32bit.zip |4d9082b97ca9fd36c8195a536f45197b07b37989 | gophish-v0.4-windows-64bit.zip 2017-09-18T13:44:24+00:00 gophish v0.5.0 2018-01-27T21:06:46+00:00 ### Gophish Just Got Better. > tl;dr - New version of Gophish. Lots of improvements. Binaries can be found above. 😄 We're excited to announce v0.5.0 of Gophish! This release fixes all sorts of pesky bugs, and includes some big changes to the way emails are handled. ### Big Changes We've **completely redone** the way emails are sent by Gophish. In previous versions, we made a single pass at sending campaign emails. If anything went wrong, the rest of the emails would fail. As you can imagine, this isn't ideal. We've rearchitected this process where Gophish now queues up emails and tries to send them, retrying as necessary. This is far more fault tolerant and reliable. You can refer to #878 for details. This also has other benefits. For example, in previous versions of Gophish, if you launched a campaign immediately, it might still take up to a minute for emails to be sent. Now, they're sent as soon as the campaign is launched. No more waiting! ### Faster Release Process I've now fully automated the process of compiling and uploading Gophish binaries. This is **huge** because it means we can make Gophish releases much more quickly and reliably. I'll write up a blog post later with the details. This is the first run using the new process, so let me know if you encounter any issues. ### How to Upgrade To upgrade, simply download the release for your platform, extract into a folder, and copy (**remember to copy, not move so that you have a backup**) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go! Now, one more thing: ### We want to hear from you! Have questions, comments, or feature ideas about Gophish? Let us know by [filing an issue](https://github.com/gophish/gophish/issues/new). ### Enjoy! Details: | SHA1 Hash | Filename | | ------------- |-------------| |49dea979cc829ea3c0750791aa22cb890bbfac72 |gophish-v0.5.0-linux-32bit.zip |d3278c0d5e6cb382b137d2e3720ed30c0a03e8df|gophish-v0.5.0-linux-64bit.zip |61cab355927c3f9907a94ca3c5346ff97d428d6a|gophish-v0.5.0-osx-32bit.zip |437a2a6cbdbbe8523c41e6822791e6d3c6bd293f|gophish-v0.5.0-osx-64bit.zip |eaf0d5358c0244c90ee454e10b174155ae96a90b|gophish-v0.5.0-windows-32bit.zip |2f01937ecc6bc6ab007361424ecb03f61ff3ba5b|gophish-v0.5.0-windows-64bit.zip 2018-01-27T21:06:46+00:00 gophish v0.6.0 2018-05-20T22:40:23+00:00 ### Gophish Just Got Better. > tl;dr - New version of Gophish. Lots of improvements. Binaries can be found above. 😄 We're excited to announce v0.6.0 of Gophish! This fix has a bunch of bug fixes (including a couple of low-severity security fixes) and a couple of new features. ### Email Reporting The biggest new feature in this release is the ability for users to report phishing emails to Gophish and to have those reports displayed in the dashboard. We don't have email clients ready for this quite yet, so everything is just implemented on the server-side for now.  Huge thanks to @S0larflare for making this happen! ### Bugs Fixed Here are just a few of the bugs fixed in this release: * All API endpoints now require an API key. Previously, the /api/reset endpoint required a valid session, but this has been changed for consistency. (#1028) * We've made some improvements to the way our mailer handles errors (#963) * Fixed the way the initial admin account is created to avoid throwing errors when using MySQL (#948) And more! ### How to Upgrade To upgrade, simply download the release for your platform, extract into a folder, and copy (**remember to copy, not move so that you have a backup**) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go! ### Thank You I want to also take a quick moment to say *thank you* to everyone. The community is what makes Gophish great. I'm so thankful to everyone who leaves questions, suggests features, and goes the extra mile to help others out. Thank you all for everything you do! Now, one more thing: ### We want to hear from you! Have questions, comments, or feature ideas about Gophish? Let us know by [filing an issue](https://github.com/gophish/gophish/issues/new). ### Enjoy! | SHA1 Hash | Filename | | ------------- |-------------| |301620234118f7d33a22beaebeb772f3211b1592 | gophish-v0.6.0-linux-32bit.zip |6e6c621cab279f136f8d7b29b60b291b441e4bba |gophish-v0.6.0-linux-64bit.zip |a87e2eeebc8d62b6905a9d7eb59c7b7b4d2291e9 | gophish-v0.6.0-osx-32bit.zip |426def461471012f274dbeca01c37471934b723e | gophish-v0.6.0-windows-32bit.zip |ed5ed65b9e0d1a98fb1034fd080d76e7da8f0273 | gophish-v0.6.0-windows-64bit.zip 2018-05-20T22:40:23+00:00 gophish v0.7.0 2018-09-04T15:01:38+00:00 ### Gophish Just Got Better. > tl;dr - New version of Gophish. Lots of improvements. Binaries can be found above. 😄 We're excited to announce v0.7.0. This release is **packed** with improvements that make Gophish more powerful than ever. ### Campaign Preview When setting up a campaign, you want to know what the email and landing page looks like. Previously, to do this you would have to set up a separate campaign just for yourself, since there was no way of testing the full flow. This isn't good. In this Gophish release, we've fixed this! Now, when sending a test email from the campaign builder, clicking on the links will load up the landing page, showing you exactly what your recipients would see. ### Timed Campaigns Before this release, emails for a Gophish campaign were all sent at the same time. This is great in some cases, but sometimes you want to spread out the emails over a period of minutes, hours, or even days. Now you can! In this release, we've added a new field called "Send Emails By". If you set this field, then Gophish will spread out the emails evenly between the campaign launch and this date.  ### Device Details No one likes looking through raw logs to see what kinds of devices are clicking on links. Now you don't have to! In this release, we parse the user-agents for devices that click links or submit credentials, and we show that information in the campaign details:  ### Transparency As mentioned in #1057, we can do a better job of running friendly phishing simulations. The only approved use of Gophish is to run authorized phishing simulations, so we've added some features to make these campaigns more transparent. Specifically, we've added: * A `contact_address` field to the `config.json`. This field is inserted as an `X-Gophish-Contact` header in outgoing emails * An `X-Mailer` header is set to `gophish` for outgoing emails * We've added a transparency handler if you add a "+" to a valid `rid`. This returns a JSON response containing the contact address and indicates that the email was generated by Gophish Those are the big features, but that's certainly not everything! You can find a full changelog [here](https://github.com/gophish/gophish/compare/v0.6.0...v0.7.0). ### How to Upgrade To upgrade, simply download the release for your platform, extract into a folder, and copy (**remember to copy, not move so that you have a backup**) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go! ### Thank You I want to also take a quick moment to say *thank you* to everyone. The community is what makes Gophish great. I'm so thankful to everyone who leaves questions, suggests features, and goes the extra mile to help others out. Thank you all for everything you do! Now, one more thing: ### We want to hear from you! Have questions, comments, or feature ideas about Gophish? Let us know by [filing an issue](https://github.com/gophish/gophish/issues/new). ### Enjoy! | SHA1 Hash | Filename | | ------------- |-------------| |63149165688d3ca989974e32b5716be7e87ed6b4| gophish-v0.7.0-linux-32bit.zip |f113435940626c3f13448ce8e12aafb3e347c504 | gophish-v0.7.0-linux-64bit.zip |45736f416e475541ac214611f41c40fb967167dd | gophish-v0.7.0-osx-32bit.zip |d9b3ac3a2cf11f53bd33196d0310167ffb43cd8a | gophish-v0.7.0-osx-64bit.zip |98ad9756fa95d43af99b12f8d08423f71dc7fc14 | gophish-v0.7.0-windows-32bit.zip |f069cc4f4c9c50e422923f205c34eb226a2ea550 | gophish-v0.7.0-windows-64bit.zip Old hashes (only valid if you downloaded the release immediately after it was published before I got a chance to bump the `VERSION` file): | SHA1 Hash | Filename | | ------------- |-------------| |dfddc8a8038fa612022bb22e823e2a51b343e261 | gophish-v0.7.0-linux-32bit.zip | |261efd81c727021dfa039fe081ff7941cd86f9ee | gophish-v0.7.0-linux-64bit.zip | |5ca9e90bc8c6ed0494ddb29deb907548859c5ab0 | gophish-v0.7.0-osx-32bit.zip | |c0ffcc5f06799c807b79c3b41cefa6785c853dd8 |gophish-v0.7.0-osx-64bit.zip | |fd12ebc44c964e8577f688405f6c01d470335d9f |gophish-v0.7.0-windows-32bit.zip | |8000eec9d77a3d6987aa57b7d61736717238c471 | gophish-v0.7.0-windows-64bit.zip | 2018-09-04T15:01:38+00:00 gophish 0.7.1 2018-09-09T16:57:03+00:00 ### Whoops! In the previous version, we introduced the `{{.BaseURL}}` template variable that points to the root URL. This helps make things like pointing to static files easier. See #1189 for more details. Turns out, this didn't work for email template validation, since we weren't checking for all possible template tags. I'm sorry for the inconvenience! ### Should Be Fixed Now 😄 The good news is that this is fixed now, and should have only been an issue if you were trying to use the new `{{.BaseURL}}` tag. Since this was something I promised and it didn't work, I wanted to roll out a hotfix. For all the full details in the latest release, check out the [0.7.0 release notes](https://github.com/gophish/gophish/releases/tag/v0.7.0). ### Enjoy! | SHA1 Hash | Filename | | ------------- |-------------| |9bf4cf0905b1d171092a726cae6eafc6c837d926 | gophish-v0.7.1-linux-32bit.zip |77d8cf20e8b9591b3e8b8123653156d77a4ff0cb | gophish-v0.7.1-linux-64bit.zip |0b88b6d42a7907cfbd1f18574c230158c280d766 | gophish-v0.7.1-osx-32bit.zip |1a628ff9aa9a3f398d060e1644bc52a68aa102d4 | gophish-v0.7.1-osx-64bit.zip |798486c3bdb6c261625bd2b0605b1311b3ab3c7d | gophish-v0.7.1-windows-32bit.zip |1651769aa4f66401107efc04c035d96c8ef4e463 | gophish-v0.7.1-windows-64bit.zip 2018-09-09T16:57:03+00:00 gophish v0.8.0 2019-08-12T13:31:11+00:00 ### Gophish Just Got Better. > tl;dr - New version of Gophish. Lots of improvements. Binaries can be found above. 😄 We're excited to announce v0.8.0. This release fixes a bunch of bugs, adds a few features, and lays the groundwork for really cool features to come. ### RBAC Support This release includes initial support for Role-Based Access Control (RBAC). Specifically, it introduces global roles that separates admins from non-admins. You can find more information [here](https://github.com/gophish/gophish/issues/1333). ### Users API Users with the admin role have access to the user management API. This API allows you to create and manage users programmatically. You can find documentation for this API [here](https://docs.getgophish.com/api-documentation/user-management). ### Added Docker Support We've added a `Dockerfile` so that you can build Gophish in a container. We'll be uploading an official Docker image at [`gophish/gophish`](https://hub.docker.com/r/gophish/gophish) shortly. ### Code Refactoring While this isn't a user-facing change, it's a big one. We've refactored a bunch of the code to be cleaner and more structured. This will help new developers coming into Gophish to get up and running more quickly. Those are the big changes, but that's certainly not everything! You can find a full changelog [here](https://github.com/gophish/gophish/compare/v0.7.1...v0.8.0). ### How to Upgrade To upgrade, simply download the release for your platform, extract into a folder, and copy (**remember to copy, not move so that you have a backup**) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go! ### Thank You I want to also take a quick moment to say *thank you* to everyone. The community is what makes Gophish great. I'm so thankful to everyone who leaves questions, suggests features, and goes the extra mile to help others out. Thank you all for everything you do! Now, one more thing: ### We want to hear from you! Have questions, comments, or feature ideas about Gophish? Let us know by [filing an issue](https://github.com/gophish/gophish/issues/new). ### Enjoy! | SHA256 Hash | Filename | | ------------- |-------------| |80cb2c13b9f34dd2a5454c15065af81c15d09fbf30298cce276ba1fa7318462b | gophish-v0.8.0-linux-32bit.zip |8a64368f31a10d7e0bbedfce8827fcd9fbbfa8d0fc5b5d6a3c467569a7818d26 | gophish-v0.8.0-linux-64bit.zip |9209ccab7087e432e0fbd1ecf8772ac5d1cb92839b89907cdbe02ff3b392dd6b | gophish-v0.8.0-osx-32bit.zip |95a1adcd9c1e56c2cc6525140fb65e4dda7f89e91497ed5498d09c4319e9c2f7 | gophish-v0.8.0-osx-64bit.zip |68de55454a4fca68a61b3bd3359986b26423484350ff947e59a31e0b174ff4cc | gophish-v0.8.0-windows-32bit.zip |8bd15a7484e363e0573d0afad31b56e3bbf634dcce377bb4b1ef24a7146823d0 | gophish-v0.8.0-windows-64bit.zip 2019-08-12T13:31:11+00:00 gophish v0.9.0 2020-01-21T12:49:42+00:00 ### Gophish Just Got Better. We're excited to announce v0.9.0. This release adds big features, improves performance, and fixes bugs. Here's just a couple of the exciting changes. ### Webhooks Ever since Gophish was launched, we've had the ability to fetch campaign results via the API. But sometimes, you may want to have campaign updates pushed directly to you as they happen. To solve this problem, we've added support for webhooks. When you configure a webhook, Gophish will make (optionally signed) HTTP requests to an endpoint you control. These requests include the JSON body of the event that just happened- the exact same JSON that you would normally receive via the API. This gives you real-time updates to your campaign as they happen. <img width="1494" alt="Webhook configuration screen" src="https://user-images.githubusercontent.com/1317288/72686468-c1ebb700-3aba-11ea-83cc-c6b4346fc21b.png"> You can find more information about using webhooks in our [documentation.](https://docs.getgophish.com/user-guide/documentation/webhooks) Webhook support was sponsored by [Al Lowenstein](https://www.linkedin.com/in/al-lowenstein-1a49a5/) and implemented by @GildedHonour in #1642. Thank you both for all your help making this happen! ### IMAP Support I always encourage folks using Gophish to focus not only on minimizing the click through rates, but even more so on *increasing* the reporting rate. To that end, many companies have an email address they encourage employees to send any potential phishing emails. I've often got feedback that it'd be great if Gophish emails sent to that email address would automatically show as "reported" in the campaign results. Now that's possible! Thanks to the great work from @glennzw, you can now configure IMAP details which Gophish will use to fetch any campaign emails, marking them as reported. Thank you for all your amazing work @glennzw! <img width="1494" alt="IMAP reporting" src="https://user-images.githubusercontent.com/1317288/72686614-23605580-3abc-11ea-97bd-46aceecf5a83.png"> You can find more information about configuring reporting via IMAP in our [documentation.](https://docs.getgophish.com/user-guide/documentation/email-reporting#reporting-via-imap) ### Thank You While there are amazing performance improvements and bug fixes included in this release, you'll notice something about the two big features listed above- neither were built by me (@jordan-wright). This is incredibly exciting. I've long held that the community around Gophish is my favorite thing about the entire project. We have a group of folks contributing to issues, offering advice and feature requests and, with this release, contributing core features that make Gophish even better. Thank you all for everything you do. We have *big* things planned for Gophish, and I'm excited to build them alongside you all. ### How to Upgrade To upgrade, download the release for your platform, extract into a folder, and copy (**remember to copy, not move so that you have a backup**) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go! Now, one more thing: ### We want to hear from you! Have questions, comments, or feature ideas about Gophish? Let us know by [filing an issue](https://github.com/gophish/gophish/issues/new). ### Enjoy | SHA256 Hash | Filename | | ------------- |-------------| |f12ad070007b4d764e7e7816db8dae1f8002483c9aff81e2437319e9c6521465| gophish-v0.9.0-linux-32bit.zip |ffcdf7a1a8590b6de70660754c88ef2be3c3b69e1dd5ae18c472dbd26d5ff534 | gophish-v0.9.0-linux-64bit.zip |6780ea4124eeaefa1cd0a5c2a825f4457dfda807b43be741bbbd22ab8e870099 | gophish-v0.9.0-osx-32bit.zip |ab283c49625af335bf6fee1b65f386bd69cece68d2ed9bd051b4de9b43b3dd5e | gophish-v0.9.0-osx-64bit.zip |d63ae01b2152f1964ffb9dc1d4d36fe3e8b8abcaffa74e1750770e6b8b321c3f | gophish-v0.9.0-windows-32bit.zip |7f1593d5fafe3590acaed4157c47d5c00ba9a30df86382d3f6c531369f8d9123 | gophish-v0.9.0-windows-64bit.zip 2020-01-21T12:49:42+00:00 gophish v0.10.0 2020-05-25T03:05:13+00:00 | SHA256 Hash | Filename | |-----|-----| |e9b754682d6476d0ff07e9d0bb4d7634e0e4d0ebba570c3a0f27574358636415|gophish-v0.10.0-linux-32bit.zip| |7a6186d90eb4d75f773a09baf035b877f952136e7e73d2e8f680c83bb1524082|gophish-v0.10.0-linux-64bit.zip| |4abbb083be9f5b9f11a92cbe024449be3825e60b67140356bc236fe82f244723|gophish-v0.10.0-osx-64bit.zip| |087edf7e1b64aa66912b4780a5914d4cfbfd78b8e1fd8046da7c6b08c79388cd|gophish-v0.10.0-windows-64bit.zip| 2020-05-25T03:05:13+00:00 gophish v0.10.1 2020-05-25T03:27:47+00:00 ### Gophish Just Got Better. We're excited to announce v0.10.1. This release significantly improves the performance of sending emails, adds some features and fixes bugs. Here's just a couple of the exciting changes. ### Faster Email Sending Thanks to the detailed report from @edermi in #1726, we were able to **dramatically** increase the speed at which we send emails- especially for large campaigns. ### Impersonation Administrators often have a need to help troubleshoot issues other users are seeing with Gophish. To make this easier, @glennzw added an impersonation feature in #1812 that allows system administrators to login to a user's account. This is available from the User Management page. <img width="1443" alt="Screen Shot 2020-05-24 at 10 35 47 PM" src="https://user-images.githubusercontent.com/1317288/82775959-ebbd3d80-9e0e-11ea-9472-4ea4465686a8.png"> ### More Frequent Releases We've also changed our release process to use GitHub Actions. The bad news is that this means we won't be supporting 32-bit Mac or Windows releases at this time (we do support 64-bit releases!). The good news is that this will enable us to do much more frequent Gophish releases, getting awesome features and bugfixes out to the community even quicker. With this in mind, please do let us know if you run into any issues with the releases below! ### Changelog You can find the full changelog for this release [here.](https://github.com/gophish/gophish/compare/v0.9.0...v0.10.1) ### How to Upgrade To upgrade, download the release for your platform, extract into a folder, and copy (**remember to copy, not move so that you have a backup**) your existing gophish.db file into the new directory. Then, run the new gophish binary and you'll be good to go! Now, one more thing: ### We want to hear from you! Have questions, comments, or feature ideas about Gophish? Let us know by [filing an issue](https://github.com/gophish/gophish/issues/new). ### Enjoy | SHA256 Hash | Filename | |-----|-----| |e236fea0628623c9158e01d189cf20766b2ebbb7cc1e6e53c1d4f49e039c98f7|gophish-v0.10.1-linux-32bit.zip| |d075245dd146494ee1d25d2c6201ef84a5a2cdb6d38adc152df3b71ab8e91845|gophish-v0.10.1-linux-64bit.zip| |1c8e4cbd8da090b9f6f38eb5605d7b1753b3f60ccf705e943befe98ff4969ab4|gophish-v0.10.1-osx-64bit.zip| |7c01df6bbeeca6a9a6dd0fc28e12eb329414c3d15c8f0dec237bf6535e4d268a|gophish-v0.10.1-windows-64bit.zip| 2020-05-25T03:27:47+00:00 gophish v0.11.0 2020-08-28T18:23:10+00:00 ### Gophish just got better. We're excited to announce the release of Gophish v0.11.0. This release includes important security fixes, adds some minor features, and fixes some bugs. ### Security Fixes This release addresses multiple security issues that were identified and reported by the community. As always, we encourage sending in security reports via our [security policy](https://github.com/gophish/gophish/blob/master/SECURITY.md), and are appreciative of all the work that went in to finding and reporting these vulnerabilities. The following vulnerabilities were fixed in this latest release: #### Server-side Request Forgery (SSRF) Reported by: Marcus Nilsson of usd AG Reported by: @dunderhay in #1908 An authenticated user could use certain features of Gophish to make inbound connections to the local network. The most critical of these is via the Landing Page import feature, which could be used to make arbitrary upstream web requests. Since importing local webpages, or otherwise making local network connections (e.g. for SMTP/IMAP servers, webhook URLs, etc.) is an expected use case for Gophish we've decided to implement an opt-in allowlist. By default, we block access only to known IP addresses commonly associated with cloud metadata services, but it is now possible to explicitly set the `allowed_internal_hosts` configuration variable in the `admin_server` section of config.json to a list of allowed internal addresses. More information can be found [here](https://github.com/gophish/gophish/commit/e3352f481e94054ffe08494c9225d3878347b005). #### Cross-Site Scripting (XSS) Reported By: Marcus Nilsson of usd AG Reported By: @dunderhay in #1901 Various cross-site scripting issues were identified and fixed. All issues required authenticated access and only affected either the user that created the objects, or an administrator using our "Impersonate" issue to impersonate the user that created the objects. More information can be found in 4e9b94b and 19ef924d89f6e2459387d5645233f16fd07e01b3. #### CSV Injection Reported By: Marcus Nilsson of usd AG Malicious data could be submitted during a campaign that, when exported as a CSV and opened in a spreadsheet viewer, is interpreted as a formula leading to command execution. More information on CSV Injection can be found [here](https://owasp.org/www-community/attacks/CSV_Injection). More information about the fix can be found in b25f5ac5e468f6730e377f43c7995e18f8fccc2b. #### Clickjacking Reported By: Marcus Nilsson of usd AG An attacker could create an iframe which tricks an authenticated administrator into unexpectedly clicking the "Reset" button in the settings page, causing their API key to be reset, potentially causing a denial of service condition. More information about the fix can be found in 6df62e85fd60f0931d3c8bfdb13b436a961bc9b6. ### Adding a Password Policy This release adds a basic password policy for administrators, and removes the default password "gophish". Instead, an initial password is randomly generated and printed in the terminal when Gophish is launched for the first time. It is possible to override the initial password and API key with environment variables if needed. ### More Robust IMAP Support This release adds the ability to mark emails as reported that were sent as an attachment. Additionally, it changes the underlying IMAP library to be more robust, eliminating some possible bugs. Credit to @glennzw for the changes! ### Changelog You can find the full changelog for this release [here.](https://github.com/gophish/gophish/compare/v0.10.1...v0.11.0) ### How to Upgrade To upgrade, download the release for your platform, extract into a folder, and copy (**remember to copy, not move so that you have a backup**) your existing gophish.db file into the new directory. Then, run the new Gophish binary and you'll be good to go! Now, one more thing: ### We want to hear from you! Have questions, comments, or feature ideas about Gophish? Let us know by [filing an issue](https://github.com/gophish/gophish/issues/new). ### Enjoy | SHA256 Hash | Filename | |-----|-----| |beb32e243e888f21849d3ee09a979a33cd1da7a7cd79438c8f56fce1a2d9d44c|gophish-v0.11.0-linux-32bit.zip| |f33ac7695850132c04d190f83ef54732421a8d4578be1475d3a819fe6173c462|gophish-v0.11.0-linux-64bit.zip| |f1af96033c946ed2fe757b9b3a7aefc63ec3548f0ab21f01c44d70a58410ffbe|gophish-v0.11.0-osx-64bit.zip| |f5083bc084715319a4e671bc58dc28f66828fec78a43bd41456373fcc024703c|gophish-v0.11.0-windows-64bit.zip| 2020-08-28T18:23:10+00:00 gophish v0.12.0 2022-08-13T14:11:52+00:00 ### Gophish just got better. We're excited to announce the release of Gophish v0.12.0. This release includes important security fixes, adds some features, and fixes some bugs. ### Attachment Tracking This has been a long time requested feature, and we're super excited to release it! We've added the ability to add [gophish variables](https://docs.getgophish.com/user-guide/template-reference) to a number of file types which can be attached to emails. As a trivial example it is possible to include `Hello {{.FirstName}}, please click here: {{.URL}}` to a Word document, or with a little more effort add tracking pixels to documents. This will allow notification of when users have opened attached files, or enabled macros in Office documents. We currently support the following file extensions: docx, docm, pptx, xlsx, xlsm, txt, html, ics. Please see the [documentation](https://docs.getgophish.com/user-guide/documentation/attachments) for more guidance and examples. ### Inline Image Attachments #1525 Images in emails are now marked as `embedded` rather than `attached`, so email clients don't show them as attachments. This is a great addition to improve the quality of campaigns. Thanks @dzsibi ### Custom Sender Envelopes #2334 We've added the ability to specify an envelope sender in templates. If left empty, it will fallback to the SMTP-From in the Sender-settings. This can be used to pass SPF-checks but still send a spoofing email. Thanks @ChessSpider and @ptitdoc ### Added functionality to lock accounts #2060 Added minor functionality to display last login time for each user in the User Management page and the ability to lock user accounts. ### Open Redirect #2262 Fixed a minor Open Redirect issue. Thanks @Kirill89 ### Changelog You can find the full changelog for this release [here.](https://github.com/gophish/gophish/compare/v0.11.0...v0.12.0) ### How to Upgrade To upgrade, download the release for your platform, extract into a folder, and copy (**remember to copy, not move so that you have a backup**) your existing gophish.db file into the new directory. Then, run the new Gophish binary and you'll be good to go! Now, one more thing: ### We want to hear from you! Have questions, comments, or feature ideas about Gophish? Let us know by [filing an issue](https://github.com/gophish/gophish/issues/new). ### Enjoy | SHA256 Hash | Filename | |-----|-----| |42f228158e91e2fce182fbd60a6669fcbed21f76186563f264a941efbc9c1159|gophish-v0.12.0-linux-64bit.zip| |d06945497f0f3467748c50e518aa4e526e8c71cd7fa58c23541cb65477539306|gophish-v0.12.0-osx-64bit.zip| |c0fdc4a980914893a9d19544bb6233586db8d81a139657e9773ca8e03c387a02|gophish-v0.12.0-windows-64bit.zip| 2022-08-13T14:11:52+00:00 gophish v0.12.1 2022-09-14T10:40:29+00:00 ## Gophish just got better. We're excited to announce the release of Gophish v0.12.1. This is a minor release that includes a couple of bug fixes and one great new feature. ### Added Trusted Origins to CSRF Handler We've added the ability to set `trusted_origins` in the `config.json` file. This allows you to add addresses that you expect incoming connections to come from, which is helpful in cases where TLS termination is handled by a load balancer upstream, rather than the application itself. This has been a long discussed and requested feature so it's great to have! Thanks to @mcab and everyone else in [this thread](https://github.com/gophish/gophish/pull/2301). ### Updated Workflows Our Continuous Integration workflow has been updated and is succeeding again. We've also updated the Release workflow, mitigating some security concerns and adapting it be able to build Windows releases again. These are (hopefully!) at the bottom of this post. ### Minor fixes Some JavaScript files hadn't been minified properly, causing problems with adding customer headers. A small bug was fixed where copying a campaign would not show [Deleted] in an edge case - see https://github.com/gophish/gophish/pull/2482. Thanks @29vivek. ### Changelog You can find the full changelog for this release [here.](https://github.com/gophish/gophish/compare/v0.12.0...v0.12.1) ### How to Upgrade To upgrade, download the release for your platform, extract into a folder, and copy (**remember to copy, not move so that you have a backup**) your existing gophish.db file into the new directory. Then, run the new Gophish binary and you'll be good to go! Now, one more thing: ### We want to hear from you! Have questions, comments, or feature ideas about Gophish? Let us know by [filing an issue](https://github.com/gophish/gophish/issues/new). ### Enjoy | SHA256 Hash | Filename | |-----|-----| |9ed2f88d6582b798a3448fb51080ff782b40cec8fb4855895720e9f782f68511|gophish-v0.12.1-linux-32bit.zip| |44f598c1eeb72c3b08fa73d57049022d96cea2872283b87a73d21af78a2c6d47|gophish-v0.12.1-linux-64bit.zip| |f80786dcb2c4037d7f9d6c9e8e8655c5eeaa8e46ef4032bda704b9ce18e23491|gophish-v0.12.1-osx-64bit.zip| |e6936b8a472c730dcb0da64024d82341806869af666fad10f8639e7f85b1b7e6|gophish-v0.12.1-windows-64bit.zip| 2022-09-14T10:40:29+00:00