Gophish

Let’s create a file for our Gophish configuration:

mkdir -p ~/Desktop/op/docker/gophish
touch ~/Desktop/op/docker/gophish/config.json

{
	"admin_server": {
		"listen_url": "0.0.0.0:3333",
		"use_tls": false,
		"cert_path": "gophish_admin.crt",
		"key_path": "gophish_admin.key",
		"trusted_origins": []
	},
	"phish_server": {
		"listen_url": "0.0.0.0:80",
		"use_tls": false,
		"cert_path": "example.crt",
		"key_path": "example.key"
	},
	"db_name": "sqlite3",
	"db_path": "gophish.db",
	"migrations_prefix": "db/db_",
	"contact_address": "",
	"logging": {
		"filename": "",
		"level": ""
	}
}

Now we can add Gophish to our docker-compose services.

  gophish:
    image: gophish/gophish
    container_name: "gophish"
    environment:
      - VIRTUAL_HOST=gophish.docker
    links:
      - "mailhog"
    volumes:
      - "gophish:/opt/gophish"
      - "./gophish/config.json:/opt/gophish/config.json"

Finally, we need to add a Gophish named volume to the end:

volumes:
  gophish:

We should be able to bring up docker compose now:

sudo docker compose up

We need a password to log in to Gophish. Gophish automatically sets a password when you first start it. So lets open a new terminal and run the following.

cd ~/Desktop/op/docker
sudo docker compose logs gophish | grep " password "

Gophish Initial Password

Open http://gophish.docker:3333/.
login with the user admin and the password you found in the logs.
change password (I used gophishpass for the VM).

Gophish SMTP MailHog

Go to Sending Profiles > + New Sending Profile.

Set Name to Mailhog SMTP Testing Server.
Set SMTP From to an email, I used admin@phishing.test.
Set Host to mailhog:1025, as this is the name of the linked container in the docker compose file.
Add a new Email Header X-Mailer and set it to Outlook. This overrides Gophish’s default of Gophish.