performing-red-team-phishing-with-gophish

## When to Use - When conducting security assessments that involve performing red team phishing with gophish - When following incident response procedures for related security events - When performing scheduled security testing or auditing activities - When validating security controls through hands-on testing ## Prerequisites - Familiarity with security operations concepts and tools - Access to a test or lab environment for safe execution - Python 3.8+ with required dependencies installed - Appropriate authorization for any testing activities ## Instructions 1. Install dependencies: `pip install gophish requests` 2. Deploy GoPhish server and obtain an API key from Settings. 3. Use the Python gophish library to automate campaign setup: - Create email templates with HTML body and tracking - Configure SMTP sending profiles - Import target groups from CSV - Create landing pages for credential capture - Launch and monitor campaigns 4. Analyze campaign results: opens, clicks, submitted data, reported. ```bash # For authorized penetration testing and lab environments only python scripts/agent.py --gophish-url https://localhost:3333 --api-key <key> --campaign-name "Q1 Awareness" --output phishing_report.json ``` ## Examples ### Create Campaign via API ```python from gophish import Gophish from gophish.models import Campaign, Template, Group, SMTP, Page api = Gophish("api_key", host="https://localhost:3333", verify=False) # Self-signed cert on localhost lab ca...