Phishing is one of the most common attacks in today’s cybersecurity world. Many hackers from noob to pro all uses this method to gain access by tricking human’s brain. But these days humans are clever enough to get trapped in this.

Suppose we create a landing page of any popular website (for suppose Facebook) and send the target a email to the client that you have $200 unused advertising credit to be expire soon and when the user comes to the the landing page and there he suppose to provide his card details to get the free credit. Now these type of attacks generally not working. May work sometime for some targets because phishing is a very subjective attack but in most cases it really don’t work. A proper phishing campaign will be more effective for a bulk phishing attack.

Understanding Phishing Campaigns

In bulk phishing attack attack didn’t create the landing page and email for a specific people. They create those things in a very generic way and send the email to a large number of people. By using phishing campaign attackers try to trick people into giving up sensitive information, such as passwords, credit card numbers, or other various personal details. Attackers often do this by sending emails that appear to be from a legitimate source, like a bank or any well known brand. The email usually contains a link to a fake website that looks real. When the person enters their information on this fake site, the attackers steal it. Phishing Campaigns are well organized way to try phishing.

Installing GoPhish on Kali Linux

GoPhish is an open-source tool to run a phishing campaign. It is designed to help organizations to run phishing attack on their employees and educated them about this type of attacks. GoPhish is also used by bad attackers. Previously we need to install it from GitHub and there are many errors to run this on Kali Linux. Now we can install it easiest method ever.

In today’s article we are going to learn how we can easily install GoPhish on our Kali Linux system and run it. Now this is very simple to do it. GoPhish is now available on Kali Linux repository so we just need to run following command to install it:

sudo apt install gophish -y

It requires password of user for authentication. In the following screenshot we can see the screenshot of applied command:

Now we can run GoPhish on our Kali Linux system by using following command:

sudo gophish

It may prompt for password and then it will start as we can see in the following screenshot:

Here we can see the link of GoPhish web application and we also can see default web admin login and password. Let’s open the link on our web browser.

Opps…. We got a warning because this localhost web panel doesn’t have a certificate issued by a trusted certificate authority. No issue its running inside our system. So we click on the “Advanced” option and then click on the “Accept the Risk and Continue” option.

After that GoPhish login panel will be in front of us, as we can see in the following screenshot:

We got the default username and password on the terminal window, we can login by using that credentials. Just after that GoPhish will prompt for resetting the password. We must need to change the default password for security seasons. Here we have to choose a strong password and set it. After that we are finally at the GoPhish web interface. Initially it looks like following screenshot:

Now here we can create phishing campaigns and manage it easily. We are going to spoon feed everything. Researching own things are one of the best way to learn. Directly demonstrating of running a phishing campaigns on a public domain is not so much ethical in our opinion. But everything is there on the “User guide” option.

On the “User Guide” and “API Documentation” we got everything we need to learn. Like on the “User Guide” we get a well organized menu for every options, as we can see in the following screenshot:

This is how we can install and run GoPhish on Kali Linux system. GoPhish is a very powerful tool which simplifies the process of organizing phishing simulations. By using GoPhish on Kali Linux, we can effectively test and improve our organization’s resilience to phishing attacks.

Warning: This article is for research and educational purposes only. We are not responsible for any actions or damages resulting from using this information. Use GoPhish only having explicit permission to test. Unauthorized use can result in legal consequences. We strongly advise ethical and responsible usage.

Love our article? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group & Whatsapp Channel. We are striving to build a community for Linux and cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.