Zvitsva Zvitsva uye Zvigadziriso kubva kuGoPhish yeKudzivirirwa Kuziva Dzidzo
ziviso
GoPhish iri nyore kushandisa uye inodhura phishing simulator yaunogona kuwedzera kune yako phishing chirongwa chekudzidzisa. Kusiyana nemamwe akakurumbira phishing simulators, GoPhish inogara ichigadziridzwa nezvinhu zvitsva. Muchikamu chino, tichaenda pamusoro pezvimwe zvinonyanya kuzivikanwa zvitsva kubva muvhezheni 0.9.0.
Zvitsva Zvitsva
- Yakawedzerwa Mabviro Akavimbika kuCSRF Handler GoPhish ikozvino inobvumira kugadzirisa trusted_origins mu config.json faira. Izvi zvinokutendera kuti uwedzere kero dzaunotarisira kubva kune dzinopinda. Izvi zvinobatsira kana yakakwira yekuremerwa balancer inobata kumisa TLS panzvimbo pekushandisa pachayo.
- Yakaunzwa yekunamatira yekutevera nekuwedzera GoPhish akasiyana mumhando dzakasiyana dzefaira dzinogona kusungirirwa kumaemail. Semuyenzaniso, zvave kuita kuti “Mhoroi {{.FirstName}}, tapota tinya pano: {{.URL}}” mugwaro reWord kana kuwedzera mapikisi ekutevera mumagwaro. Izvi zvino zvichazivisa kana vashandisi vavhura mafaera akabatanidzwa kana kugonesa macros muHofisi zvinyorwa. GoPhish inotsigira anotevera mafaera ekuwedzera: docx, docm, pptx, xlsx, xlsm, txt, html, uye ics.
- Yakawedzera kugona kutsanangura anotumira envelope mumatemplate. Kana ikasiiwa isina chinhu, inodzokera kuSMTP-Kubva muSender-setting. Izvi zvinogona kushandiswa kupfuudza SPF-cheki asi uchingotumira email spoofing.
- Yakaita yekutanga password password yevatungamiriri uye yakabvisa iyo default password "gophish". Pane kudaro, password yekutanga ikozvino inogadzirwa zvisina tsarukano uye inoratidzwa mune terminal paunotanga Gophish kekutanga. Kana zvichidikanwa, yekutanga password uye API kiyi inogona kuvharwa uchishandisa nharaunda zvinosiyana.
- Yakawedzera rutsigiro rwewebhooks. Nekugadzirisa webhook, Gophish ikozvino inogona kutumira zvikumbiro zveHTTP kune inodzorwa yekupedzisira. Zvikumbiro izvi zvinosanganisira mutumbi weJSON wechiitiko chinoenderana, inova JSON imwechete yaunowanzo kugamuchira kuburikidza neAPI. Kuwedzeredzwa uku kunopa zvigadziriso zvenguva chaiyo pazviitwa zvemushandirapamwe. Izvi zvinokupa iwe chaiyo-nguva zvigadziriso kune ako arikuenderera mishandirapamwe.
- Yakaunza kugona kugadzirisa IMAP ruzivo muGophish, iyo inobvumira kutora maemail emushandirapamwe nekuamaka sezvakashumwa.
mhedziso
Nezvitsva izvi, iwe unogona ikozvino kushandisa yakachengeteka uye inoshanda GoPhish. Sezvo kumwe kuburitswa kunouya mune ramangwana, GoPhish icharamba iri chishandiso chakakosha kumasangano anotarisa kusimbisa zvirongwa zvavo zvekudzidzisa phishing.
