Mirrors/gophish
2
0
Fork 0
mirror of https://github.com/gophish/gophish synced 2024-11-14 16:27:23 +00:00
Code Issues Projects Releases Packages Wiki Activity
815 commits 25 branches 17 tags 118 MiB
Commit graph

292 commits

Author SHA1 Message Date
Glenn Wilkinson
8e79294413 Added error handling to in-app reporting mechanism 2023-09-15 15:45:30 +01:00
Glenn Wilkinson
06e95c1fb8 Minified campaigns.js #2482 2022-09-14 11:29:18 +01:00
Vivek Kekuda
53537a221a
Fix resource selection during campaign copy (#2482) 
Clear the selection of resource (template, page, profile) whenever the original
resource is deleted and there is only one currently available resource present
in the DB while copying a campaign. Without this fix, the only available
resource is shown as the original resource, instead of showing [Deleted].
 2022-09-14 12:26:29 +02:00
Glenn Wilkinson
3863ad31b9 Fixed issue with sorting by login date of users 2022-08-26 23:09:14 +02:00
Glenn Wilkinson
32c0502999 Minified missing sending_profile file (741201b) 2022-08-24 18:00:00 +02:00
Glenn Wilkinson
90cd444dcb Minified template.js resolving #2545 2022-08-09 15:24:29 +01:00
Glenn Wilkinson
d0ff3829e5 Disallow deleting of admin user from the UI (#2487) 2022-06-01 17:01:55 +01:00
Glenn Wilkinson
0c255bbe92 Disallow changing of admin username from the UI (#2487) 2022-06-01 16:40:04 +01:00
Jake Walker
704e6d56b3
Fix modal titles saying new when editing existing content (#2318) 2022-04-15 16:28:19 +02:00
ptitdoc
bb516ef7ab
986 custom envelope sender remerge (#2334) 
* Adds the ability to specify an envelope sender in templates (#986)

Authored-by: ChessSpider <ChessSpider@users.noreply.github.com>
Authored-by: Olivier MEDOC <o_medoc@yahoo.fr>
Authored-by: ptitdoc <ptitdoc@free.fr>
 2022-03-25 16:24:49 +01:00
Glenn Wilkinson
741201b7f0 Added JS for Fix sending profile form (#2389) 2022-02-16 15:30:38 +00:00
Mark Steward
1f95efcb7b
Fix sending profile form (#2389) 
Credentials no longer suggested in the Search box in 'Sending Profiles'
 2022-02-07 17:12:55 +01:00
Glenn Wilkinson
ced5261678
Added functionality to lock accounts (+bug fix) (#2060) 
* Added functionality to lock accounts

* Fixed typo and added test case for locked account
 2020-12-07 08:56:05 -06:00
Jordan Wright
3c490dbadb Updated JS from #1976 2020-09-30 22:00:15 -05:00
Glenn Wilkinson
b53cff0c98
Added functionality to display last user login (#1967) 
Added functionality to display last login time for each user in the User Management page.
 2020-09-30 21:06:08 -05:00
Jordan Wright
c1d3c7cd75 Modified frontend reporting logic to be more flexible with campaigns that include a path in their URL. 
Fixes #1985
 2020-09-23 21:15:19 -05:00
Jordan Wright
735880c398 Creating minified JS file from chnages in #1909 2020-08-08 15:04:59 -05:00
Glenn Wilkinson
0558da90fe
Added support to allow invalid IMAP certificates (#1909) 
This commit allows self-signed certificates to be used in upstream IMAP connections.
 2020-08-08 15:03:42 -05:00
Jordan Wright
90fed5a575 Added escaping for error message in sending profile hostname 2020-08-06 22:21:41 -05:00
Jordan Wright
b684fb4ebd Fixing issue where campaigns aren't showing up in the archived tab if they have been marked as completed. 
Fixes #1892
 2020-07-25 14:47:37 -05:00
Jordan Wright
19ef924d89 Properly escaping server output when a request is made to ping a malicious webhook URL. 
Fixes #1901
 2020-07-24 23:04:55 -05:00
Jordan Wright
b25f5ac5e4 Updated PapaParse config to prevent CSV injection. 
I've updated the PapaParse JS library to the latest version from the master branch which supports the `escapeForumlae` option in order to prevent malicious event entries from being parsed and executed by the Gophish user's spreadsheet software.

When a new PapaParse release is created, I'll update this code to use the updated minified file.
 2020-07-24 22:44:24 -05:00
Jordan Wright
4e9b94b641 Fixed validation when setting IMAP hostname 2020-07-17 22:40:10 -05:00
Jordan Wright
bb7de8df3e
Initial Implementation of a Password Policy (#1867) 
This PR adds the initial work to implement a password policy as defined in #1538.

Specifically, this implements the following

* Rate limiting for the login handler
* Implementing the ability for system admins to require a user to reset their password
* Implementing a password policy that requires passwords to be a minimum of 8 characters
* Removes the default password (gophish) for admin users to instead have the password randomly generated when Gophish first starts up
* Adds a password strength meter when choosing a new password

Fixes #1538
 2020-06-19 22:03:51 -05:00
Jordan Wright
ec8b17238e General code cleanup as part of an effort to integrate staticcheck into our CI pipeline. 2020-05-25 21:46:36 -05:00
Jordan Wright
b57210f6e7 Rebuilt JS files from #1812 2020-05-24 22:24:57 -05:00
Jordan Wright
b29544c208 Rebuilding JS files from #1838 2020-05-23 12:56:18 -05:00
Prasoon Dwivedi
353639e168
Use GroupsSummary to create and copy campaign (#1838) 
The Groups (get all groups and associated targets) call is used while
loading the modal for creating and copying a campaign. As the Groups API gets
all the associated targets for a groups as well, it slows the system
considerably if there are large number of groups and targets (~200
groups each with ~100-10000 targets).
As targets are not really needed in this workflow, this call can be
replaced by the GroupsSummary call.
 2020-05-23 12:51:43 -05:00
Jordan Wright
726e3c96ac Rebuilding JS files from #1830 2020-05-08 21:02:05 -05:00
Prasoon Dwivedi
116c2a7e7e
Load datatable rows all at once (#1830) 
This change modifies how we populate DataTables to draw the table only once vs. drawing it when we add each new row. This should result in tables loading quicker.
 2020-05-03 22:03:58 -05:00
Glenn Wilkinson
38a6a77c9c
Added ability to allow admin to 'su' to other accounts (#1812) 
* Added ability to allow admin to 'su' to other accounts

* Naming convention and user message modifications

* Removed debug statement
 2020-04-27 18:19:20 -05:00
Jordan Wright
118d9899d6 Updated minified scripts from #1772 2020-03-15 12:41:19 -05:00
Paul Werther
c0be58aa3d
Add "mark as reported" to results table (#1772) 
This commit adds the ability to mark a result as reported directly from the campaign results view.
 2020-03-15 12:38:51 -05:00
Jordan Wright
2e3aacd22d
Remove Unused Variable (#1774) 
The timeline_series_data variable is created twice before using it. This resolves that.
 2020-03-05 07:28:17 -06:00
Jordan Wright
ecb6d46914 Rebuilding minified JS to support #1722 2020-01-18 12:49:34 -06:00
Glenn Wilkinson
9de32746ee Added IMAP support for checking reported emails (#1612) 
Initial support of managing reporting through IMAP.

Co-Authored-By: Jordan Wright <jmwright798@gmail.com>
 2020-01-18 11:58:34 -06:00
Jordan Wright
01287e0dd5 Minor cleanup on webhook feature integration 
- Ran gofmt
- Rebuilt minified static files
- Updated validation payload
 2019-12-15 22:07:55 -06:00
Alex Maslakov
28cd7a238e Add Webhook Support 
Adds support for managing outgoing webhooks. Closes #1602
 2019-12-15 20:27:21 -06:00
Jordan Wright
6222c5e180
Upgrade SweetAlert2 Dependency (#1583) 
Upgrades the SweetAlert2 dependency to version 8.x.x.

Co-authored-by: Glenn Wilkinson <glenn.wilkinson@gmail.com>
 2019-09-10 19:49:23 -05:00
David Maciejak
24fe998a3a Fix multiple XSS issues in User Management Page (#1547) 
If the user name is embedding some JS code, it will be executed on the client side. Note: gophish/static/js/dist/app/users.min.js will need to be regenerated too.
 2019-08-23 21:07:15 -05:00
Jordan Wright
a1a2de13a4 Added a check to ensure the target details are correct if manually created. 
Fixes #1475
 2019-05-31 19:31:16 -05:00
Jordan Wright
84096b8724
Implement User Management API (#1473) 
This implements the first pass for a user management API allowing users with the `ModifySystem` permission to create, modify, and delete users. In addition to this, any user is able to use the API to view or modify their own account information.
 2019-05-31 13:58:18 -05:00
Jordan Wright
6ca2b76ceb
Update Javascript Dependencies (#1440) 
* updated devDependencies, migrated gulpfile.js to gulp 4.0 syntax (#1438)

* Rebuilding JS dependencies with new gulp config. Updated yarn.lock.

Co-authored-by: Christian Schwartz <christian.schwartz@gmail.com>
 2019-04-21 16:34:52 -05:00
Jordan Wright
2eb4f4d348
Move API key to Bearer Token (#1439) 
* Moved api_key from URL to authorization header in requests (#1434)

* Fixing some minor formatting and rebuilding minified JS
 2019-04-21 15:21:36 -05:00
Jordan Wright
3cec2dabbf
Add Archived Campaigns View (#1367) 
* Adding archived view for campaigns (#1334)

* Formatted the code, did some very minor cleanup, and rebuilt the minified JS

Closes #448
 2019-02-19 21:30:18 -06:00
Jordan Wright
ba8ceb81da
Initial commit of RBAC support. (#1366) 
* Initial commit of RBAC support. Closes #1333
 2019-02-19 20:33:50 -06:00
Jordan Wright
4ec9f07859 Updating campaign datepicker format to match other date formats. Fixes #1288 2018-12-30 14:26:35 -06:00
Jordan Wright
b4ff771b3a Added autocomplete for template tags to the editor for email templates and landing pages. 2018-12-30 00:02:41 -06:00
Jordan Wright
60133b45e8 Updated CKEditor to 4.11.1 2018-12-27 17:23:59 -06:00
Jordan Wright
191ec6e436 Added the CKEditor link dialog fixes to the email templates 2018-12-27 15:04:24 -06:00