Mirrors/gophish
2
0
Fork 0
mirror of https://github.com/gophish/gophish synced 2024-11-15 00:37:14 +00:00
Code Issues Projects Releases Packages Wiki Activity
786 commits 25 branches 17 tags 118 MiB
Commit graph

65 commits

Author SHA1 Message Date
Glenn Wilkinson
741201b7f0 Added JS for Fix sending profile form (#2389) 2022-02-16 15:30:38 +00:00
Jordan Wright
3c490dbadb Updated JS from #1976 2020-09-30 22:00:15 -05:00
Jordan Wright
c1d3c7cd75 Modified frontend reporting logic to be more flexible with campaigns that include a path in their URL. 
Fixes #1985
 2020-09-23 21:15:19 -05:00
Jordan Wright
735880c398 Creating minified JS file from chnages in #1909 2020-08-08 15:04:59 -05:00
Jordan Wright
90fed5a575 Added escaping for error message in sending profile hostname 2020-08-06 22:21:41 -05:00
Jordan Wright
b684fb4ebd Fixing issue where campaigns aren't showing up in the archived tab if they have been marked as completed. 
Fixes #1892
 2020-07-25 14:47:37 -05:00
Jordan Wright
19ef924d89 Properly escaping server output when a request is made to ping a malicious webhook URL. 
Fixes #1901
 2020-07-24 23:04:55 -05:00
Jordan Wright
b25f5ac5e4 Updated PapaParse config to prevent CSV injection. 
I've updated the PapaParse JS library to the latest version from the master branch which supports the `escapeForumlae` option in order to prevent malicious event entries from being parsed and executed by the Gophish user's spreadsheet software.

When a new PapaParse release is created, I'll update this code to use the updated minified file.
 2020-07-24 22:44:24 -05:00
Jordan Wright
4e9b94b641 Fixed validation when setting IMAP hostname 2020-07-17 22:40:10 -05:00
Jordan Wright
bb7de8df3e
Initial Implementation of a Password Policy (#1867) 
This PR adds the initial work to implement a password policy as defined in #1538.

Specifically, this implements the following

* Rate limiting for the login handler
* Implementing the ability for system admins to require a user to reset their password
* Implementing a password policy that requires passwords to be a minimum of 8 characters
* Removes the default password (gophish) for admin users to instead have the password randomly generated when Gophish first starts up
* Adds a password strength meter when choosing a new password

Fixes #1538
 2020-06-19 22:03:51 -05:00
Jordan Wright
ec8b17238e General code cleanup as part of an effort to integrate staticcheck into our CI pipeline. 2020-05-25 21:46:36 -05:00
Jordan Wright
b57210f6e7 Rebuilt JS files from #1812 2020-05-24 22:24:57 -05:00
Jordan Wright
b29544c208 Rebuilding JS files from #1838 2020-05-23 12:56:18 -05:00
Jordan Wright
726e3c96ac Rebuilding JS files from #1830 2020-05-08 21:02:05 -05:00
Jordan Wright
118d9899d6 Updated minified scripts from #1772 2020-03-15 12:41:19 -05:00
Jordan Wright
ecb6d46914 Rebuilding minified JS to support #1722 2020-01-18 12:49:34 -06:00
Jordan Wright
01287e0dd5 Minor cleanup on webhook feature integration 
- Ran gofmt
- Rebuilt minified static files
- Updated validation payload
 2019-12-15 22:07:55 -06:00
Jordan Wright
6222c5e180
Upgrade SweetAlert2 Dependency (#1583) 
Upgrades the SweetAlert2 dependency to version 8.x.x.

Co-authored-by: Glenn Wilkinson <glenn.wilkinson@gmail.com>
 2019-09-10 19:49:23 -05:00
Jordan Wright
a1a2de13a4 Added a check to ensure the target details are correct if manually created. 
Fixes #1475
 2019-05-31 19:31:16 -05:00
Jordan Wright
84096b8724
Implement User Management API (#1473) 
This implements the first pass for a user management API allowing users with the `ModifySystem` permission to create, modify, and delete users. In addition to this, any user is able to use the API to view or modify their own account information.
 2019-05-31 13:58:18 -05:00
Jordan Wright
6ca2b76ceb
Update Javascript Dependencies (#1440) 
* updated devDependencies, migrated gulpfile.js to gulp 4.0 syntax (#1438)

* Rebuilding JS dependencies with new gulp config. Updated yarn.lock.

Co-authored-by: Christian Schwartz <christian.schwartz@gmail.com>
 2019-04-21 16:34:52 -05:00
Jordan Wright
2eb4f4d348
Move API key to Bearer Token (#1439) 
* Moved api_key from URL to authorization header in requests (#1434)

* Fixing some minor formatting and rebuilding minified JS
 2019-04-21 15:21:36 -05:00
Jordan Wright
3cec2dabbf
Add Archived Campaigns View (#1367) 
* Adding archived view for campaigns (#1334)

* Formatted the code, did some very minor cleanup, and rebuilt the minified JS

Closes #448
 2019-02-19 21:30:18 -06:00
Jordan Wright
ba8ceb81da
Initial commit of RBAC support. (#1366) 
* Initial commit of RBAC support. Closes #1333
 2019-02-19 20:33:50 -06:00
Jordan Wright
4ec9f07859 Updating campaign datepicker format to match other date formats. Fixes #1288 2018-12-30 14:26:35 -06:00
Jordan Wright
b4ff771b3a Added autocomplete for template tags to the editor for email templates and landing pages. 2018-12-30 00:02:41 -06:00
Jordan Wright
191ec6e436 Added the CKEditor link dialog fixes to the email templates 2018-12-27 15:04:24 -06:00
Jordan Wright
ea97d6257d Cleaned up CKEditor link dialog to be more simple. Related to #1327 2018-12-27 14:54:04 -06:00
Jordan Wright
3b248d25c7
Make Campaign Results Pie Chart Consistent with Dashboard (#1272) 2018-11-11 15:37:49 -06:00
Jordan Wright
468da007d5 Added result ID to campaign results view. Fixes #1239 2018-10-18 15:05:59 -05:00
Jordan Wright
ebc099b6c2 Changed modals to avoid exiting when the user clicks outside them. Fixes #1236 2018-10-15 10:40:57 -05:00
Jordan Wright
c315867cea Removing console debug statements 2018-10-03 15:00:56 -05:00
Jordan Wright
a0c1860a0a Fixed bug when copying campaign. 
Fixes #549
Fixes #898
 2018-10-03 15:00:08 -05:00
Jordan Wright
c9e800dda7 Updated campaigns.js to automatically default dropdown values if only one option is available. 2018-09-09 15:08:52 -05:00
Jordan Wright
de3c3a2e9c Fixed ability to sort campaign results by reported status. Fixes #1157 2018-09-02 12:18:41 -05:00
Jordan Wright
fa1d4d74b0 Added sweetalert2 delete dialogs to all objects for consistency. 2018-09-02 12:11:06 -05:00
Jordan Wright
7dcf30f277
Add Support for Timed Campaigns (#1184) 
This builds on the work from @c-f in #1090 to fully add support for "timed" campaigns, in which the emails are spaced apart as opposed to all being sent at once.
 2018-09-02 11:17:52 -05:00
Jordan Wright
f09b448ec1 Added device details to clicked link and submitted data events. Fixes #1009 2018-06-12 20:37:09 -05:00
Jordan Wright
b2bd879318 Implemented view change to HTML WSYWIG view when HTML is imported for landing pages and email templates. Fixes #1100 2018-06-11 20:16:28 -05:00
Jordan Wright
35a8f13990 Improved group CSV parsing. Added ability to download CSV template from the group modal. 2018-06-09 13:22:11 -05:00
Jordan Wright
222399c5f6 De-emphasized campaign report icon while we don't have clients available. 2018-05-24 20:32:08 -05:00
Jordan Wright
3a7a62e9d6
Changed /api/reset to require API key instead of just requiring a valid session. Fixes #1028 2018-03-29 20:59:26 -05:00
Jordan Wright
2131c17c33
Fixing SSRF by requiring an API key for all import endpoints. Fixes #1026 2018-03-26 21:04:22 -05:00
Jordan Wright
9ba3f04d1e
For now, avoid rendering the "campaign created" events on the timeline to make things more consolidated. Fixes #999 2018-03-22 22:16:59 -05:00
Jordan Wright
f21536da7c
Adding "Report Email" Support (#1014) 
Adds the capability to report phishing campaigns using an email client extension.

**Note: Gophish does not currently provide an email client extension out of the box. This is simply a mechanism to let existing email client add-ons send report status information to Gophish, and have that information reflected in the dashboard.**
 2018-03-18 22:03:00 -05:00
Jordan Wright
ea558522a0
Events are now displayed with per-second accuracy. Fixes #909 2018-01-13 18:41:08 -06:00
Jordan Wright
8def08f46d
Changed select2 dropdowns to be in alphabetical format. Fixes #899 2018-01-13 18:12:09 -06:00
Jordan Wright
76ece15b71
Email refactoring (#878) 
The initial pass at refactoring the way we send emails.
 2017-12-09 15:42:07 -06:00
Jordan Wright
e785af5c0a Disabled turboThreshold to allow campaign timeline renders for campaigns with > 1k events. Fixes #765 
Moved datatables `draw()` functions to the end of a table render, rather than on every row
 2017-09-26 21:29:15 -05:00
Jordan Wright
8433882186 Updated papaparse. Changed export csv name to campaign.name - scope.csv syntax. Fixes #751 2017-09-19 20:33:26 -05:00