### Install Gophish from Source
Source: https://docs.getgophish.com/user-guide/installation
Commands to download and build the Gophish binary using the Go toolchain.
```bash
go get github.com/gophish/gophish
```
```bash
go build
```
--------------------------------
### Plain Text Template Variable Example
Source: https://docs.getgophish.com/user-guide/documentation/attachments
Demonstrates the use of Gophish template variables within a plain text file.
```text
Hello {{.FirstName}},
This is a plain text file that was sent to {{.Email}}. If you could be so kind as to copy and paste this URL into your browser: {{.URL}}
```
--------------------------------
### Run Gophish Executable
Source: https://docs.getgophish.com/user-guide/installation
Navigate to the directory containing the Gophish binary and execute it to start the application. This will display informational output including server addresses, ports, and login credentials.
```bash
gophish@gophish.dev:~/src/github.com/gophish/gophish$ ./gophish
```
```log
time="2020-06-30T08:04:33-05:00" level=warning msg="No contact address has been configured."
time="2020-06-30T08:04:33-05:00" level=warning msg="Please consider adding a contact_address entry in your config.json"
time="2020-06-30T08:04:33-05:00" level=info msg="Please login with the username admin and the password 1178f855283d03d3"
time="2020-06-30T08:04:33-05:00" level=info msg="Starting phishing server at http://0.0.0.0:80"
time="2020-06-30T08:04:33-05:00" level=info msg="Starting IMAP monitor manager"
time="2020-06-30T08:04:33-05:00" level=info msg="Starting admin server at https://127.0.0.1:3333"
time="2020-06-30T08:04:33-05:00" level=info msg="Background Worker Started Successfully - Waiting for Campaigns"
time="2020-06-30T08:04:33-05:00" level=info msg="Starting new IMAP monitor for user admin"
```
--------------------------------
### Example Webhook Signature Header
Source: https://docs.getgophish.com/user-guide/documentation/webhooks
This is an example of the X-Gophish-Signature header sent with webhook requests. It uses the HMAC-SHA256 algorithm.
```http
POST /webhook HTTP/1.1
Host: localhost:9999
Accept-Encoding: gzip
Content-Length: 226
Content-Type: application/json
User-Agent: Go-http-client/1.1
X-Gophish-Signature: sha256=2be52d4b83eb7f19b0ecc75ebd6441cefea5512443eb18d38a8beb2e7584a66c
```
--------------------------------
### Calendar Invitation Template Variable Example
Source: https://docs.getgophish.com/user-guide/documentation/attachments
Demonstrates the use of Gophish template variables within an .ics calendar file.
```text
BEGIN:VCALENDAR
DTSTAMP:20210306T182251Z
DTSTART;TZID=Europe/London:20210306T183000
DTEND;TZID=Europe/London:20210306T190000
SUMMARY:Gophish Test Calendar
TZID:Europe/London
DESCRIPTION:Glenn is inviting you to a Zoom meeting.
n\nJoin Zoom Meeting\n{{.URL}}
LOCATION:{{.URL}}
END:VCALENDAR
```
--------------------------------
### Run GoPhish Binary and View Logs
Source: https://docs.getgophish.com/user-guide/getting-started
Execute the GoPhish binary in your command shell. The output will display server startup information, database creation details, and temporary admin credentials for versions after v0.10.1. Ensure you have the necessary permissions if binding to privileged ports like TCP 80.
```bash
gophish@gophish.dev:~/src/github.com/gophish/gophish$ ./gophish
time="2020-06-30T08:04:33-05:00" level=warning msg="No contact address has been configured."
time="2020-06-30T08:04:33-05:00" level=warning msg="Please consider adding a contact_address entry in your config.json"
time="2020-06-30T08:04:33-05:00" level=info msg="Please login with the username admin and the password 1178f855283d03d3"
time="2020-06-30T08:04:33-05:00" level=info msg="Starting phishing server at http://0.0.0.0:80"
time="2020-06-30T08:04:33-05:00" level=info msg="Starting IMAP monitor manager"
time="2020-06-30T08:04:33-05:00" level=info msg="Starting admin server at https://127.0.0.1:3333"
time="2020-06-30T08:04:33-05:00" level=info msg="Background Worker Started Successfully - Waiting for Campaigns"
time="2020-06-30T08:04:33-05:00" level=info msg="Starting new IMAP monitor for user admin"
```
--------------------------------
### Create Gophish Database in MySQL
Source: https://docs.getgophish.com/user-guide/installation
Execute this SQL command to create the `gophish` database with the correct character set and collation, which is necessary for Gophish to function correctly.
```sql
CREATE DATABASE gophish CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
```
--------------------------------
### Configure Admin Server for TLS
Source: https://docs.getgophish.com/user-guide/installation
JSON configuration snippet to enable TLS and specify certificate paths in config.json.
```json
"admin_server" : {
"listen_url" : "127.0.0.1:3333",
"use_tls" : true,
"cert_path" : "gophish.crt",
"key_path" : "gophish.key"
}
```
--------------------------------
### Configure MySQL for Gophish
Source: https://docs.getgophish.com/user-guide/installation
Add these lines to `/etc/mysql/mysql.cnf` to set the `sql_mode` for MySQL versions 5.7 and above, ensuring compatibility with Gophish's datetime format.
```ini
[mysqld]
sql_mode=ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
```
--------------------------------
### Template Variables Reference
Source: https://docs.getgophish.com/user-guide/template-reference
List of available variables for Gophish templates and landing pages.
```APIDOC
## Template Variables
### Description
Variables available for use in templates and landing pages. Note that these variables are case-sensitive.
### Variables
- **{{.RId}}** - The target's unique ID
- **{{.FirstName}}** - The target's first name
- **{{.LastName}}** - The target's last name
- **{{.Position}}** - The target's position
- **{{.Email}}** - The target's email address
- **{{.From}}** - The spoofed sender
- **{{.TrackingURL}}** - The URL to the tracking handler
- **{{.Tracker}}** - An alias for
- **{{.URL}}** - The phishing URL
- **{{.BaseURL}}** - The base URL with the path and rid parameter stripped. Useful for making links to static files.
```
--------------------------------
### Redirect logs via shell
Source: https://docs.getgophish.com/user-guide/documentation/logging
Use standard shell redirection to capture logs to a file for Gophish versions prior to 0.8.0.
```bash
$ ./gophish > gophish.log 2>&1
```
--------------------------------
### Configure Database Connection in config.json
Source: https://docs.getgophish.com/user-guide/installation
Update the `db_name` and `db_path` entries in `config.json` to match your MySQL deployment. The `db_path` format is `username:password@(host:port)/database?charset=utf8&parseTime=True&loc=UTC`.
```json
"db_name" : "mysql",
"db_path" : "root:@(:3306)/gophish?charset=utf8&parseTime=True&loc=UTC",
```
--------------------------------
### Configure logging in config.json
Source: https://docs.getgophish.com/user-guide/documentation/logging
Specify a log filename directly in the Gophish configuration file for versions 0.8.0 and later.
```json
"logging": {
"filename": "gophish.log"
}
```
--------------------------------
### Secure Configuration File
Source: https://docs.getgophish.com/user-guide/installation
Command to restrict file permissions for the configuration file on Linux systems.
```bash
chmod 640 config.json
```
--------------------------------
### Generate Self-Signed SSL Certificate
Source: https://docs.getgophish.com/user-guide/installation
OpenSSL command to create a new RSA private key and a self-signed X.509 certificate.
```bash
openssl req -newkey rsa:2048 -nodes -keyout gophish.key -x509 -days 365 -out gophish.crt
```
--------------------------------
### Tracking Office Document Opens with Linked Image
Source: https://docs.getgophish.com/user-guide/documentation/attachments
Embed `{{.TrackingURL}}` as a linked image in an Office document. When the document is opened, the image will be loaded, triggering a request to the GoPhish server and marking the document as opened. Ensure the Tracking URL is not included in the email body.
```text
INCLUDEPICTURE "{{.TrackingURL}}" \d
```
--------------------------------
### Define HTML Form for Data Capture
Source: https://docs.getgophish.com/user-guide/faq
Minimal HTML form structure required for Gophish to capture submitted input data.
```markup