gophish-docker 🎣🐳

Docker Image

Creates a Docker container with an installation of the gophish phishing framework.

Running

Running with Docker

To run the cisagov/gophish image via Docker:

docker run cisagov/gophish:0.0.8

Running with Docker Compose

Create a docker-compose.yml file similar to the one below to use Docker Compose.

---
version: "3.7"

services:
  gophish:
    image: cisagov/gophish:0.0.8
    ports:
      - target: 3333
        published: 3333
        protocol: tcp
        mode: host
      - target: 8080
        published: 3380
        protocol: tcp
        mode: host

Start the container and detach:
```
docker compose up --detach
```

Using secrets with your container

This container also supports passing sensitive values via Docker secrets. Passing sensitive values like your credentials can be more secure using secrets than using environment variables. See the secrets section below for a table of all supported secret files.

To use secrets, create a file or files containing the values you want set.

Then add the secret or secrets to your docker-compose.yml file:

---
version: "3.7"

secrets:
  config_json:
    file: ./src/secrets/config.json
  admin_fullchain_pem:
    file: ./src/secrets/admin_fullchain.pem
  admin_privkey_pem:
    file: ./src/secrets/admin_privkey.pem
  phish_fullchain_pem:
    file: ./src/secrets/phish_fullchain.pem
  phish_privkey_pem:
    file: ./src/secrets/phish_privkey.pem

services:
  gophish:
    image: cisagov/gophish:0.0.8
    ports:
      - target: 3333
        published: 3333
        protocol: tcp
        mode: host
      - target: 8080
        published: 3380
        protocol: tcp
        mode: host
    secrets:
      - source: config_json
        target: config.json
      - source: admin_fullchain_pem
        target: admin_fullchain.pem
      - source: admin_privkey_pem
        target: admin_privkey.pem
      - source: phish_fullchain_pem
        target: phish_fullchain.pem
      - source: phish_privkey_pem
        target: phish_privkey.pem

Updating your container

Docker Compose

Pull the new image from Docker Hub:
```
docker compose pull
```
Recreate the running container by following the previous instructions:
```
docker compose up --detach
```

Docker

Stop the running container:
```
docker stop <container_id>
```
Pull the new image:
```
docker pull cisagov/gophish:0.0.8
```
Recreate and run the container by following the previous instructions.

Image tags

The images of this container are tagged with semantic versions of the underlying gophish project that they containerize. It is recommended that most users use a version tag (e.g. :0.0.8).

Image:tag	Description
`cisagov/gophish:0.0.8`	An exact release version.
`cisagov/gophish:0.0`	The most recent release matching the major and minor version numbers.
`cisagov/gophish:0`	The most recent release matching the major version number.
`cisagov/gophish:edge`	The most recent image built from a merge into the `develop` branch of this repository.
`cisagov/gophish:nightly`	A nightly build of the `develop` branch of this repository.
`cisagov/gophish:latest`	The most recent release image pushed to a container registry. Pulling an image using the `:latest` tag should be avoided.

See the tags tab on Docker Hub for a list of all the supported tags.

Volumes

There are no volumes.

Ports

The following ports are exposed by this container:

Port	Purpose
3333	Admin server
8080	Phishing server

The sample Docker composition publishes the exposed ports at 3333 and 3380, respectively.

Environment variables

Required

There are no required environment variables.

Optional

There are no optional environment variables.

Secrets

Filename	Purpose
`config.json`	Gophish configuration file
`admin_fullchain.pem`	public key for admin port
`admin_privkey.pem`	private key for admin port
`phish_fullchain.pem`	public key for phishing port
`phish_privkey.pem`	private key for phishing port

Building from source

Build the image locally using this git repository as the build context:

docker build \
  --build-arg VERSION=0.0.8 \
  --tag cisagov/gophish:0.0.8 \
  https://github.com/cisagov/gophish-docker.git#develop

Cross-platform builds

To create images that are compatible with other platforms, you can use the buildx feature of Docker:

Copy the project to your machine using the Code button above or the command line:
```
git clone https://github.com/cisagov/gophish-docker.git
cd gophish-docker
```
Create the Dockerfile-x file with buildx platform support:
```
./buildx-dockerfile.sh
```

Build the image using buildx:

docker buildx build \
  --file Dockerfile-x \
  --platform linux/amd64 \
  --build-arg VERSION=0.0.8 \
  --output type=docker \
  --tag cisagov/gophish:0.0.8 .

Contributing

We welcome contributions! Please see CONTRIBUTING.md for details.

License

This project is in the worldwide public domain.

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.

Make `get-api-key` name and output less ambiguous

💡 Summary

Currently, the get-api-key script will output one API key for every user in the Gophish database. At minimum, this script should be modified so that its name is changed to get-api-keys and documented appropriately to make it clear that multiple keys may be returned.

Two other solutions have been discussed:

Make the script accept an optional username as an input and output the API key of that user if it exists. If no username is supplied, the username of the default Gophish user (e.g. admin) would be used.
Have the script simply return the API key of the default Gophish user.

If either of those solutions are implemented, it's important to conspicuously document the fact that this script will not work as intended if the default Gophish user is ever deleted.

Motivation and context

This was originally noted by @mcdonnnj in cisagov/pca-gophish-composition-packer#70 (review). That PR added a band-aid solution in response to the issues noted above.

Implementation notes

See options discussed in "Summary" section above.

Acceptance criteria

The name of the get-api-key accurately reflects the full range of potential outputs (i.e. zero or more API keys).
The code and README are updated to reflect the changes made.
Optional: The script accepts a username as input and outputs the corresponding API key. The username here may be optional and default to a particular Gophish user.

cisagov / gophish-docker Goto Github PK

gophish-docker's Introduction

gophish-docker 🎣🐳

Docker Image

Running

Running with Docker

Running with Docker Compose

Using secrets with your container

Updating your container

Docker Compose

Docker

Image tags

Volumes

Ports

Environment variables

Required

Optional

Secrets

Building from source

Cross-platform builds

Contributing

License

gophish-docker's People

Contributors

Stargazers

Watchers

Forkers

gophish-docker's Issues

💡 Summary

Motivation and context

Implementation notes

Acceptance criteria

💡 Summary

Motivation and context

Acceptance criteria

💡 Summary

💡 Summary

Motivation and context

Implementation notes

Acceptance criteria

Recommend Projects

Recommend Topics

Recommend Org