Deploying Gophish to a VPS

Deploy Gophish to Linode, Digital Ocean, Lightsail or whatever

Standing up a new phishing infrastructure in a VPS is simple and prevents issues such as having your infrastructure blacklisted from earlier campaigns. Linode is my favorite VPS to use for phishing infrastructure because they make reverse-DNS easy which helps with spam scores, but any VPS will work. These instructions are written for Debian only, but can be altered for any Linux distribution.

Download Gophish

The first thing you need to do is set up your Debian server on your VPS. Once you have done that, you will SSH in and deploy Gophish.

The default install only listens on the loopback interface for the management service, we will either want to change that or use an SSH port forward to access the management interface.

cd /opt
mkdir gophish
cd gophish/
wget https://github.com/gophish/gophish/releases/download/v0.5.0/gophish-v0.5.0-linux-64bit.zip
apt install unzip
unzip gophish-v0.5.0-linux-64bit.zip 

Postfix Install

Next, you will install Postfix to act as your SMTP server. The following command will execute a shell in your container.

apt-get install postfix:

apt-get update 
apt-get install mailutils postfix 

After Postfix is installed, you will need to make some configuration changes. First, make the following changes:

vim /etc/postfix/main.cf 

Change inet_interfaces line to:

inet_interfaces = loopback-only 

Change myhostname line to:

myhostname = <your mail server's FQDN (mail.phish.com)>

Put your mailserver name in /etc/mailname

echo <your mail servers FQDN (mail.phish.com)> > /etc/mailname

Next, reload Postfix.

service postfix reload 

LetsEncrypt Certificate (Optional but recommended)

To get your certificate from LetsEncrypt you will need to download the certbot and add a TXT record for your phishing domain. This will be the certificate used to for the landing page, not the mail server.

Download LetsEncrypt certbot:

wget https://dl.eff.org/certbot-auto 
chmod a+x certbot-auto 

Create the DNS cert challenge.

./certbot-auto certonly -d <FQDN of your phishing domain> --manual --preferred-challenges dns 

You will be prompted during this process to add TXT record to DNS to validate domain ownership. You should verify the record propagates before continuing. I use MXToolbox to check if the record has propagated.

These certificates will be output to /etc/letsencrypt/live/. To simplify the next steps, I move the key and certificate files to the Gophish directory.

cp /etc/letsencrypt/live/<your domain>/fullchain.pem ./domain.crt 
cp /etc/letsencrypt/live/<your domain>/privkey.pem ./domain.key 

Next, you will need to modify the config for Gophish. When this is inished, we should be all set to start Gophish.

vim config.json

Change the config file to point to your new certs, and to listen on port 443.

"phish server" : {
    "listen_url" : "0.0.0.0:443",
    "use_tls" : true,
    "cert_path" : "domain.crt",
    "key_path" : "domain.key"

You can now start Gophish, be sure to change the default password.

./gophish > log.log &

Accessing Gophish management console

To do the SSH port forward, run the following command from your machine to the Gophish server.

ssh -L 3333:<IP Address>:3333 user@<IP Address>

To change the listen address on the Gophish server, make the following change.

vim config.json

Change the following line.

"admin_server" : {
    "listen_url" : "0.0.0.0:3333",