A Step-by-Step Guide to Installing Gophish on Ubuntu & Debian
In today’s security landscape, employee awareness is one of the most critical lines of defense against cyber threats. Phishing attacks remain a primary vector for breaches, making it essential to train your team to recognize and report suspicious emails. Gophish is a powerful, open-source phishing framework that allows you to run realistic phishing simulations to test and educate your staff, strengthening your organization’s overall security posture.
This guide provides a comprehensive walkthrough for installing and configuring Gophish on servers running Ubuntu (20.04, 22.04) and recent versions of Debian.
Prerequisites
Before we begin, ensure you have the following:
- A server running a fresh installation of Ubuntu or Debian.
- Access to a user account with
sudoor root privileges.
First, let’s update your system’s package list and upgrade existing packages to ensure everything is current.
sudo apt update && sudo apt upgrade -y
You will also need the unzip utility to extract the Gophish archive. If it’s not already installed, run the following command:
sudo apt install unzip -y
Step 1: Download the Gophish Framework
Gophish is distributed as a pre-compiled binary, which simplifies the installation process significantly. You can find the latest version on the official Gophish GitHub releases page.
We will use wget to download the archive directly to our server. Remember to check the GitHub page for the latest version number and update the URL in the command below accordingly.
wget https://github.com/gophish/gophish/releases/download/v0.12.1/gophish-v0.12.1-linux-64bit.zip
Step 2: Unzip and Place the Gophish Directory
Once the download is complete, unzip the archive.
unzip gophish-v0.12.1-linux-64bit.zip
This command will create a directory named gophish-v0.12.1-linux-64bit containing all the necessary files. For better organization and ease of management, it’s best practice to move this directory to /opt, a standard location for optional software packages.
sudo mv gophish-v0.12.1-linux-64bit /opt/gophish
Now, navigate into the new Gophish directory.
cd /opt/gophish
Step 3: Configure Gophish for Secure Access
Before running Gophish for the first time, you must make a critical configuration change for security. The main configuration file is config.json. Open it with a text editor like nano.
sudo nano config.json
Inside this file, you will find a parameter called listen_url. By default, it is set to 0.0.0.0:3333, which would expose your Gophish admin panel to the entire internet. This is highly insecure.
You must change the listen_url to 127.0.0.1:3333. This ensures the admin interface is only accessible from the server itself (localhost). We will later configure a secure way to access it publicly if needed.
{
"admin_server": {
"listen_url": "127.0.0.1:3333",
"use_tls": true,
"cert_path": "gophish_admin.crt",
"key_path": "gophish_admin.key"
},
...
}
Save the file and exit the editor (Ctrl+X, then Y, then Enter in nano).
Step 4: Run Gophish and Get Your Initial Password
With the configuration complete, make the Gophish binary executable.
sudo chmod +x gophish
Now, run Gophish for the first time from within the /opt/gophish directory.
sudo ./gophish
When you run it, the console will output some initial logs. Pay close attention to the output, as it will display the one-time administrative password. It will look something like this:
Please login with the username admin and the password YOUR_TEMPORARY_PASSWORD
Copy this password immediately and store it in a safe place. You will need it to log in for the first time. You can stop the process by pressing Ctrl+C.
Step 5: Create a Systemd Service for Gophish
To ensure Gophish runs automatically on startup and can be managed like a standard system service, we’ll create a systemd service file.
Create a new file in the /etc/systemd/system/ directory:
sudo nano /etc/systemd/system/gophish.service
Paste the following content into the file. This configuration tells systemd how to start, stop, and manage the Gophish process.
[Unit]
Description=Gophish Phishing Framework
After=network.target
[Service]
User=root
WorkingDirectory=/opt/gophish
ExecStart=/opt/gophish/gophish
Restart=always
[Install]
WantedBy=multi-user.target
Save and close the file. Now, reload the systemd daemon to recognize the new service, enable it to start on boot, and start it immediately.
sudo systemctl daemon-reload
sudo systemctl enable gophish
sudo systemctl start gophish
You can check the status of the service to ensure it’s running correctly:
sudo systemctl status gophish
Essential Security Hardening and Access
Your Gophish instance is now running, but the admin panel is only listening on localhost. This is the secure way to set it up. To access it, you have two primary options:
SSH Tunnel (Quick Access): For quick, temporary access, you can forward the port through an SSH tunnel from your local machine.
ssh -L 3333:127.0.0.1:3333 user@your_server_ipYou can then open
https://127.0.0.1:3333in your local web browser.Reverse Proxy (Recommended for Production): The best practice for production use is to set up a reverse proxy like Nginx or Caddy. This allows you to place Gophish behind a proper web server, enabling you to use a domain name and secure the admin panel with a free SSL/TLS certificate from Let’s Encrypt. This is the most secure and professional method.
Finally, it is crucial to configure your firewall. Use ufw (Uncomplicated Firewall) or a similar tool to ensure that only the necessary ports are open to the public.
- Allow SSH (port 22): So you can manage your server.
- Allow HTTP (port 80): For the phishing server landing pages.
- Allow HTTPS (port 443): If you are using a reverse proxy for the admin panel.
- Keep port 3333 blocked from the public internet.
Your Gophish installation is now complete, secure, and ready for you to create your first phishing awareness campaign. Log in with the username admin and your temporary password, and be sure to change your password immediately in the settings.
Source: https://kifarunix.com/install-gophish-on-ubuntu-18-04-debian-9-8/
