SMShing implementation using GoPhish and Twilio SMS gateway

root authored 28 days ago
README.md Minor Changes 28 days ago
SMSResponse.php Initial commit 29 days ago
SendSMS.php Initial commit 29 days ago
config.php Initial commit 29 days ago
README.md

GoSMS

SMShing implementation using GoPhish and Twilio SMS gateway

Usage

Replace email addresses with [mobile no]@gophish.sms

Thats pretty much it!

Caveats

Mobile numbers must start with country code prefix e.g. +44 = UK

SMS should contain less than 1600 characters otherwise will be split into multiple SMS's

Email template should be plaintext only, not HTML (this should be obvious)

Non-MMS, so dont use tracking image {{.Tracker}}

Email Opened - Actually means delivered (Response from Twilio API)

Setup

Clone this repo into /opt/GoSMS/

Setup Postfix

1) Tell postfix to use virtual alias db and virtual domains in /etc/postfix/main.cf:

virtual_alias_maps = hash:/etc/postfix/virtual_maps, regexp:/etc/postfix/virtual_regexp
virtual_alias_domains=/etc/postfix/virtual_domains

2) Add domain to /etc/postfix/virtual_domains

echo "gophish.sms" >> /etc/postfix/virtual_domains

3) Redirect the email to a local user by adding to /etc/postfix/virtual_regexp:

/^([^@]*)@gophish.sms$/ apache@localhost

4) Update /etc/aliases to redirect email addressed to the local user to a script:

apache: "|/usr/bin/php -q /opt/GoSMS/SendSMS.php"

5) Rebuild aliases & restart postfix

sudo newaliases; sudo postfix reload; sudo service postfix restart

Setup GoSMS

1) Set correct variables in config.php (should be self explanitory)

2) Make SMSResponse.php accessible from the web, a couple of ways of doing this:

2a) Store in webserver folder running on different port e.g. /var/www/html/SMSResponse.php with apache running on port 8888

2b) Run a simple PHP server from the /opt/GoSMS/ directory:

php -S 0.0.0.0:8888