SMShing implementation using GoPhish and Twilio SMS gateway

root authored 28 days ago Minor Changes 28 days ago
SMSResponse.php Initial commit 29 days ago
SendSMS.php Initial commit 29 days ago
config.php Initial commit 29 days ago


SMShing implementation using GoPhish and Twilio SMS gateway


Replace email addresses with [mobile no]@gophish.sms

Thats pretty much it!


Mobile numbers must start with country code prefix e.g. +44 = UK

SMS should contain less than 1600 characters otherwise will be split into multiple SMS's

Email template should be plaintext only, not HTML (this should be obvious)

Non-MMS, so dont use tracking image {{.Tracker}}

Email Opened - Actually means delivered (Response from Twilio API)


Clone this repo into /opt/GoSMS/

Setup Postfix

1) Tell postfix to use virtual alias db and virtual domains in /etc/postfix/

virtual_alias_maps = hash:/etc/postfix/virtual_maps, regexp:/etc/postfix/virtual_regexp

2) Add domain to /etc/postfix/virtual_domains

echo "gophish.sms" >> /etc/postfix/virtual_domains

3) Redirect the email to a local user by adding to /etc/postfix/virtual_regexp:

/^([^@]*)@gophish.sms$/ apache@localhost

4) Update /etc/aliases to redirect email addressed to the local user to a script:

apache: "|/usr/bin/php -q /opt/GoSMS/SendSMS.php"

5) Rebuild aliases & restart postfix

sudo newaliases; sudo postfix reload; sudo service postfix restart

Setup GoSMS

1) Set correct variables in config.php (should be self explanitory)

2) Make SMSResponse.php accessible from the web, a couple of ways of doing this:

2a) Store in webserver folder running on different port e.g. /var/www/html/SMSResponse.php with apache running on port 8888

2b) Run a simple PHP server from the /opt/GoSMS/ directory:

php -S