Get statistics from GoPhish campaign

root authored 16 days ago
Classes Initial commit 16 days ago
GoStats.php Initial commit 16 days ago
README.md Initial commit 16 days ago
README.md

GoStats

Get statistics from GoPhish campaigns

Requirements

Pwdlyser - https://github.com/ins1gn1a/Pwdlyser

Installation and Usage

git clone the repo

chmod +x ./GoStats.php

Modify GoStats.php to contain your gophish URL, API key and path to pwdlyser

./GoStats.php

Example Output

root[/opt/GoStats]: ./GoStats.php
╔═╗┌─┐╔═╗┌┬┐┌─┐┌┬┐┌─┐
║ ╦│ │╚═╗ │ ├─┤ │ └─┐ v1.0
╚═╝└─┘╚═╝ ┴ ┴ ┴ ┴ └─┘
--help|-h                Shows help message
--list|-l                List campaigns and their ID's
--campaign|-c=integer    Get campaign by id
--dump|-d=string         Dump user:pass list to </path/to/file.txt>
--training|-t=string     Dump list of users requiring training </path/to/file.txt>
--all|-a                 All of the below options
--ips|-i                 Top 10 IP's
--useragent|-u           Top 10 user agents
--attempts|-m            Top 10 attempts to log in
--active|-o              Active times
--speed|-e               Clickthrough speed
--stats|-s               Victim statistics
--pass|-p                Password analysis with pwdlyser

root[/opt/GoStats]: ./GoStats.php -l
╔═╗┌─┐╔═╗┌┬┐┌─┐┌┬┐┌─┐
║ ╦│ │╚═╗ │ ├─┤ │ └─┐ v1.0
╚═╝└─┘╚═╝ ┴ ┴ ┴ ┴ └─┘
[+] Getting data from server
[id] -campaign name-
[33] Campaign_01
[60] Campaign_02

root[/opt/GoStats]: ./GoStats.php -c 60 -a
╔═╗┌─┐╔═╗┌┬┐┌─┐┌┬┐┌─┐
║ ╦│ │╚═╗ │ ├─┤ │ └─┐ v1.0
╚═╝└─┘╚═╝ ┴ ┴ ┴ ┴ └─┘
[+] Getting data from server
[60] Campaign_02

[+] Notable times
Campaign launched: 16-10-2017 09:28
First email sent: 16-10-2017 10:20
Last email sent: 16-10-2017 10:25
First email opened: 16-10-2017 10:28
First page view: 16-10-2017 10:28
First credentials submitted: 16-10-2017 10:29
Campaign finished: 21-10-2017 10:09

[+] Top 10 IPs
[177] 130.***.**.50 - United Kingdom, London
[96] 212.***.**.69 - France, 
[41] 86.**.**.2 - United Kingdom, Edgware
[32] 193.***.**.190 - United Kingdom, 
[28] 205.***.**.189 - United States, Chesterfield
[19] 86.***.***.47 - United Kingdom, Gillingham
[15] 82.**.**.34 - United Kingdom, Bradford-on-Avon
[14] 24.**.***.62 - United States, New York
[9] 66.**.**.130 - United States, West Jordan
[7] 2.**.**.183 - United Kingdom, London

[+] Top 10 User Agents
[60] WebClient/1.0
[32] Mozilla/4.0 (redacted details)
[30] Mozilla/4.0 (redacted details)
[29] Mozilla/4.0 (redacted details)
[26] Mozilla/4.0 (redacted details)
[26] Mozilla/4.0 (redacted details)
[22] Mozilla/4.0 (redacted details)
[20] Mozilla/5.0 (redacted details) Chrome/61.0.3163.100 Safari/537.36
[18] Mozilla/4.0 (redacted details)
[16] Mozilla/4.0 (redacted details) AppleWebKit/603.3.8 

[+] Top 10 Login Attempts
[19] b**********s@w***n.com
[12] b***************o@w***n.com
[8] n*************e@g*********e.com
[7] c****a@w***n.com
[7] s***************d@g*********e.com
[7] e**********r@w***n.com
[6] c*********m@w***n.com
[5] d******j@w***n.com
[3] j********d@a********l.com
[3] c***********n@a********l.com

[+] Active times (hour, actions & percent)
 0 -      =  0.00%  |  12 -   28 =  5.47% 
 1 -      =  0.00%  |  13 -   22 =  4.30% 
 2 -      =  0.00%  |  14 -   31 =  6.05% 
 3 -      =  0.00%  |  15 -   25 =  4.88% 
 4 -      =  0.00%  |  16 -   53 = 10.35% 
 5 -    1 =  0.20%  |  17 -    2 =  0.39% 
 6 -    5 =  0.98%  |  18 -   18 =  3.52% 
 7 -    9 =  1.76%  |  19 -    8 =  1.56% 
 8 -   21 =  4.10%  |  20 -      =  0.00% 
 9 -  134 = 26.17%  |  21 -    4 =  0.78% 
10 -  125 = 24.41%  |  22 -    1 =  0.20% 
11 -   24 =  4.69%  |  23 -    1 =  0.20% 
12 -   28 =  5.47%  |  24 -      =  0.00%

[+] Clickthrough Speed
Quickest click: 2 sec
Longest click: 18 min
Users clicked < 5 sec: 7
Users clicked < 30 sec: 11
Users clicked < 1 min: 16

[+] Victim Statistics
Targets: 136
Email opened: 15 (11.03%)
Visited link: 20 (14.71%)
Submitted data: 20 (14.71%)
Total login attempts: 96

[+] Password Statistics
[+] Launching pwdlyzer
[!] pwdlyzer results at: /tmp/GoStats-VpGHth