SMShing implementation using GoPhish and Twilio SMS gateway

root authored on 18 May 2019 Minor Changes 2 years ago
SMSResponse.php Initial commit 2 years ago
SendSMS.php Initial commit 2 years ago
config.php Initial commit 2 years ago


SMShing implementation using GoPhish and Twilio SMS gateway


Replace email addresses with [mobile no]@gophish.sms

Thats pretty much it!


Mobile numbers must start with country code prefix e.g. +44 = UK

SMS should contain less than 1600 characters otherwise will be split into multiple SMS's

Email template should be plaintext only, not HTML (this should be obvious)

Non-MMS, so dont use tracking image {{.Tracker}}

Email Opened - Actually means delivered (Response from Twilio API)


Clone this repo into /opt/GoSMS/

Setup Postfix

1) Tell postfix to use virtual alias db and virtual domains in /etc/postfix/

virtual_alias_maps = hash:/etc/postfix/virtual_maps, regexp:/etc/postfix/virtual_regexp

2) Add domain to /etc/postfix/virtual_domains

echo "gophish.sms" >> /etc/postfix/virtual_domains

3) Redirect the email to a local user by adding to /etc/postfix/virtual_regexp:

/^([^@]*)@gophish.sms$/ apache@localhost

4) Update /etc/aliases to redirect email addressed to the local user to a script:

apache: "|/usr/bin/php -q /opt/GoSMS/SendSMS.php"

5) Rebuild aliases & restart postfix

sudo newaliases; sudo postfix reload; sudo service postfix restart

Setup GoSMS

1) Set correct variables in config.php (should be self explanitory)

2) Make SMSResponse.php accessible from the web, a couple of ways of doing this:

2a) Store in webserver folder running on different port e.g. /var/www/html/SMSResponse.php with apache running on port 8888

2b) Run a simple PHP server from the /opt/GoSMS/ directory:

php -S