GoSMS

SMShing implementation using GoPhish and Twilio SMS gateway

Usage

Replace email addresses with [mobile no]@gophish.sms

Thats pretty much it!

Caveats

Mobile numbers must start with country code prefix e.g. +44 = UK

SMS should contain less than 1600 characters otherwise will be split into multiple SMS's

Email template should be plaintext only, not HTML (this should be obvious)

Non-MMS, so dont use tracking image {{.Tracker}}

Email Opened - Actually means delivered (Response from Twilio API)

Setup

Clone this repo into /opt/GoSMS/

Setup Postfix

1) Tell postfix to use virtual alias db and virtual domains in /etc/postfix/main.cf:

virtual_alias_maps = hash:/etc/postfix/virtual_maps, regexp:/etc/postfix/virtual_regexp
virtual_alias_domains=/etc/postfix/virtual_domains

2) Add domain to /etc/postfix/virtual_domains

echo "gophish.sms" >> /etc/postfix/virtual_domains

3) Redirect the email to a local user by adding to /etc/postfix/virtual_regexp:

/^([^@]*)@gophish.sms$/ apache@localhost

4) Update /etc/aliases to redirect email addressed to the local user to a script:

apache: "|/usr/bin/php -q /opt/GoSMS/SendSMS.php"

5) Rebuild aliases & restart postfix

sudo newaliases; sudo postfix reload; sudo service postfix restart

Setup GoSMS

1) Set correct variables in config.php (should be self explanitory)

2) Make SMSResponse.php accessible from the web, a couple of ways of doing this:

2a) Store in webserver folder running on different port e.g. /var/www/html/SMSResponse.php with apache running on port 8888

2b) Run a simple PHP server from the /opt/GoSMS/ directory:

php -S 0.0.0.0:8888