diff --git a/README.md b/README.md
index a37f455..2e0c57f 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,58 @@
-GoSMS
+<u>GoSMS</u>
===============
-SMSishing implementation using GoPhish
\ No newline at end of file
+SMSishing implementation using GoPhish and Trilio SMS gateway
+
+<u>Usage</u>
+===============
+replace email addresses with [mobile no]@gophish.sms where mobile number stats with country code prefix e.g. +44 = UK
+
+SMS should contain less than 1600 characters otherwise will be split into multiple SMS's
+
+Email template should be plaintext only, not HTML (this should be obvious)
+
+non-MMS so dont use tracking image {{.Tracker}} or HTML contents
+
+Email Opened - actually means delivered (Response from Trilio API)
+
+<u>Setup</u>
+===============
+Clone this repo into /opt/GoSMS/
+
+#Setup Postfix
+
+1) Tell Postfix To Use Our Virtual Alias db and virtual domains in **/etc/postfix/main.cf**:
+
+ virtual_alias_maps = hash:/etc/postfix/virtual_maps, regexp:/etc/postfix/virtual_regexp
+ virtual_alias_domains=/etc/postfix/virtual_domains
+
+2) add domain to **/etc/postfix/virtual_domains**
+
+ echo "gophish.sms" >> /etc/postfix/virtual_domains
+
+3) Redirect the email to a local user by adding to **/etc/postfix/virtual_regexp**:
+
+ /^([^@]*)@gophish.sms$/ apache@localhost
+
+4) Update **/etc/aliases** to redirect email addressed to the local user to a script:
+
+ apache: "|/usr/bin/php -q /opt/GoSMS/SendSMS.php"
+
+5) Rebuild Aliases & Restart Postfix
+
+ sudo newaliases; sudo postfix reload; sudo service postfix restart
+
+
+#setup GoSMS
+
+1) Set correct variables in config.php (should be self explanitory)
+
+2) Make SMSResponse.php accessible from the web, a couple of ways of doing this:
+
+2a) Sore in webserver folder running on different port e.g. /var/www/html/SMSResponse.php with apache running on port 8888
+
+2b) run a simple PHP server from the GoSMS directory:
+
+ php -S 0.0.0.0:8888
+
+
diff --git a/README.md b/README.md
index a37f455..2e0c57f 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,58 @@
-GoSMS
+<u>GoSMS</u>
===============
-SMSishing implementation using GoPhish
\ No newline at end of file
+SMSishing implementation using GoPhish and Trilio SMS gateway
+
+<u>Usage</u>
+===============
+replace email addresses with [mobile no]@gophish.sms where mobile number stats with country code prefix e.g. +44 = UK
+
+SMS should contain less than 1600 characters otherwise will be split into multiple SMS's
+
+Email template should be plaintext only, not HTML (this should be obvious)
+
+non-MMS so dont use tracking image {{.Tracker}} or HTML contents
+
+Email Opened - actually means delivered (Response from Trilio API)
+
+<u>Setup</u>
+===============
+Clone this repo into /opt/GoSMS/
+
+#Setup Postfix
+
+1) Tell Postfix To Use Our Virtual Alias db and virtual domains in **/etc/postfix/main.cf**:
+
+ virtual_alias_maps = hash:/etc/postfix/virtual_maps, regexp:/etc/postfix/virtual_regexp
+ virtual_alias_domains=/etc/postfix/virtual_domains
+
+2) add domain to **/etc/postfix/virtual_domains**
+
+ echo "gophish.sms" >> /etc/postfix/virtual_domains
+
+3) Redirect the email to a local user by adding to **/etc/postfix/virtual_regexp**:
+
+ /^([^@]*)@gophish.sms$/ apache@localhost
+
+4) Update **/etc/aliases** to redirect email addressed to the local user to a script:
+
+ apache: "|/usr/bin/php -q /opt/GoSMS/SendSMS.php"
+
+5) Rebuild Aliases & Restart Postfix
+
+ sudo newaliases; sudo postfix reload; sudo service postfix restart
+
+
+#setup GoSMS
+
+1) Set correct variables in config.php (should be self explanitory)
+
+2) Make SMSResponse.php accessible from the web, a couple of ways of doing this:
+
+2a) Sore in webserver folder running on different port e.g. /var/www/html/SMSResponse.php with apache running on port 8888
+
+2b) run a simple PHP server from the GoSMS directory:
+
+ php -S 0.0.0.0:8888
+
+
diff --git a/SMSResponse.php b/SMSResponse.php
new file mode 100644
index 0000000..2ec7344
--- /dev/null
+++ b/SMSResponse.php
@@ -0,0 +1,55 @@
+<?php
+include('/opt/GoSMS/config.php');
+
+if($_REQUEST['SmsStatus'] == "delivered" && isset($_REQUEST['To'])){
+ $phoneNo = $_REQUEST['To'];
+ echo "[?] Searching for running campaigns\n";
+ $curl = new curl();
+ $curl->url = "$GophishAPIURL/api/campaigns/?api_key=$key";
+ $list = $curl->curlQuery();
+
+ if(isset($list->message) && $list->message == "Invalid API Key"){
+ echo "[!] Invalid API key\n";
+ exit(0);
+ }else{
+ foreach($list as $id){
+ if($id['status'] == "In progress"){
+ echo "[+] Found: ID: ".$id['id']." Name: ".$id['name']."\n";
+ foreach($id['results'] as $victim){
+ echo "[?] Searching for victim with $phoneNo\n";
+ if($victim['email'] == "$phoneNo@gophish.sms"){
+ echo "[+] Found RID: ".$victim['id']."\n";
+ echo "[!] Grabbing tracking image\n";
+ $curl->url = "$PhishURL/track?rid=".$victim['id'];
+ $list = $curl->curlQuery();
+ }
+ }
+ }
+
+ }
+ }
+ exit(0);
+}
+
+class curl {
+ public function curlQuery() {
+ $ch = curl_init();
+
+ curl_setopt($ch, CURLOPT_URL, $this->url);
+ curl_setopt($ch, CURLOPT_HEADER, 0);
+ curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, True);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+ //curl_setopt($ch, CURLOPT_VERBOSE, true); // verbose mode for debugging
+
+ $json = curl_exec($ch);
+
+ curl_close($ch);
+
+ $array = json_decode($json, true);
+ return $array;
+ }
+}
+
+?>
\ No newline at end of file
diff --git a/README.md b/README.md
index a37f455..2e0c57f 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,58 @@
-GoSMS
+<u>GoSMS</u>
===============
-SMSishing implementation using GoPhish
\ No newline at end of file
+SMSishing implementation using GoPhish and Trilio SMS gateway
+
+<u>Usage</u>
+===============
+replace email addresses with [mobile no]@gophish.sms where mobile number stats with country code prefix e.g. +44 = UK
+
+SMS should contain less than 1600 characters otherwise will be split into multiple SMS's
+
+Email template should be plaintext only, not HTML (this should be obvious)
+
+non-MMS so dont use tracking image {{.Tracker}} or HTML contents
+
+Email Opened - actually means delivered (Response from Trilio API)
+
+<u>Setup</u>
+===============
+Clone this repo into /opt/GoSMS/
+
+#Setup Postfix
+
+1) Tell Postfix To Use Our Virtual Alias db and virtual domains in **/etc/postfix/main.cf**:
+
+ virtual_alias_maps = hash:/etc/postfix/virtual_maps, regexp:/etc/postfix/virtual_regexp
+ virtual_alias_domains=/etc/postfix/virtual_domains
+
+2) add domain to **/etc/postfix/virtual_domains**
+
+ echo "gophish.sms" >> /etc/postfix/virtual_domains
+
+3) Redirect the email to a local user by adding to **/etc/postfix/virtual_regexp**:
+
+ /^([^@]*)@gophish.sms$/ apache@localhost
+
+4) Update **/etc/aliases** to redirect email addressed to the local user to a script:
+
+ apache: "|/usr/bin/php -q /opt/GoSMS/SendSMS.php"
+
+5) Rebuild Aliases & Restart Postfix
+
+ sudo newaliases; sudo postfix reload; sudo service postfix restart
+
+
+#setup GoSMS
+
+1) Set correct variables in config.php (should be self explanitory)
+
+2) Make SMSResponse.php accessible from the web, a couple of ways of doing this:
+
+2a) Sore in webserver folder running on different port e.g. /var/www/html/SMSResponse.php with apache running on port 8888
+
+2b) run a simple PHP server from the GoSMS directory:
+
+ php -S 0.0.0.0:8888
+
+
diff --git a/SMSResponse.php b/SMSResponse.php
new file mode 100644
index 0000000..2ec7344
--- /dev/null
+++ b/SMSResponse.php
@@ -0,0 +1,55 @@
+<?php
+include('/opt/GoSMS/config.php');
+
+if($_REQUEST['SmsStatus'] == "delivered" && isset($_REQUEST['To'])){
+ $phoneNo = $_REQUEST['To'];
+ echo "[?] Searching for running campaigns\n";
+ $curl = new curl();
+ $curl->url = "$GophishAPIURL/api/campaigns/?api_key=$key";
+ $list = $curl->curlQuery();
+
+ if(isset($list->message) && $list->message == "Invalid API Key"){
+ echo "[!] Invalid API key\n";
+ exit(0);
+ }else{
+ foreach($list as $id){
+ if($id['status'] == "In progress"){
+ echo "[+] Found: ID: ".$id['id']." Name: ".$id['name']."\n";
+ foreach($id['results'] as $victim){
+ echo "[?] Searching for victim with $phoneNo\n";
+ if($victim['email'] == "$phoneNo@gophish.sms"){
+ echo "[+] Found RID: ".$victim['id']."\n";
+ echo "[!] Grabbing tracking image\n";
+ $curl->url = "$PhishURL/track?rid=".$victim['id'];
+ $list = $curl->curlQuery();
+ }
+ }
+ }
+
+ }
+ }
+ exit(0);
+}
+
+class curl {
+ public function curlQuery() {
+ $ch = curl_init();
+
+ curl_setopt($ch, CURLOPT_URL, $this->url);
+ curl_setopt($ch, CURLOPT_HEADER, 0);
+ curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, True);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+ //curl_setopt($ch, CURLOPT_VERBOSE, true); // verbose mode for debugging
+
+ $json = curl_exec($ch);
+
+ curl_close($ch);
+
+ $array = json_decode($json, true);
+ return $array;
+ }
+}
+
+?>
\ No newline at end of file
diff --git a/SendSMS.php b/SendSMS.php
new file mode 100755
index 0000000..3f510f3
--- /dev/null
+++ b/SendSMS.php
@@ -0,0 +1,83 @@
+<?php
+include('/opt/GoSMS/config.php');
+
+$email = file_get_contents("php://stdin");
+$lines = explode("\n", $email);
+
+$from = "";
+$subject = "";
+$to = "";
+$orig = "";
+$headers = "";
+$message = "";
+$splittingheaders = true;
+for ($i=0; $i < count($lines); $i++) {
+ if ($splittingheaders) {
+ $headers .= $lines[$i]."\n";
+ if (preg_match("/^Subject: (.*)/", $lines[$i], $matches)) {
+ $subject = $matches[1];
+ }
+ if (preg_match("/^From: (.*)/", $lines[$i], $matches)) {
+ $from = $matches[1];
+ }
+ if (preg_match("/^To: (.*)/", $lines[$i], $matches)) {
+ $to = $matches[1];
+ }
+ if (preg_match("/^X-Original-To: (.*)/", $lines[$i], $matches)){
+ $orig = $matches[1];
+ }
+ } else {
+ // not a header, but message
+ $lines[$i] = str_replace("?rid=3D", "?rid=", $lines[$i]);
+ if(substr($lines[$i], -1) == "="){
+ $message .= rtrim($lines[$i], "=");
+ }else{
+ $message .= $lines[$i]."\n";
+ }
+ }
+ if (trim($lines[$i])=="") {
+ $splittingheaders = false;
+ }
+}
+
+// Got email and processed, time to send SMS...
+
+$orig = str_replace("@gophish.sms", "", $orig);
+$url = "https://api.twilio.com/2010-04-01/Accounts/$TwilioID/Messages.json";
+$data = array (
+ 'From' => $SMSFrom,
+ 'To' => $orig,
+ 'StatusCallback' => $Callback,
+ 'Body' => $message,
+);
+$post = http_build_query($data);
+$auth = "$TwilioID:$AuthToken";
+
+$response = SendSMS($url, $post, $auth);
+
+function SendSMS($url,$post=false,$auth=false,$timeout=30) {
+ $ch = curl_init();
+
+ curl_setopt($ch, CURLOPT_URL, $url);
+ if ($post) {
+ curl_setopt($ch, CURLOPT_POST, 1);
+ curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
+ }
+ if($auth)
+ curl_setopt($ch, CURLOPT_USERPWD, $auth);
+ curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
+ curl_setopt($ch,CURLOPT_ENCODING , "");
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+ curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0");
+ curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
+ curl_setopt($ch, CURLOPT_FOLLOWLOCATION, FALSE);
+ curl_setopt($ch, CURLOPT_HEADER, false); //debug
+ curl_setopt($ch, CURLINFO_HEADER_OUT, true); // enable tracking DEBUG
+ $output=curl_exec($ch);
+
+ curl_close($ch);
+ return $output;
+}
+
+?>
diff --git a/README.md b/README.md
index a37f455..2e0c57f 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,58 @@
-GoSMS
+<u>GoSMS</u>
===============
-SMSishing implementation using GoPhish
\ No newline at end of file
+SMSishing implementation using GoPhish and Trilio SMS gateway
+
+<u>Usage</u>
+===============
+replace email addresses with [mobile no]@gophish.sms where mobile number stats with country code prefix e.g. +44 = UK
+
+SMS should contain less than 1600 characters otherwise will be split into multiple SMS's
+
+Email template should be plaintext only, not HTML (this should be obvious)
+
+non-MMS so dont use tracking image {{.Tracker}} or HTML contents
+
+Email Opened - actually means delivered (Response from Trilio API)
+
+<u>Setup</u>
+===============
+Clone this repo into /opt/GoSMS/
+
+#Setup Postfix
+
+1) Tell Postfix To Use Our Virtual Alias db and virtual domains in **/etc/postfix/main.cf**:
+
+ virtual_alias_maps = hash:/etc/postfix/virtual_maps, regexp:/etc/postfix/virtual_regexp
+ virtual_alias_domains=/etc/postfix/virtual_domains
+
+2) add domain to **/etc/postfix/virtual_domains**
+
+ echo "gophish.sms" >> /etc/postfix/virtual_domains
+
+3) Redirect the email to a local user by adding to **/etc/postfix/virtual_regexp**:
+
+ /^([^@]*)@gophish.sms$/ apache@localhost
+
+4) Update **/etc/aliases** to redirect email addressed to the local user to a script:
+
+ apache: "|/usr/bin/php -q /opt/GoSMS/SendSMS.php"
+
+5) Rebuild Aliases & Restart Postfix
+
+ sudo newaliases; sudo postfix reload; sudo service postfix restart
+
+
+#setup GoSMS
+
+1) Set correct variables in config.php (should be self explanitory)
+
+2) Make SMSResponse.php accessible from the web, a couple of ways of doing this:
+
+2a) Sore in webserver folder running on different port e.g. /var/www/html/SMSResponse.php with apache running on port 8888
+
+2b) run a simple PHP server from the GoSMS directory:
+
+ php -S 0.0.0.0:8888
+
+
diff --git a/SMSResponse.php b/SMSResponse.php
new file mode 100644
index 0000000..2ec7344
--- /dev/null
+++ b/SMSResponse.php
@@ -0,0 +1,55 @@
+<?php
+include('/opt/GoSMS/config.php');
+
+if($_REQUEST['SmsStatus'] == "delivered" && isset($_REQUEST['To'])){
+ $phoneNo = $_REQUEST['To'];
+ echo "[?] Searching for running campaigns\n";
+ $curl = new curl();
+ $curl->url = "$GophishAPIURL/api/campaigns/?api_key=$key";
+ $list = $curl->curlQuery();
+
+ if(isset($list->message) && $list->message == "Invalid API Key"){
+ echo "[!] Invalid API key\n";
+ exit(0);
+ }else{
+ foreach($list as $id){
+ if($id['status'] == "In progress"){
+ echo "[+] Found: ID: ".$id['id']." Name: ".$id['name']."\n";
+ foreach($id['results'] as $victim){
+ echo "[?] Searching for victim with $phoneNo\n";
+ if($victim['email'] == "$phoneNo@gophish.sms"){
+ echo "[+] Found RID: ".$victim['id']."\n";
+ echo "[!] Grabbing tracking image\n";
+ $curl->url = "$PhishURL/track?rid=".$victim['id'];
+ $list = $curl->curlQuery();
+ }
+ }
+ }
+
+ }
+ }
+ exit(0);
+}
+
+class curl {
+ public function curlQuery() {
+ $ch = curl_init();
+
+ curl_setopt($ch, CURLOPT_URL, $this->url);
+ curl_setopt($ch, CURLOPT_HEADER, 0);
+ curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, True);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
+ //curl_setopt($ch, CURLOPT_VERBOSE, true); // verbose mode for debugging
+
+ $json = curl_exec($ch);
+
+ curl_close($ch);
+
+ $array = json_decode($json, true);
+ return $array;
+ }
+}
+
+?>
\ No newline at end of file
diff --git a/SendSMS.php b/SendSMS.php
new file mode 100755
index 0000000..3f510f3
--- /dev/null
+++ b/SendSMS.php
@@ -0,0 +1,83 @@
+<?php
+include('/opt/GoSMS/config.php');
+
+$email = file_get_contents("php://stdin");
+$lines = explode("\n", $email);
+
+$from = "";
+$subject = "";
+$to = "";
+$orig = "";
+$headers = "";
+$message = "";
+$splittingheaders = true;
+for ($i=0; $i < count($lines); $i++) {
+ if ($splittingheaders) {
+ $headers .= $lines[$i]."\n";
+ if (preg_match("/^Subject: (.*)/", $lines[$i], $matches)) {
+ $subject = $matches[1];
+ }
+ if (preg_match("/^From: (.*)/", $lines[$i], $matches)) {
+ $from = $matches[1];
+ }
+ if (preg_match("/^To: (.*)/", $lines[$i], $matches)) {
+ $to = $matches[1];
+ }
+ if (preg_match("/^X-Original-To: (.*)/", $lines[$i], $matches)){
+ $orig = $matches[1];
+ }
+ } else {
+ // not a header, but message
+ $lines[$i] = str_replace("?rid=3D", "?rid=", $lines[$i]);
+ if(substr($lines[$i], -1) == "="){
+ $message .= rtrim($lines[$i], "=");
+ }else{
+ $message .= $lines[$i]."\n";
+ }
+ }
+ if (trim($lines[$i])=="") {
+ $splittingheaders = false;
+ }
+}
+
+// Got email and processed, time to send SMS...
+
+$orig = str_replace("@gophish.sms", "", $orig);
+$url = "https://api.twilio.com/2010-04-01/Accounts/$TwilioID/Messages.json";
+$data = array (
+ 'From' => $SMSFrom,
+ 'To' => $orig,
+ 'StatusCallback' => $Callback,
+ 'Body' => $message,
+);
+$post = http_build_query($data);
+$auth = "$TwilioID:$AuthToken";
+
+$response = SendSMS($url, $post, $auth);
+
+function SendSMS($url,$post=false,$auth=false,$timeout=30) {
+ $ch = curl_init();
+
+ curl_setopt($ch, CURLOPT_URL, $url);
+ if ($post) {
+ curl_setopt($ch, CURLOPT_POST, 1);
+ curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
+ }
+ if($auth)
+ curl_setopt($ch, CURLOPT_USERPWD, $auth);
+ curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
+ curl_setopt($ch,CURLOPT_ENCODING , "");
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+ curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0");
+ curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
+ curl_setopt($ch, CURLOPT_FOLLOWLOCATION, FALSE);
+ curl_setopt($ch, CURLOPT_HEADER, false); //debug
+ curl_setopt($ch, CURLINFO_HEADER_OUT, true); // enable tracking DEBUG
+ $output=curl_exec($ch);
+
+ curl_close($ch);
+ return $output;
+}
+
+?>
diff --git a/config.php b/config.php
new file mode 100644
index 0000000..97ee336
--- /dev/null
+++ b/config.php
@@ -0,0 +1,14 @@
+<?php
+
+// Twilio settings
+$TwilioID = ""; // Twilio account sid
+$SMSFrom = ""; // Twilio mobile no.
+$AuthToken = ""; // Twilio auth token
+$Callback = "http://example.com:8888/SMSResponse.php"; // URL Twilio can reach to post to SMSResponse.php
+
+// Local settings
+$GophishAPIURL = ""; // URL of GoPhish API listner e.g. https://www.site.com:8080
+$key = ""; // GoPhish API key
+$PhishURL = "" // URL of Gophish campaign e.g. https://www.phishingsite.com
+
+?>