SMShing implementation using GoPhish and Twilio SMS gateway

root authored on 18 May 2019 Initial commit 5 years ago
SMSResponse.php Initial commit 5 years ago
SendSMS.php Initial commit 5 years ago
config.php Initial commit 5 years ago


SMSishing implementation using GoPhish and Trilio SMS gateway


replace email addresses with [mobile no]@gophish.sms where mobile number stats with country code prefix e.g. +44 = UK

SMS should contain less than 1600 characters otherwise will be split into multiple SMS's

Email template should be plaintext only, not HTML (this should be obvious)

non-MMS so dont use tracking image {{.Tracker}} or HTML contents

Email Opened - actually means delivered (Response from Trilio API)


Clone this repo into /opt/GoSMS/

#Setup Postfix

1) Tell Postfix To Use Our Virtual Alias db and virtual domains in /etc/postfix/

virtual_alias_maps = hash:/etc/postfix/virtual_maps, regexp:/etc/postfix/virtual_regexp

2) add domain to /etc/postfix/virtual_domains

echo "gophish.sms" >> /etc/postfix/virtual_domains

3) Redirect the email to a local user by adding to /etc/postfix/virtual_regexp:

/^([^@]*)@gophish.sms$/ apache@localhost

4) Update /etc/aliases to redirect email addressed to the local user to a script:

apache: "|/usr/bin/php -q /opt/GoSMS/SendSMS.php"

5) Rebuild Aliases & Restart Postfix

sudo newaliases; sudo postfix reload; sudo service postfix restart

#setup GoSMS

1) Set correct variables in config.php (should be self explanitory)

2) Make SMSResponse.php accessible from the web, a couple of ways of doing this:

2a) Sore in webserver folder running on different port e.g. /var/www/html/SMSResponse.php with apache running on port 8888

2b) run a simple PHP server from the GoSMS directory:

php -S