Izici Ezintsha Nezibuyekezo ezivela ku-GoPhish Yokuqeqeshwa Kokuqwashisa Ngezokuphepha
Isingeniso
I-GoPhish iyisifanisi sobugebengu bokweba imininingwane ebucayi esisebenziseka kalula futhi esithengekayo ongasengeza ohlelweni lwakho lokuqeqesha lobugebengu bokweba imininingwane ebucayi. Ngokungafani nezinye izilingisi zobugebengu bokweba imininingwane ebucayi, i-GoPhish ivuselelwa njalo ngezici ezintsha. Kulesi sihloko, sizobheka ezinye zezici ezintsha eziphawuleka kakhulu kusukela kunguqulo engu-0.9.0.
Izici Ezintsha
- Kwengezwe Umsuka Othenjwayo ku-CSRF Handler GoPhish manje ivumela ukulungisa ama-trusted_origins kufayela le-config.json. Lokhu kukuvumela ukuthi ungeze amakheli owalindele ekuxhumekeni okungenayo. Lokhu kuyasiza uma isilinganisi somthwalo okhuphukayo sisingatha ukunqanyulwa kwe-TLS esikhundleni sohlelo lokusebenza ngokwalo.
- Sethule ukulandelela okunamathiselwe ngokungeza okuguquguqukayo kwe-GoPhish ezinhlotsheni ezihlukahlukene zamafayela anganamathiselwa kuma-imeyili. Ngokwesibonelo, manje sekungenzeka ukuthi ufake okuthi “Sawubona {{.FirstName}}, sicela uchofoze lapha: {{.URL}}” kudokhumenti ye-Word noma wengeze amaphikseli okulandelela kumadokhumenti. Lokhu manje kuzokwazisa lapho abasebenzisi bevula amafayela anamathiselwe noma banike amandla ama-macros kumadokhumenti e-Office. I-GoPhish isekela izandiso zefayela ezilandelayo: i-docx, i-docm, i-pptx, i-xlsx, i-xlsm, i-txt, i-html, ne-ics.
- Kwengezwe ikhono lokucacisa umthumeli wemvilophu kuzifanekiso. Uma ishiywe ingenalutho, izobuyela ku-SMTP-Kusuka kokuthi Izilungiselelo-Zomthumeli. Lokhu kungasetshenziswa ukuze kudlule amasheke e-SPF kodwa noma kunjalo uthumele i-imeyili ekhohlisayo.
- Kusetshenziswe inqubomgomo yephasiwedi eyisisekelo yabalawuli futhi kwasusa iphasiwedi ezenzakalelayo "gophish". Kunalokho, igama-mfihlo lokuqala manje selikhiqizwa ngokunganaki futhi liboniswa kutheminali lapho kwethulwa i-Gophish okokuqala ngqa. Uma kunesidingo, iphasiwedi yokuqala kanye nokhiye we-API kungakhishwa kusetshenziswa okuguquguqukayo kwemvelo.
- Kwengezwe usekelo lwama-webhook. Ngokulungiselela i-webhook, i-Gophish manje ingathumela izicelo ze-HTTP endaweni yokugcina elawulwayo. Lezi zicelo zifaka umzimba we-JSON womcimbi ohambisanayo, okuyi-JSON efanayo ojwayele ukuyithola nge-API. Lesi sithuthukisi sihlinzeka ngezibuyekezo zesikhathi sangempela zemisebenzi yomkhankaso. Lokhu kukunikeza izibuyekezo zesikhathi sangempela zemikhankaso yakho eqhubekayo.
- Sethule ikhono lokumisa imininingwane ye-IMAP ku-Gophish, evumela ukulanda ama-imeyili omkhankaso nokuwamaka njengoba kubikiwe.
Isiphetho
Ngalezi zici ezintsha, usungakwazi manje ukusebenzisa i-GoPhish evikeleke kakhulu futhi esebenza ngempumelelo. Njengoba ukukhishwa okwengeziwe kuza ngokuzayo, i-GoPhish izohlala iyithuluzi elibalulekile lezinhlangano ezifuna ukuqinisa izinhlelo zabo zokuqeqesha ubugebengu bokweba imininingwane ebucayi.
