🎣 Open-Source Phishing Toolkit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

207 lines
4.6 KiB

- name: Change /etc/hostname
hostname:
name: "{{ hostname }}"
- name: Ensure ufw is installed on the machine
package:
name: ufw
state: present
- name: Allow TCP 22 for SSH.
ufw:
rule: allow
port: '22'
proto: tcp
- name: Allow TCP 80 for Gophish.
ufw:
rule: allow
port: '80'
proto: tcp
- name: Allow TCP 443 for Gophish.
ufw:
rule: allow
port: '443'
proto: tcp
- name: Enable ufw.
ufw:
state: enabled
policy: deny
when: enable_ufw_firewall
- name: Update APT package cache.
apt:
update_cache: yes
- name: Upgrade APT to the latest packages.
apt:
upgrade: safe
- name: Ensure /etc/ssl/csr folder exists
file:
path: /etc/ssl/csr
state: directory
mode: '0755'
- name: Ensure /etc/ssl/private folder exists
file:
path: /etc/ssl/private
state: directory
mode: '0755'
- name: Ensure /etc/ssl/crt folder exists
file:
path: /etc/ssl/crt
state: directory
mode: '0755'
- name: Install specified packages.
apt:
pkg: "{{ install_packages }}"
state: latest
- name: adding existing user '{{ gophish_user }}' to group ssl-cert
user:
name: '{{ gophish_user }}'
groups: ssl-cert
append: yes
- name: Ensure the cryptography Python package is installed
pip:
name: cryptography
- name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
openssl_privatekey:
path: "{{ gophish_ssl_cert_path }}"
- name: Generate an OpenSSL Certificate Signing Request
openssl_csr:
path: "{{ gophish_csr_path }}"
privatekey_path: "{{ gophish_ssl_cert_path }}"
common_name: "{{ gophish_domain }}"
- name: Generate a Self Signed OpenSSL certificate
openssl_certificate:
path: "{{ gophish_crt_path }}"
privatekey_path: "{{ gophish_ssl_cert_path }}"
csr_path: "{{ gophish_csr_path }}"
provider: selfsigned
- name: Update postfix main.cf configuration file.
template:
src: main.cf.j2
dest: /etc/postfix/main.cf
backup: yes
owner: root
group: root
mode: 0644
- name: Restart postfix.
service:
name: postfix
state: restarted
- name: Ensure postfix is started and enabled at boot.
service:
name: postfix
state: started
enabled: yes
- name: Download latest Gophish .zip file.
get_url:
validate_certs: True
url: https://getgophish.com/releases/latest/linux/64
dest: "/home/{{ gophish_user }}/gophish.zip"
mode: 0755
owner: "{{ gophish_user }}"
group: "{{ gophish_user }}"
- name: Ensure gophish user has permission for CRT file.
file:
path: "{{ gophish_crt_path }}"
mode: 0755
owner: "{{ gophish_user }}"
group: "{{ gophish_user }}"
- name: Ensure gophish user has permission for SSL certificate.
file:
path: "{{ gophish_ssl_cert_path }}"
mode: 0755
owner: "{{ gophish_user }}"
group: "{{ gophish_user }}"
- name: Create directory for gophish.
file:
path: "/home/{{ gophish_user }}/gophish_deploy"
state: directory
mode: 0755
owner: "{{ gophish_user }}"
group: "{{ gophish_user }}"
- name: Unzip gophish file.
unarchive:
src: "/home/{{ gophish_user }}/gophish.zip"
dest: "/home/{{ gophish_user }}/gophish_deploy"
remote_src: True # File is on target server and not locally.
owner: "{{ gophish_user }}"
group: "{{ gophish_user }}"
- name: Change ownership of Gophish folder and files.
file:
path: /home/{{ gophish_user }}/gophish_deploy
owner: "{{ gophish_user }}"
group: "{{ gophish_user }}"
recurse: True
- name: Ensure gophish binary is allowed to bind to privileged ports using setcap
capabilities:
path: /home/{{ gophish_user }}/gophish_deploy/gophish
capability: cap_net_bind_service+eip
state: present
- name: Copy config.json file.
copy:
src: files/config.json
dest: "/home/{{ gophish_user }}/gophish_deploy/config.json"
owner: "{{ gophish_user }}"
group: "{{ gophish_user }}"
mode: 0644
- name: Ensure gophish service file is properly set
template:
src: gophish.service.j2
dest: /etc/systemd/system/gophish.service
mode: 644
- name: Ensure systemd to reread configs
systemd:
daemon_reload: yes
- name: Ensure gophish is properly started
service:
name: gophish.service
state: started
enabled: yes
- name: Ensure nginx is installed
package:
name: nginx
state: present
- name: Ensure nginx service file is properly set
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
mode: 644
- name: Ensure nginx service is restarted
service:
name: nginx
state: reloaded
enabled: yes
- name: Reboot the box in 1 minute.
command: shutdown -r 1
when: reboot_box