performing-red-team-phishing-with-gophish

$npx mdskill add mukul975/Anthropic-Cybersecurity-Skills/performing-red-team-phishing-with-gophish

Automate GoPhish phishing campaigns for security assessment.

  • Executes email simulations with tracking pixels and credential capture.
  • Depends on Python gophish library, SMTP profiles, and CSV targets.
  • Analyzes open rates, click rates, and submission statistics.
  • Delivers campaign results through security awareness assessment reports.

SKILL.md

.github/skills/performing-red-team-phishing-with-gophishView on GitHub ↗
---
name: performing-red-team-phishing-with-gophish
description: >-
  Automate GoPhish phishing simulation campaigns using the Python gophish library. Creates email
  templates with tracking pixels, configures SMTP sending profiles, builds target groups from
  CSV, launches campaigns, and analyzes results including open rates, click rates, and credential
  submission statistics for security awareness assessment.
domain: cybersecurity
subdomain: security-operations
tags: [performing, red, team, phishing]
version: "1.0"
author: mahipal
license: Apache-2.0
---


## When to Use

- When conducting security assessments that involve performing red team phishing with gophish
- When following incident response procedures for related security events
- When performing scheduled security testing or auditing activities
- When validating security controls through hands-on testing

## Prerequisites

- Familiarity with security operations concepts and tools
- Access to a test or lab environment for safe execution
- Python 3.8+ with required dependencies installed
- Appropriate authorization for any testing activities

## Instructions

1. Install dependencies: `pip install gophish requests`
2. Deploy GoPhish server and obtain an API key from Settings.
3. Use the Python gophish library to automate campaign setup:
   - Create email templates with HTML body and tracking
   - Configure SMTP sending profiles
   - Import target groups from CSV
   - Create landing pages for credential capture
   - Launch and monitor campaigns
4. Analyze campaign results: opens, clicks, submitted data, reported.

```bash
# For authorized penetration testing and lab environments only
python scripts/agent.py --gophish-url https://localhost:3333 --api-key <key> --campaign-name "Q1 Awareness" --output phishing_report.json
```

## Examples

### Create Campaign via API
```python
from gophish import Gophish
from gophish.models import Campaign, Template, Group, SMTP, Page
api = Gophish("api_key", host="https://localhost:3333", verify=False)  # Self-signed cert on localhost lab
campaign = Campaign(name="Q1 Test", groups=[Group(name="Sales Team")],
    template=Template(name="IT Password Reset"), smtp=SMTP(name="Internal SMTP"),
    page=Page(name="Credential Page"))
api.campaigns.post(campaign)
```

More from mukul975/Anthropic-Cybersecurity-Skills

SkillDescription
acquiring-disk-image-with-dd-and-dcflddCreate forensically sound bit-for-bit disk images using dd and dcfldd while preserving evidence integrity through hash verification.
analyzing-active-directory-acl-abuseDetect dangerous ACL misconfigurations in Active Directory using ldap3 to identify GenericAll, WriteDACL, and WriteOwner abuse paths
analyzing-android-malware-with-apktoolPerform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source recovery, and androguard for permission analysis, manifest inspection, and suspicious API call detection.
analyzing-api-gateway-access-logs>
analyzing-apt-group-with-mitre-navigatorAnalyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps of adversary TTPs for detection gap analysis and threat-informed defense.
analyzing-azure-activity-logs-for-threats>
analyzing-bootkit-and-rootkit-samples>
analyzing-browser-forensics-with-hindsightAnalyze Chromium-based browser artifacts using Hindsight to extract browsing history, downloads, cookies, cached content, autofill data, saved passwords, and browser extensions from Chrome, Edge, Brave, and Opera for forensic investigation.
analyzing-campaign-attribution-evidenceCampaign attribution analysis involves systematically evaluating evidence to determine which threat actor or group is responsible for a cyber operation. This skill covers collecting and weighting attr
analyzing-certificate-transparency-for-phishingMonitor Certificate Transparency logs using crt.sh and Certstream to detect phishing domains, lookalike certificates, and unauthorized certificate issuance targeting your organization.