Where Gophish is Going in 2019

When people ask me what my long-term plans are for Gophish, I’ve historically pointed them to the Github issues, saying that I usually work out of what’s there. It’s not a great answer, I know.

This year, I wanted to try something different. I have big plans for Gophish in 2019, and I’m excited to share some of them here.

Refactoring the Frontend

When I started making Gophish, there really weren’t many mature Javascript frameworks around. That, combined with the fact I wasn’t a great frontend developer, slowly resulted in a frontend which can be difficult to maintain and modify.

I’ll detail the plan in a different post, but my goal for this year is to refactor the frontend using a mix of Typescript and React since I have experience with both from other projects.

This will be a really large project, but I’m excited about not only the cleaner codebase, but also about the new features (like the campaign creator we’ll talk about in a moment) this new frontend will enable us to build.

New Campaign Creator

Right now, building a campaign in Gophish feels limited. You get to select one email template and one landing page. That’s about it.

Nearly three years ago (!) I hinted at building a new campaign creator which would make campaigns much more modular.

The idea is that you will be able to build campaigns in endless ways. Maybe you want to send multiple emails before serving a landing page. Maybe you want to support clicking through multiple pages. Maybe you don’t want to send emails at all in the case of something like USB drop campaigns.

I want to make that possible.

The struggle was largely around developing the frontend to make this type of interface. I’m confident that after refactoring our frontend, creating more dynamic interfaces like the campaign creator will be possible.

Let’s Encrypt

A chief concern I hear from people trying to use Gophish is around obtaining and using TLS certificates. Right now, Gophish only supports a single certificate/key pair, making it difficult to use multiple domains.

My goal very early this year is to add native support for Let’s Encrypt which will make new domains “just work”. This will be a huge win, since it not only adds functionality but also makes Gophish quicker and easier to use.

To get there, I’m working on other exciting features such as support for simple RBAC, and storing URL’s as first-class objects.

More Transparency

One of my very favorite things about being involved with Gophish is the community. I’ve had so many great interactions with people, and I love (love!) seeing people talk about the cool ways they’re using Gophish in their organization.

This year, I want to be more transparent with Gophish development, opening up the process more to the community. I want to show how features are developed, why and how decisions are made, and more. I’ve already started this a bit with recent blog posts, and I’m excited to do more throughout the year.

This transparency will not only better communicate why things with Gophish are how they are, but also show community members how features are built in case they’re interested in contributing new features of their own.

Let’s Get Started.

The ideas mentioned here are the tip of the iceberg. As always, I’m committed to answering support tickets, fixing bugs, improving performance, and more.

But even with these ideas, it’s clear we have a lot to do. This will be a marathon, not a sprint, but I’m confident we’ll get there together. If any of these tasks sound like something you’d like to take on (or even start!) let me know in a Github issue, and I would love to mentor you through the process. You won’t be in it alone!

When I first set out to make Gophish, I wanted to make the best phishing framework in the world. As a community, we’ve made great strides towards that goal, and I’m confident that 2019 will be another big step in the right direction.

Here’s to a great upcoming year!