Dokokin Gophish
navigation
Yadda ake saita Sabar Imel ta SMTP mai aiki don Gwajin Phish a 2022
Shin kuna tunanin kafa naku kamfen gwajin phish a wannan shekara?
Injiniyan zamantakewa ya girma ya zama babbar barazana a cikin 2022 kuma kuna tunanin hanyoyin magance ta.
Amma duk da haka raguwar da masana'antu suka sanya sun sanya hakan ya yi wahala fiye da kowane lokaci.
Don farawa za ku buƙaci abubuwa kaɗan.
Kuna buƙatar ingantaccen sabar imel na SMTP.
Wannan na iya zama ƙalubale tun da yawancin masu samar da girgije suna toshe zirga-zirgar SMTP.
Hakanan kuna buƙatar dashboard don bin diddigin, da kuma nazarin binciken injiniyan zamantakewar ku.
Wannan zai ba ku damar kallon ci gaba da bayar da rahoto ga ƙungiyar zartarwa.
Kafa waɗannan na iya ɗaukar makonni na aiki tare da gwaji, ƙara har zuwa dubban daloli a cikin aiki.
Shi ya sa muka ƙirƙiri wannan jagorar don nuna muku yadda za ku iya saita sabar SMTP akan masu ba da sabis waɗanda ba sa toshe SMTP.
A ƙarshen wannan jagorar za ku san yadda ake daidaitawa da kiyaye wannan uwar garken don samun damar aika saƙonni.
Bugu da ƙari za ku san yadda ake dumama adireshin IP ɗin da uwar garken ke amfani da shi don isar da saƙonni.
Za mu yi amfani da kayan aiki da ake kira Poste.io don taimakawa cikin tsarin sabar sabar.
Za mu kuma nuna muku yadda ake saita dashboard ɗin phishing da za ku iya amfani da su don bin diddigin abubuwan da kuka gano.
Muna da dashboard da ke ba da damar GoPhish akan Sabis na Yanar Gizo na Amazon a shirye don ƙaddamarwa.
Kuna iya kunnawa da kashe wannan dashboard ɗin yayin da kuke buƙatar sarrafawa da tantance kamfen ɗin gwajin phish ɗin ku.
Yadda ake saita uwar garken SMTP ɗin ku
Da farko kuna buƙatar samun VPS daga mai badawa wanda ke ba da damar zirga-zirgar SMTP.
Wannan yana nufin Contabo, Hetzner, LunaNode, BuyVM, ko Scaleway.
Za mu yi amfani da Contabo a cikin wannan misalin.
- Ƙirƙiri asusu a Contabo tare da aƙalla 4GB na RAM da 80 GB na sararin ajiya.
Latsa nan don buɗe VM Contabo tare da saitunan da aka riga aka zaɓa.
- Kuna iya zaɓar kalmar da ta dace da yanayin amfaninku.
Ƙungiyarmu tana amfani da sharuɗɗan kowane wata sai dai idan muna da doguwar yarjejeniyar amfani da gwajin phish.
- Na gaba za ku so zaɓi yankin da ya fi kusa da ƙungiyar da za ku gwada.
A wannan yanayin, Zan yi amfani da Gabashin Amurka a Contabo.
- VPS ɗin da kuke amfani da shi don karɓar sabar SMTP ɗinku yakamata ya sami aƙalla 4 GB na RAM kuma aƙalla 80GB na sararin ajiya.
- Sannan kuna son zaɓar Operating System, zaɓi Ubuntu 20.04 don tabbatar da dacewa.
6. Zaɓi kalmar sirri da za ku yi amfani da ita don samun dama ga uwar garken ku ta hanyar SSH. Kuna iya ƙirƙirar kalmar sirri mai ƙarfi anan: https://passwordsgenerator.net/
Tabbatar adana wannan a cikin mai sarrafa kalmar sirri kamar LastPass don tunani na gaba.
- Tabbatar cewa an ba ku aƙalla adireshin IP na jama'a ɗaya!
8. Kuna iya barin abubuwan da suka dace don Addons and Server Quantity a cikin Contabo.
- Bayan haka za ku sami shiga ko ƙirƙirar asusu.
- Da zarar kun shiga, ku biya kuɗin sabis na kowane wata.
- Bayan kun biya, za ku sami imel ɗin tabbatarwa da zarar an saita sabar ku.
- Na gaba za mu shiga cikin uwar garken kuma mu fara saita sabar SMTP ta amfani da Poste.io.
Kuna buƙatar amfani da sunan mai amfani (tushen) da kalmar sirri da kuka ƙirƙira a baya don shiga uwar garken ta hanyar SSH.
13. Kuna iya haɗawa tare da abokin ciniki na SSH da kuka fi so, kamar MobaXTerm ya da PUTTY.
Da zarar kun shiga cikin uwar garken, za ku so ku kewaya zuwa Poste.io kuma ku aiwatar da matakai masu zuwa:
- Sanya Injin Docker akan uwar garken Ubuntu ta amfani da umarnin tare da rubutun saurin farawa anan:
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh docker.sh
- Hakanan zaka iya shigar da Injin Docker ta amfani da umarni masu zuwa idan rubutun saurin farawa baya aiki don rarrabawar Ubuntu:
sudo apt-samun sabuntawa
sudo apt-samun shigar \
takardun shaida \
dunƙule \
gupg \
lsb-saki
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg -dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
amsawa \
"deb [arch = $ (dpkg -print-architecture) sanya hannu-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) barga" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-samun sabuntawa
sudo dace-samun shigar docker-ce docker-ce-cli containerd.io docker-compose-plugin
- Tabbatar da Injin Docker yana gudana tare da umarni mai zuwa wanda yakamata ya fitar da Hello World sannan ya rufe akwati Docker:
sudo docker gudu hello-duniya
17. Zazzagewa kuma gudanar da Dockerfile daga Poste.io daga https://poste.io/doc/getting-started ta amfani da umarnin da ke ƙasa.
$ docker run \
-net= mai watsa shiri
-e TZ=Amurka/New_York
-v /data-dir/data:/data \
-suna "mailserver" \
-h "mail.yourphishdomain.com" \
-t analog / poste.io
Akwai 'yan gyare-gyare da za ku so ku yi zuwa wannan umarni:
- da TZ=Amurka/New_York Saita yankin lokaci don daidai lokacin kwanan wata
- -v /your-data-dir/data:/data Yana hawa kundin adireshi daga tsarin runduna. Bayanan mai amfani, imel, rajistan ayyukan, duk za su ƙare a cikin wannan kundin adireshi don sauƙi.
- - suna"uwar garken gidan waya" Gudun poste.io azaman akwati mai ƙayyadadden suna
- -h "mail.yourphishdomain.com" Sunan mai masauki don uwar garken saƙon gwajin phish ɗin ku
Poste.io zai kula da kafa sabbin matakan tsaro, TLS, SPF, DKIM, da DMARC a madadin ku.
- Yi amfani da kayan aikin Dumama na IP na aƙalla sa'o'i 72 kafin kamfen ɗin gwajin phish.
Lemlist shine $29/mo, kuma WarmupInbox shine $9/mo, koma zuwa IP Warming SOP don cikakkun bayanai.
Da fatan za a koma zuwa ga jagorar mu "Yadda ake Dumi IP" don la'akari da dumin IP.
SOP: Yadda ake dumama IP don sabon sabar imel
- Bibiyar sunan IP ta amfani da poste.io/dnsbl, mxtoolbox.com/blacklists.aspx ko dnsbl.info.
20. Gwada sabar saƙon imel da samfuran imel ta amfani da mail-tester.com don haɓaka isarwa.
Yadda Ake Saita Dashboard ɗin Gwajin Phish ɗinku
21. Ƙirƙiri ko shiga cikin AWS Account ɗin ku
22. Ziyarci jeri na kasuwa na GoPhish
23. Fara gwaji kyauta tare da lissafin kasuwa
24. Yarda da sharuɗɗan kuma samar da sabar GoPhish a cikin asusun AWS ɗin ku. Idan kuna ƙirƙirar sabon asusu, Amazon zai tabbatar da asusun ku kuma ya aiko muku da tabbaci ta imel.
25. Shiga cikin dashboard ɗin GoPhish ta amfani da sunan mai amfani da ID na misali.
26. Sanya bayanin martaba na Aika don amfani da sabon sabar SMTP na Poste.io akan Contabo.
Bayanin Haɗin SMTP
- Mai watsa shiri: mail.yourphishdomain.com
- tashar jiragen ruwa: 465 (TLS ake buƙata), 587 a madadin (STARTTLS ake buƙata)
- ana buƙatar tabbaci
- sunan mai amfani shine cikakken adireshin imel username@example.com
- 27. Kafa Kamfen ɗinka na farko.
- 28. Aika na farko Campaign
Kuna da tambayoyi? Kuna iya ganin takaddun mu na GoPhish anan, ko tuntuɓe mu don taimako a support@hailbytes.com
TAMBAYOYI TAMBAYOYI
- Mai watsa shiri: mail.yourphishdomain.com
- tashar jiragen ruwa: 465 (TLS ake buƙata), 587 a madadin (STARTTLS ake buƙata)
- ana buƙatar tabbaci
- sunan mai amfani shine cikakken adireshin imel username@example.com
- 27. Kafa Kamfen ɗinka na farko.
- 28. Aika na farko Campaign
Kuna da tambayoyi? Kuna iya ganin takaddun mu na GoPhish anan, ko tuntuɓe mu don taimako a support@hailbytes.com
