Sabbin Halaye da Sabuntawa daga GoPhish don Koyarwar Wayar da Kan Tsaro
Gabatarwa
GoPhish shine na'urar kwaikwayo mai sauƙin amfani kuma mai araha wanda zaku iya ƙarawa zuwa shirin horarwar phishing ɗinku. Ba kamar wasu mashahuran na'urar kwaikwayo ta phishing ba, ana sabunta GoPhish akai-akai tare da sabbin abubuwa. A cikin wannan labarin, za mu wuce wasu sanannun sabbin abubuwa tun daga sigar 0.9.0.
New Features
- Amintattun Tushen Tushen zuwa CSRF Handler GoPhish yanzu yana ba da damar gyara amintattun_origins a cikin fayil ɗin config.json. Wannan yana ba ku damar ƙara adiresoshin da kuke tsammani daga haɗin kai masu shigowa. Wannan yana da taimako lokacin da ma'aunin nauyi na sama ya ɗauki ƙarewar TLS maimakon aikace-aikacen kanta.
- Gabatar da bin diddigin haɗe-haɗe ta ƙara masu canjin GoPhish cikin nau'ikan fayil iri-iri waɗanda za'a iya haɗa su zuwa imel. Misali, yanzu yana yiwuwa a haɗa da “Sannu {{.FirstName}}, da fatan za a danna nan: {{.URL}}” a cikin takaddar Kalma ko ƙara pixels na bin diddigi zuwa takardu. Wannan yanzu zai sanar da lokacin da masu amfani suka buɗe fayilolin da aka haɗe ko kunna macros a cikin takaddun Office. GoPhish yana goyan bayan kariyar fayil ɗin masu zuwa: docx, docm, pptx, xlsx, xlsm, txt, html, da ics.
- Ƙara ikon tantance mai aikawa da ambulaf a cikin samfuri. Idan an bar komai, zai koma SMTP-Daga cikin saitunan mai aikawa. Ana iya amfani da wannan don wuce SPF-checks amma har yanzu aika saƙon imel.
- An aiwatar da ainihin manufar kalmar sirri don masu gudanarwa kuma an cire tsohuwar kalmar sirri "gophish". Madadin haka, kalmar sirri ta farko yanzu ana ƙirƙira ta ba da gangan ba kuma ana nunawa a cikin tasha lokacin ƙaddamar da Gophish a karon farko. Idan ya cancanta, kalmar sirri ta farko da maɓallin API za a iya soke ta ta amfani da masu canjin yanayi.
- Ƙara goyon baya don mahaɗar yanar gizo. Ta hanyar saita ƙugiya na gidan yanar gizo, Gophish na iya yanzu aika buƙatun HTTP zuwa wurin ƙarshe mai sarrafawa. Waɗannan buƙatun sun haɗa da jikin JSON na abin da ya dace, wanda shine JSON ɗaya wanda yawanci kuke karɓa ta API. Wannan haɓakawa yana ba da sabuntawa na ainihin-lokaci akan ayyukan yaƙin neman zaɓe. Wannan yana ba ku sabuntawa na ainihin-lokaci ga kamfen ɗinku masu gudana.
- Ya ƙaddamar da ikon daidaita bayanan IMAP a cikin Gophish, wanda ke ba da damar ɗaukar imel ɗin yaƙin neman zaɓe da yi musu alama kamar yadda aka ruwaito.
Kammalawa
Tare da waɗannan sabbin fasalolin, yanzu zaku iya amfani da GoPhish mafi aminci da inganci. Kamar yadda ƙarin fitowar ke zuwa nan gaba, GoPhish zai kasance kayan aiki mai mahimmanci ga ƙungiyoyin da ke neman ƙarfafa shirye-shiryen horarwa na phishing.
