Any information security program must consider how users react to phishing campaigns. It is undeniable that constant training helps to defend against deceptive tactics. Many of these tactics entice employees to click on malicious links or provide credentials. Gathering credentials is a simple method for an attacker to establish a foothold in a targeted organization.
In most cases, the desirable training is obtained through third-party vendors that offer pre-established phishing campaigns with limited customization. However, for organizations looking for a more flexible and affordable process to train their employees, freely available tools can be easily integrated into the network infrastructure.
Gophish is an excellent example of these types of open-source tools. As described in its documentation portal, “Gophish is a powerful, easy-to-use, open-source phishing toolkit designed to help pentesters and businesses conduct real-world phishing simulations.”1 It also provides all the flexibility sought by system administrators to launch in-house phishing campaigns.
In this article, Cybersecurity expert Jorge Jaque walks you through the setup of the Gophish toolkit. The goal is to design a phishing platform that will help network administrators to conduct tailored phishing campaigns in a short amount of time.

