Home
A self-contained Phishing infrastructure built on Docker using a collection of open-source software – Gophish, Caddy, Postfix, and Rspamd.
- Gophish provides a great Phishing simulation platform and supports multiple sending profiles which spoof the From email address.
- Caddy acts as our reverse HTTP and certificate handling server for web interfaces.
- Postfix is the email relay — it is only accessible via the Gophishi interface to prevent an open mail relay situation.
- Rspamd provides the DKIM and ARC message signing — it's what we abuse to legitimise our forged emails.
Here is a simple diagram showing the infrastructure.
