Phishing Gophish Ollama Kotlin

Matiz22

RichGophishClient

Written BY:

Mateusz

What is RichGophishClient?

RichGophishClient is a Kotlin Multiplatform Technology (KMP) application that allows multiple Gophish instances to be managed in one place. This allows users to centrally coordinate phishing campaigns for different companies and effectively manage different credentials stored in a local SQLite database. A feature I added to the regular Gophish program to generate content using Ollama.

Technology stack

  • Kotlin Multiplatform: Enables development of applications that run on multiple platforms.
  • Ktor: Asynchronous server.
  • SQLite i H2: Data management and storage solutions.
  • Decompose: An alternative to jetpack compose navigation..
  • Ollama API: AI integration for realistic email and web content.
  • Koin: Dependency injection framework for Kotlin.

Compose multiplatform?

While working on the project, I noticed that Jetpack Compose, while a powerful tool for building user interfaces in the Android environment, was not yet fully optimized for Compose Multiplatform. For the time I was developing the app, many of the features in Compose Multiplatform seemed like poorly ported mobile. Nonetheless, I think the technology will gain popularity due to Google’s recent interest.

Sample emails and pages

Content generation models

Initially, I tried to use the GPT-4 model. However, due to its limitations in generating potentially harmful content, there was a risk of blocking such activities, even for research purposes. As a result, I decided to use Llama’s uncensored version, which proved to be more flexible and devoid of restrictions of this kind. The results positively surprised me – the model generated realistic and tailored phishing scenarios, which significantly increased the possibilities for testing within simulated campaigns.

Improvements

If I were to approach the creation of a phishing content generation module again today, I would focus on an agent-based approach. In this model, a key element would be a knowledge base containing data on the most popular websites, content schemes and structures often used in phishing. The agent would use this database, dynamically selecting the appropriate elements and adapting them to the campaign scenario. Such a solution would not only allow more realistic content generation, but also increase the efficiency of creating complex scenarios, saving time and resources.

Repository Preview

RichGophishClient

A client library for interacting with the Gophish API, simplifying phishing campaign management.

Latest Articles

Next:

Contact Form

Do you have a project idea or questions about my work? Fill out the form – I’d be happy to connect and help bring your ideas to life!