This project demonstrates how to deploy and use Gophish, an open-source phishing simulation framework, to test user awareness against phishing attacks. The deployment was hosted on Railway, enabling a cloud-accessible admin portal and phishing server.
- Gophish - Open-source phishing simulation tool
- Railway - Cloud deployment platform
- GitHub - Source code management
- Mailtrap / Custom SMTP - Email delivery service (optional)
- Deployed Gophish using Railway with forked GitHub repository
- Configured
config.jsonfor public deployment - Added trusted origins to bypass 403 Forbidden error
- Created and launched a test phishing campaign
- Tracked real-time user actions (email sent/opened/clicked/submitted)
-
Forked Gophish Repository from GitHub to personal account
-
Deployed to Railway using Railway's GitHub integration
-
Edited
config.json:- Changed
listen_urlto0.0.0.0:3333 - Set
use_tlstofalse - Added Railway domain in
trusted_origins
- Changed
-
Added Environment Variable
PORT=3333on Railway -
Launched Deployment and verified admin panel login
-
Created Phishing Campaign:
- Added target group and phishing email template
- Configured landing page and sending profile
-
Tracked Campaign Progress through dashboard
- How phishing attacks are simulated in a secure environment
- Importance of security awareness training
- Gophish deployment, configuration, and debugging (e.g.
403 Forbiddenfix) - Cloud deployment using Railway + GitHub CI
Phishing remains a top vector for cybersecurity breaches. This project helps organizations and individuals:
- Improve staff security awareness
- Test resilience to social engineering
- Understand attack patterns and countermeasures
- Connect Mailtrap or Gmail SMTP for real delivery
- Add realistic HTML templates for phishing
- Run multi-stage phishing simulations
- Generate reports and integrate with dashboards