Landing Pages
A "Landing Page" is the HTML content returned when targets click on the links in Gophish emails.
Landing pages have the following structure:
{id : int64name : stringhtml : stringcapture_credentials : boolcapture_passwords : boolmodified_date : string(datetime)redirect_url : string}
getGet Landing Pages
[{"id": 1,"name": "Example Page","html": "<html><head></head><body>This is a test page</body></html>","capture_credentials": true,"capture_passwords": true,"redirect_url": "http://example.com","modified_date": "2016-11-26T14:04:40.4130048-06:00"}]
getGet Landing Page
{"id": 1,"name": "Example Page","html": "<html><head></head><body>This is a test page</body></html>","capture_credentials": true,"capture_passwords": true,"redirect_url": "http://example.com","modified_date": "2016-11-26T14:04:40.4130048-06:00"}
{"message": "Page not found","success": false,"data": null}
Returns a 404 error if the specified landing page isn't found.
postCreate Landing Page
{"id": 1,"name": "Example Page","html": "<html><head></head><body>This is a test page</body></html>","capture_credentials": true,"capture_passwords": true,"redirect_url": "http://example.com","modified_date": "2016-11-26T14:04:40.4130048-06:00"}
This method expects the landing page to be provided in JSON format. You must provide a landing page name and the html for the landing page.
Importing a Site
Let Gophish do the hard work for you by importing a site. By using the Import Site endpoint, you can simply give Gophish a URL and have the site fetched for you and returned in a format that can be used with this method.
Capturing credentials is a powerful feature of Gophish. By setting certain flags, you have the ability to capture all user input, or just non-password input.
To capture credentials, set the capture_credentials attribute. If you want to capture passwords as well, set the capture_passwords attribute.
By default, Gophish will not capture passwords, as they are stored in plaintext.
Gophish also provides the ability to redirect users to a URL after they submit credentials. This is controlled by setting the redirect_url attribute.
putModify Landing Page
{"id": 1,"name": "Example Page","html": "<html><head></head><body>This is a test page</body></html>","capture_credentials": true,"capture_passwords": true,"redirect_url": "http://example.com","modified_date": "2016-11-26T14:04:40.4130048-06:00"}
{"message": "Page not found","success": false,"data": null}
Returns a 404 error if the specified landing page isn't found.
This method expects the landing page to be provided in JSON format. You must provide a full landing page, not just the fields you want to update.
This method returns the JSON representation of the landing page that was modified.
deleteDelete Landing Page
{"message": "Page Deleted Successfully","success": true,"data": null}
{"message": "Page not found","success": false,"data": null}
Returns a 404 error if the specified landing page isn't found.
This method returns a status message indicating the landing page was deleted successfully.
postImport Site
<base> tag in the resulting HTML to resolve static references (recommended: false){"html": "<html><head>..."}
This endpoint simply fetches and returns the HTML from a provided URL. If include_resources is false (recommended), a <base> tag is added so that relative links in the HTML resolve from the original URL.
Additionally, if the HTML contains form elements, this endpoint adds another input, __original_url, that points to the original URL. This makes it possible to replay captured credentials later.
Note: This API endpoint doesn't actually create a new landing page. Instead, you can use the HTML returned from this endpoint as an input to the Create Landing Page method.
​