User Management

Gophish supports having multiple user accounts. Each of these accounts are separate, with their own campaigns, landing pages, templates, etc.

Each user account in Gophish is assigned a role. These are global roles that describe the user's permissions within Gophish.

At the time of this writing, there are two roles:

Role

Slug

Description

User

user

A non-administrative user role. Users with this role can create objects and launch campaigns.

Admin

admin

An administrative user. Users with this role can manage system-wide settings as well as other user accounts within Gophish.

Users have the following format:

{
    id              : int64
    username        : string
    role            : Role
    modified_date   : string(datetime)
}

Each Role has the following format:

{
    name            : string
    slug            : string
    description     : string
}

Get Users

GET https://localhost:3333/api/users/

Returns a list of all user accounts in Gophish.

Headers

Name

Type

Description

Authorization

string

A valid API key

[
  {
    "id": 1,
    "username": "admin",
    "role": {
      "slug": "admin",
      "name": "Admin",
      "description": "System administrator with full permissions"
    }
  }
]

Get User

GET https://localhost:3333/api/users/:id

Returns a user with the given ID.

Path Parameters

Name

Type

Description

integer

The user ID

Headers

Name

Type

Description

Authorization

string

A valid API key

[
  {
    "id": 1,
    "username": "admin",
    "role": {
      "slug": "admin",
      "name": "Admin",
      "description": "System administrator with full permissions"
    }
  }
]

{
  "message": "User not found",
  "success": false,
  "data": null
}

Create User

POST https://localhost:3333/api/users/

Creates a new user.

Headers

Name

Type

Description

Authorization

string

Request Body

Name

Type

Description

role

string

The role slug to use for the account

password

string

The password to set for the account

username

string

The username for the account

{
  "id": 2,
  "username": "exampleuser",
  "role": {
    "slug": "user",
    "name": "User",
    "description": "User role with edit access to objects and campaigns"
}

{
  "message": "Username already taken",
  "success": false,
  "data": null
}

Modify User

PUT https://localhost:3333/api/users/:id

Modifies a user account. This can be used to change the role, reset the password, or change the username.

Path Parameters

Name

Type

Description

string

The user ID

Headers

Name

Type

Description

Authorization

string

A valid API key

Request Body

Name

Type

Description

role

string

The role slug to use for the account

password

string

The password to set for the account

username

string

The username for the account

{
  "id": 2,
  "username": "exampleuser",
  "role": {
    "slug": "user",
    "name": "User",
    "description": "User role with edit access to objects and campaigns"
}

{
  "message": "Username already taken",
  "success": false,
  "data": null
}

{
  "message": "User not found",
  "success": false,
  "data": null
}

Delete User

DELETE https://localhost:3333/api/users/:id

Deletes a user, as well as every object (landing page, template, etc.) and campaign they've created.

Path Parameters

Name

Type

Description

string

The user ID

Headers

Name

Type

Description

Authorization

string

A valid API key

{
  "message": "User deleted Successfully!",
  "success": true,
  "data": null
}

{
  "message": "User not found",
  "success": false,
  "data": null
}

Returns a 404 error if no user is found with the provided ID.

PreviousCampaigns

Last updated 5 years ago