Users & Groups

Gophish manages recipients for campaigns in groups. Each group can contain one or more recipients. Groups have the following format:

{
    id              : int64
    name            : string
    targets         : array(Target)
    modified_date   : string(datetime)
}

Each recipient in the targets field has the following format:

{
    email           : string
    first_name      : string
    last_name       : string
    position        : string
}

Get Groups

GET https://localhost:3333/api/groups/

Returns a list of groups.

Headers

[
  {
    "id": 1,
    "name": "Example Group",
    "modified_date": "2018-10-08T15:56:13.790016Z",
    "targets": [
      {
        "email": "user@example.com",
        "first_name": "Example",
        "last_name": "User",
        "position": ""
      },
      {
        "email": "foo@bar.com",
        "first_name": "Foo",
        "last_name": "Bar",
        "position": ""
      }
    ]
  }
]

Get Group

GET https://localhost:3333/api/groups/:id

Returns a group with the given ID.

Path Parameters

Headers

{
  "id": 1,
  "name": "Example Group",
  "modified_date": "2018-10-08T15:56:13.790016Z",
  "targets": [
    {
      "email": "user@example.com",
      "first_name": "Example",
      "last_name": "User",
      "position": ""
    },
    {
      "email": "foo@bar.com",
      "first_name": "Foo",
      "last_name": "Bar",
      "position": ""
    }
  ]
}

{
  "message": "Group not found",
  "success": false,
  "data": null
}

Returns a 404 error if no group is found with the provided ID.

Get Groups Summary

GET https://localhost:3333/api/groups/summary

Returns a summary of each group.

Headers

[
  {
    "id": 1,
    "name": "Example Group",
    "modified_date": "2018-10-08T15:56:13.790016Z",
    "num_targets": 2
  }
]

Get Group Summary

GET https://localhost:3333/api/groups/:id/summary

Returns a summary for a group.

Path Parameters

Headers

{
  "id": 1,
  "name": "Example Group",
  "modified_date": "2018-10-08T15:56:13.790016Z",
  "num_targets": 2
}

{
  "message": "Group not found",
  "success": false,
  "data": null
}

It may be the case that you just want the number of members in a group, not necessarily the full member details. This API endpoint returns a summary for a group.

Returns a 404 error if no group is found with the provided ID.

Create Group

POST https://localhost:3333/api/groups/

Creates a new group.

Headers

Request Body

{
  "id": 1,
  "name": "Example Group",
  "modified_date": "2018-10-08T15:56:13.790016Z",
  "targets": [
    {
      "email": "user@example.com",
      "first_name": "Example",
      "last_name": "User",
      "position": ""
    },
    {
      "email": "foo@bar.com",
      "first_name": "Foo",
      "last_name": "Bar",
      "position": ""
    }
  ]
}

{
  "message": "Group name not specified",
  "success": false,
  "data": null
}

When creating a new group, you must specify a unique name, as well as a list of targets. Here's an example request body:

{
    "name": "Example Group",
    "targets": [
    {
        "email": "user@example.com",
        "first_name": "Example",
        "last_name": "User",
        "position": ""
    },
    {
        "email": "foo@bar.com",
        "first_name": "Foo",
        "last_name": "Bar",
        "position": ""
    }
    ]
}

Modify Group

PUT https://localhost:3333/api/groups/:id

Modifies a group.

Path Parameters

Headers

Request Body

{
  "id": 1,
  "name": "Example Modified Group",
  "modified_date": "2018-10-08T15:56:13.790016Z",
  "targets": [
    {
      "email": "foo@bar.com",
      "first_name": "Foo",
      "last_name": "Bar",
      "position": ""
    }
  ]
}

{
  "message": "Group not found",
  "success": false,
  "data": null
}

This API endpoint allows you to modify an existing group. The request must include the complete group JSON, not just the fields you're wanting to update. This means that you need to include the matching id field. Here's an example request:

{
    "id": 1,
    "name": "Example Modified Go",
    "targets": [
    {
        "email": "foo@bar.com",
        "first_name": "Foo",
        "last_name": "Bar",
        "position": ""
    }
    ]
}

Returns a 404 if no group is found with the provided ID.

Delete Group

DELETE https://localhost:3333/api/groups/:id

Deletes a group

Path Parameters

Headers

{
  "message": "Group deleted successfully!",
  "success": true,
  "data": null
}

{
  "message": "Group not found",
  "success": false,
  "data": null
}

Returns a 404 error if no group is found with the provided ID.

Import Group

POST https://localhost:3333/api/import/group

Reads and parses a CSV, returning data that can be used to create a group.

Headers

Request Body

[
  {
    "email": "foobar@example.com",
    "first_name": "Example",
    "last_name": "User",
    "position": "Systems Administrator"
  },
  {
    "email": "johndoe@example.com",
    "first_name": "John",
    "last_name": "Doe",
    "position": "CEO"
  }
]

This API endpoint allows you to upload a CSV, returning a list of group targets. For example, you can use the following curl command to upload the CSV:

curl -k https://localhost:3333/api/import/group -XPOST \
    -F "file=@group_template.csv" \
    -H "Authorization: Bearer 0123456789abcdef"

The results of this API endpoint can be used as the targets parameter in a call to the Create Group endpoint.