An Outlook Plugin to report phishing emails easier and provides full integration with GoPhish.
https://www.0d.ae/report-phishing-plugin-for-outlook
If you plan to use the plugin, please fill the 3 Questions survey
- Auto-deletes suspecious emails once reported.
- Append [POTENTIAL PHISH] to subject for automatic Outlook rules.
- Extract and list the most important information in the report email such as email headers, URLs/Ips, domains, attachments hashes, sender details.
- Removes hyperlinks from suspecious links. (https:// becomes https[:]// and so on).
- Attaches original email to the report for further investigation.
- Full integration with the Open Source Phishing Framework, GoPhish. Now you can see who reported a simulated phishing email sent by your information security team.
- Two buttons for easy reporting. One in the
Home
menu. The second when you right-click an email. - Reports any bugs to a seperate support email without annoying the users.
- Installer-ready: fast compile to EXE file, as all hassles were tackled already. Just follow the guide.
Microsoft Visual Studio Installer Projects
component installed in Visual Studio. You can install it by going to Tools
-> Get Tools and Features
Installer -> (from "Properties" menu) TargetPlatform -> x86 or x64
Note: I used Visual Studio 2017 with .NET Framework 4.8 to compile it. The plugin was tested on Outlook 2019 (x64).
- Download the project and extract it.
- Double click
PhishingReporter.sln
to open the project using Visual Studio. - From the top menu, if it is on
Debug
mode, change configuration toRelease
. - In the right menu, Open
Settings.settings
and go toSettings
Tab. - From there, change:
- infosec_email: to your information security team.
- gophish_url: GoPhish instance IP/URL, if you didn't host any, you can leave the default value. The plugin will still work.
- gophish_listener_port: The port number of GoPhish listener.
- support_email: Support email to auto-report any bugs. Should be for a teammate who maintains the plugin code.
- Save the file.
- Build the project. From the top menu
Build
→Build PhishingReporter
. - In the right menu, Click
Installer
and change what you prefer onProperties
Menu, I recommend to change:- Manufacturer, ManufacturerUrl, SupportPhone, SupportUrl
- Generate a new UpgradeCode by clicking the
...
button thenNew Code
.
- [Optional] If you want to change the installation wizard splash screen:
- Open
splash.psd
file using Photoshop, and design the splash screen you like. - Export the design by overwriting
splash.jpg
file in the main project directory.
- Open
- At the end, right-click
Installer
and chooseBuild
. - The installer file should be located in
PhishingReporter\Installer\Release
folder.
This was tested with GoPhish v0.12.1 Windows version (download link)
- Download GoPhish and modify phishing server
listen_url
in config.json file.
- Run GoPhish server.
- In the project source code, Open
Settings.settings
and go toSettings
Tab. - Modify
gophish_url
andgophish_listener_port
to match the values in Step #1. - Take note of
gophish_custom_header
- Build the project and compile the installer.
- In GoPhish portal, while setting up the Sending Profile, add the custom header from Step #5 with the value
{{.RId}}
and click Save Profile.
- Create a campaign and test the plugin's report feature.
- Abdulla Albreiki
- Reused some code from NotifySecurity project by Nicolas Chaussard