Gophish Infrastructure Setup (EC2 · DNS · SMTP)

Prerequisites

Before starting the setup, make sure you have the following:

EC2 instance
Domain for phishing (e.g., GoDaddy or Namecheap)
SMTP server associated with the same domain (e.g., Titan Mail or Private Email)

Configuration Guide

EC2 Configuration

Note: Always restrict access instead of exposing Gophish or the phishing domain publicly.

Whitelist IPs rather than opening all traffic to prevent blacklisting.
Be cautious of Spam-Eating Monkey and Censys spam hunting activities:
- Spam-Eating Monkey
- Censys Threat Hunting Dataset
Keep port 443 (HTTPS) open — if AWS blocks it, your campaign may fail entirely.
Allow the following ports:
- 22 → SSH
- 80 → HTTP
- 443 → HTTPS
- Any one port (e.g., 3333) for the Gophish admin dashboard
Apply IP whitelisting for the admin dashboard after infrastructure setup is complete.

Domain Configuration

Match the A record with your AWS EC2 public IP.
Properly configure:
- DMARC
- SPF
- SRV
- TXT records
Create two CNAME records:
- One for the Gophish admin dashboard
- One for the phishing server (phishing URL)

SMTP Configuration

Ensure the DKIM record is added and verified.
Configure multiple SMTP servers if possible to balance delivery and reputation.
Choose a premium SMTP plan for better email deliverability and reliability.

Compliance Reminder

Infrastructure and Compliance Notes

⚠️ Beware: Spam-Eating Monkey and Censys Spam Hunting Activities

These services actively monitor and track spam or phishing-related behaviors. Avoid accidental blacklisting by staying aware of their scanning activities.

Obtain AWS Approval Before Launching Any Phishing Campaign

AWS requires explicit permission for penetration testing and phishing simulations. Always ensure your campaign complies with AWS policies.

AWS Penetration Testing Policy

Pentest Notes

Gophish - Setting up without Evilginx - Part 1