cisagov / gophish-tools

Helpful tools for interacting with a GoPhish phishing instance
Creative Commons Zero v1.0 Universal
42 stars 6 forks source link

Add campaign summary export #40

Closed JCantu248 closed 3 years ago

JCantu248 commented 3 years ago

๐Ÿ—ฃ Description

This change adds the capability to export click summaries for the campaigns in an assessment. The output of these new features are a click summary in both a text file format and a JSON file. This data consists of the number of emails sent, the number of unique users who responded, the rate of user clicks, and the total number of clicks returned.

UPDATE 8/30: Per request with @BenBreaksThings, changes were made to improve the campaign summaries. They are now no longer being called campaign click summaries, but simply campaign summaries. The fields reported have expanded to include email subject, from address, and the campaign start and end dates. Some significant refactor happened as a result and the changes will have to be reviewed.

๐Ÿ’ญ Motivation and context

The PCA team runs a script against Cobalt-Strike, called cs_phish_parse that creates this report from a series of csv input files. This script is run manually by operators, and it was requested that it gets ported to Gophish and included as part of the export process. The PCA team requested both the JSON and plain text file output of the report.

๐Ÿงช Testing

The Gophish-export command was run against multiple assessments, with campaigns that contain clicks and those that do not. The values output in the final click summary report reflected the correct number of emails sent, clicked on, and the correct number of unique users.

A test case was also written to test the function that counts the number of unique users that clicked on a campaign email.

๐Ÿ“ท Screenshots (if appropriate)

โœ… Checklist

jsf9k commented 3 years ago

LGTM.

This is outside of the scope of this PR in my opinion but something we should consider for future cleanup/improvements is to circle back and create an issue to clean up all outputs in this project. For example, where we are using logging along with print to dump to stdout and try to make it consistent. Same for any file output paths we can standardize.

Great point @nickviola! I suggest using logging everywhere. Please make an issue for this so the idea is captured and not forgotten.

nickviola commented 3 years ago

LGTM. This is outside of the scope of this PR in my opinion but something we should consider for future cleanup/improvements is to circle back and create an issue to clean up all outputs in this project. For example, where we are using logging along with print to dump to stdout and try to make it consistent. Same for any file output paths we can standardize.

Great point @nickviola! I suggest using logging everywhere. Please make an issue for this so the idea is captured and not forgotten.

๐Ÿ‘ I agree and also prefer using logging exclusively. I will get an issue created to keep it on our radar. Thanks for the feedback @jsf9k!

dav3r commented 3 years ago

LGTM. This is outside of the scope of this PR in my opinion but something we should consider for future cleanup/improvements is to circle back and create an issue to clean up all outputs in this project. For example, where we are using logging along with print to dump to stdout and try to make it consistent. Same for any file output paths we can standardize.

Great point @nickviola! I suggest using logging everywhere. Please make an issue for this so the idea is captured and not forgotten.

๐Ÿ‘ I agree and also prefer using logging exclusively. I will get an issue created to keep it on our radar. Thanks for the feedback @jsf9k!

To close the loop here, I just wanted to mention that @nickviola created #41 for this. ๐Ÿ‘

dav3r commented 3 years ago

@JCantu248 - Can you please clean up this incomplete sentence in the "Testing" section above? I'm dying to know about this test case! ๐Ÿ˜ƒ

A test case was also written to test the c

JCantu248 commented 3 years ago

@JCantu248 - Can you please clean up this incomplete sentence in the "Testing" section above? I'm dying to know about this test case! ๐Ÿ˜ƒ

A test case was also written to test the c

Fixed!

lgtm-com[bot] commented 3 years ago

This pull request introduces 1 alert when merging a0b8774d5b730e354932315b7d77c20144ed3a3b into fb1adaed6cd3a60292f3498a153c09977f5bb6bf - view on LGTM.com

new alerts:

lgtm-com[bot] commented 3 years ago

This pull request introduces 1 alert when merging 8f0f2ba6358f216e9c7415f46654eb8644223b9a into fb1adaed6cd3a60292f3498a153c09977f5bb6bf - view on LGTM.com

new alerts:

lgtm-com[bot] commented 3 years ago

This pull request introduces 1 alert when merging a31cdf953559126dc1f42401563ec33cd774f0b4 into 22ccab80ff7e7b65c0e53fe48ca18e11784c12e5 - view on LGTM.com

new alerts:

lgtm-com[bot] commented 3 years ago

This pull request introduces 1 alert when merging 644c76f25bfb27338b5b908e65e6888a78f60cf0 into 22ccab80ff7e7b65c0e53fe48ca18e11784c12e5 - view on LGTM.com

new alerts:

lgtm-com[bot] commented 3 years ago

This pull request introduces 1 alert when merging 76c14d6453f21b27f0a3c27dcf172181052de9df into 22ccab80ff7e7b65c0e53fe48ca18e11784c12e5 - view on LGTM.com

new alerts:

lgtm-com[bot] commented 3 years ago

This pull request introduces 1 alert when merging e4aaf68c860be015f6f57b6bb514c3b66e6e64b6 into 22ccab80ff7e7b65c0e53fe48ca18e11784c12e5 - view on LGTM.com

new alerts:

lgtm-com[bot] commented 3 years ago

This pull request introduces 1 alert when merging b647368972bff836c720d96897b39211f8fcd0c3 into 22ccab80ff7e7b65c0e53fe48ca18e11784c12e5 - view on LGTM.com

new alerts:

lgtm-com[bot] commented 3 years ago

This pull request introduces 1 alert when merging 3f7974b36a302ae8e9193296ec1124f1530f082e into 22ccab80ff7e7b65c0e53fe48ca18e11784c12e5 - view on LGTM.com

new alerts: