search

kgretzky / evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
BSD 3-Clause "New" or "Revised" License
10.22k stars 1.87k forks source link

v3.3.0 + docker issues #1038

Open ligouras opened 2 months ago

ligouras commented 2 months ago

This is not exactly a bug for evilginx2, rather it has to do with kgretzky/gophish, which fails to build as a docker container:

$ docker run --rm -ti -v $(pwd):/go/src/github.com/gophish/gophish golang:1.15.2 /bin/bash
root@bb1c2f119916:/go# cd /go/src/github.com/gophish/gophish
root@bb1c2f119916:/go/src/github.com/gophish/gophish# go get -v && go build -v > /dev/null
/go/pkg/mod/golang.org/x/net@v0.22.0/html/node.go:8:2: found packages atom (atom.go) and main (gen.go) in /go/pkg/mod/golang.org/x/net@v0.22.0/html/atom
/go/pkg/mod/github.com/sirupsen/logrus@v1.9.3/terminal_check_unix.go:6:8: found packages unix (affinity_linux.go) and main (mkasm.go) in /go/pkg/mod/golang.org/x/sys@v0.18.0/unix
/go/pkg/mod/github.com/emersion/go-message@v0.18.0/charset/charset.go:14:2: found packages charmap (charmap.go) and main (maketables.go) in /go/pkg/mod/golang.org/x/text@v0.14.0/encoding/charmap
/go/pkg/mod/github.com/emersion/go-message@v0.18.0/charset/charset.go:15:2: import "golang.org/x/text/encoding/htmlindex" is a program, not an importable package
/go/pkg/mod/github.com/emersion/go-message@v0.18.0/charset/charset.go:16:2: found packages ianaindex (ascii.go) and main (gen.go) in /go/pkg/mod/golang.org/x/text@v0.14.0/encoding/ianaindex
/go/pkg/mod/golang.org/x/text@v0.14.0/encoding/charmap/charmap.go:16:2: import "golang.org/x/text/encoding/internal/identifier" is a program, not an importable package
/go/pkg/mod/golang.org/x/text@v0.14.0/encoding/htmlindex/map.go:11:2: found packages japanese (all.go) and main (maketables.go) in /go/pkg/mod/golang.org/x/text@v0.14.0/encoding/japanese
/go/pkg/mod/golang.org/x/text@v0.14.0/encoding/htmlindex/map.go:12:2: found packages korean (all_test.go) and main (maketables.go) in /go/pkg/mod/golang.org/x/text@v0.14.0/encoding/korean
/go/pkg/mod/golang.org/x/text@v0.14.0/encoding/htmlindex/map.go:13:2: found packages simplifiedchinese (all.go) and main (maketables.go) in /go/pkg/mod/golang.org/x/text@v0.14.0/encoding/simplifiedchinese
/go/pkg/mod/golang.org/x/text@v0.14.0/encoding/htmlindex/map.go:14:2: found packages traditionalchinese (all_test.go) and main (maketables.go) in /go/pkg/mod/golang.org/x/text@v0.14.0/encoding/traditionalchinese
package github.com/gophish/gophish
    imports github.com/gophish/gophish/controllers
    imports github.com/gophish/gophish/controllers/api
    imports github.com/gophish/gophish/imap
    imports github.com/emersion/go-imap
    imports github.com/emersion/go-imap/utf7
    imports golang.org/x/text/encoding
    imports golang.org/x/text/encoding/internal/identifier
    imports golang.org/x/text/internal/gen
    imports golang.org/x/text/unicode/cldr
    imports golang.org/x/text/internal/gen: import cycle not allowed
/go/pkg/mod/golang.org/x/text@v0.14.0/language/coverage.go:11:2: found packages language (common.go) and main (gen.go) in /go/pkg/mod/golang.org/x/text@v0.14.0/internal/language
/go/pkg/mod/golang.org/x/text@v0.14.0/language/language.go:16:2: found packages compact (compact.go) and main (gen.go) in /go/pkg/mod/golang.org/x/text@v0.14.0/internal/language/compact
/go/pkg/mod/golang.org/x/text@v0.14.0/encoding/htmlindex/htmlindex.go:31:2: found packages language (coverage.go) and main (gen.go) in /go/pkg/mod/golang.org/x/text@v0.14.0/language
/go/pkg/mod/golang.org/x/text@v0.14.0/internal/gen/gen.go:38:2: found packages cldr (base.go) and main (makexml.go) in /go/pkg/mod/golang.org/x/text@v0.14.0/unicode/cldr

gophish/gophish:8e79294 builds just fine.

I'm trying to fix this by looking at the diff, but I haven't been able to figure it out:

https://github.com/gophish/gophish/compare/master...kgretzky:gophish:master

Dazmed707 commented 2 months ago

https://github.com/warhorse

a5ucanc commented 2 months ago

The problem is with the version of golang that is being used to build gopish (I dont know why it is working with the original and not here), but changing the version to 1.22 worked for me. Here is my Dockerfile for reference:

# Clone repo
FROM alpine AS clone

RUN apk add --no-cache git

RUN git clone https://github.com/kgretzky/gophish.git /tmp/gophish

FROM node:latest AS build-js

RUN npm install gulp gulp-cli -g

WORKDIR /build
COPY --from=clone /tmp/gophish  .
RUN npm install --only=dev
RUN gulp

# Build Golang binary
FROM golang:1.22 AS build-golang

WORKDIR /go/src/github.com/gophish/gophish
COPY --from=clone /tmp/gophish .
RUN go get -v 
RUN go build -v

# Runtime container
FROM debian:stable-slim

RUN useradd -m -d /opt/gophish -s /bin/bash app

RUN apt-get update && \
    apt-get install --no-install-recommends -y jq libcap2-bin ca-certificates && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

WORKDIR /opt/gophish
COPY --from=build-golang /go/src/github.com/gophish/gophish/ ./
COPY --from=build-js /build/static/js/dist/ ./static/js/dist/
COPY --from=build-js /build/static/css/dist/ ./static/css/dist/

RUN chown -R app:app ./

RUN setcap 'cap_net_bind_service=+ep' /opt/gophish/gophish

USER app

EXPOSE 333

CMD ["./gophish"]
ligouras commented 2 months ago

Thank you @a5ucanc, changing golang version to 1.22 worked for me as well!