here are config files for using *[.]azurewebsites[.]net domain for phishing.
infrastructure setup:
azure function → nginx redirector → target framework (e.g. gophish)
the nginx redirector with the target framework stays hidden behind the azure function.
- /azurefunction: folder for azure function deployment
- /azurefunction/OwaCheckIn: endpoint files for phishin
- /azurefunction/OwaCheckIn_track: endpoint files for tracking email opening (for gophish)
- /nginx: nginx configuration
- /nginx/sites-available/phish.conf: nginx redirector accepting azurefunction and forwarding to local (gophish) framework
with Azure Functions Core Tools.
local testing:
func start
deployment to prod with app name evil
(after logging in with az login
):
func azure functionapp publish evil
Microsoft 365 Business Basic for $5.00 user / month. :) Free or trial may cause issues, it won't work as expected.
using is allowed only for educational and/or research purposes!
unauthorized phishing is prohibited.