Exporting/Importing Templates
PhishingBox provides tools that allow you to export templates from your Manage Templates page or import templates from the Create Templates page. Exports will download a .zip file containing the template's assets, and importing requires a .zip file that fits a specific schema. See sections below for more information.
Export Templates
To export templates, navigate to the Manage Templates page (/templates.php). In the templates table, you can export a template by clicking the 'Export' link in the respective template row's Action column's drop-down menu. You can also export multiple templates by clicking the templates' respective mass action checkbox then clicking the 'Export' button that appears in the template table's footer.
Exporting a template will export the template, its images, and its attachment (if applicable) in a .zip file. The .zip file will contain a file called template.json
that describes the template. The .zip file will also include the full phishing/training experience. I.e., if there are landing and/or training pages attached to the template, they will be included in the .zip file that is exported in a folder called 'landing'.
Import Templates
To import templates, navigate to the Create Template page. In the top-right corner, there is a button labeled 'Import Templates'. Click the button to open the upload widget. The widget will prompt you to select a phishing/training domain. The selected phishing/training domain will be assigned to any email templates imported. After selected a domain, drag and drop .zip files or browse the file system for properly formatted .zip files to import templates.
Formatting
In order for a template to import properly, the .zip file must conform to a specific schema. The .zip MUST contain a file named template.json
that contains a JSON object describing the template. The JSON object MUST adhere to the structure described by the create template API endpoint (api/v2/template/create). See the API docs for more information (/api_docs.php). In addition to the structure described by the API, a property named template_type
MUST be included in the JSON object. The template_type
property MUST have one of five values—
-
phishing_email
-
phishing_landing_page
training_page
training_email
To include landing/training page flows on the imported template, the landing/training pages MUST be included in a nested folder named landing
. Any templates in landing
files MUST adhere to the schema described above. The maximum depth of landing
files is two — any depth greater than two will result in a failed upload.
All templates exported from PhishingBox will follow the schema describe above.
Behavior
If the template.json
object includes the property uuid
, then the import will attempt to find a template with a matching uuid in the account. If one is found, a new template will not be created. Instead, the template with the matching uuid will be updated according to the structure described. If a uuid is not found, a new template will be created.
Exports contain the attached file if applicable. However, imports will not attach the file. If you wish to reattach the attachment, you will have to do so via the template editor.
If the imported .zip file is improperly formatted, the server cannot open the .zip file, or there are any errors saving imported templates, the upload will fail. A 400 Bad Request
error will be returned.
NOTE: It is recommended that you review the structure, content, and metadata of any imported templates after import.
Comments
0 comments
Please sign in to leave a comment.