PhishingBox provides tools that allow you to export templates from your Manage Templates page or import templates from the Create Templates page. Exports will download a .zip file containing the template's assets, and importing requires a .zip file that fits a specific schema. See sections below for more information.
To export templates, navigate to the Manage Templates page (/templates.php). In the templates table, you can export a template by clicking the 'Export' link in the respective template row's Action column's drop-down menu. You can also export multiple templates by clicking the templates' respective mass action checkbox then clicking the 'Export' button that appears in the template table's footer.
Exporting a template will export the template, its images, and its attachment (if applicable) in a .zip file. The .zip file will contain a file called
template.json that describes the template. The .zip file will also include the full phishing/training experience. I.e., if there are landing and/or training pages attached to the template, they will be included in the .zip file that is exported in a folder called 'landing'.
To import templates, navigate to the Create Template page. In the top-right corner, there is a button labeled 'Import Templates'. Click the button to open the upload widget. The widget will prompt you to select a phishing/training domain. The selected phishing/training domain will be assigned to any email templates imported. After selected a domain, drag and drop .zip files or browse the file system for properly formatted .zip files to import templates.
In order for a template to import properly, the .zip file must conform to a specific schema. The .zip MUST contain a file named
template.json that contains a JSON object describing the template. The JSON object MUST adhere to the structure described by the create template API endpoint (api/v2/template/create). See the API docs for more information (/api_docs.php). In addition to the structure described by the API, a property named
template_type MUST be included in the JSON object. The
template_type property MUST have one of five values—
To include landing/training page flows on the imported template, the landing/training pages MUST be included in a nested folder named
landing. Any templates in
landing files MUST adhere to the schema described above. The maximum depth of
landing files is two — any depth greater than two will result in a failed upload.
All templates exported from PhishingBox will follow the schema describe above.
template.json object includes the property
uuid, then the import will attempt to find a template with a matching uuid in the account. If one is found, a new template will not be created. Instead, the template with the matching uuid will be updated according to the structure described. If a uuid is not found, a new template will be created.
Exports contain the attached file if applicable. However, imports will not attach the file. If you wish to reattach the attachment, you will have to do so via the template editor.
If the imported .zip file is improperly formatted, the server cannot open the .zip file, or there are any errors saving imported templates, the upload will fail. A
400 Bad Request error will be returned.
NOTE: It is recommended that you review the structure, content, and metadata of any imported templates after import.