a8bedc7fbc
Enhanced system prompt: - Professional cyber security expert role - Modern HTML/CSS styling instructions - Responsive design requirements - Persuasive and urgent tone guidance - Turkish language grammar emphasis - Realistic corporate email appearance Enhanced user prompt: - Better structured input with emojis (📌) - Clear field labels (HEDEF ŞİRKET, SENARYO, etc.) - Detailed HTML example with inline CSS - Button styling, footer, responsive design - Max 70 char subject line guidance - Multiple warnings for quality output All user inputs are sent to AI: ✅ company_name (Şirket Adı) ✅ scenario (Senaryo) ✅ employee_info (Çalışan Bilgisi) - optional ✅ custom_prompt (Ek Talimatlar) - optional template_name and template_type are for DB only, NOT sent to AI. This will produce much higher quality, styled HTML emails.
Oltalama Backend API
Phishing test yönetim sistemi backend API'si.
✨ Özellikler
✅ Authentication - Session-based login/logout
✅ Company Management - Şirket CRUD & istatistikler
✅ Token Management - Tracking token oluşturma & mail gönderimi
✅ Tracking - IP, GeoIP, User-Agent tracking
✅ Telegram - Gerçek zamanlı bildirimler
✅ Mail - Gmail entegrasyonu (Nodemailer)
✅ Templates - HTML mail şablonları (Handlebars)
✅ Stats - Dashboard ve detaylı istatistikler
🚀 Kurulum
npm install
cp .env.example .env
# .env dosyasını düzenle
npm run db:migrate
npm run db:seed
npm run dev
📡 API Endpoints
Authentication
POST /api/auth/login - Giriş
POST /api/auth/logout - Çıkış
GET /api/auth/check - Session kontrolü
GET /api/auth/me - Kullanıcı bilgisi
Companies
GET /api/companies - Tüm şirketler
POST /api/companies - Yeni şirket
GET /api/companies/:id - Şirket detay
PUT /api/companies/:id - Şirket güncelle
DELETE /api/companies/:id - Şirket sil
GET /api/companies/:id/tokens - Şirket tokenları
GET /api/companies/:id/stats - Şirket istatistikleri
Tokens
GET /api/tokens - Tüm tokenlar
POST /api/tokens/create - Token oluştur
POST /api/tokens/create-and-send - Token oluştur + mail gönder
GET /api/tokens/:id - Token detay
PUT /api/tokens/:id - Token güncelle
DELETE /api/tokens/:id - Token sil
POST /api/tokens/:id/send - Mail gönder
GET /api/tokens/:id/clicks - Tıklama geçmişi
Tracking (Public)
GET /t/:token - Tracking endpoint (IP, GeoIP, Telegram)
Templates
GET /api/templates - Tüm şablonlar
POST /api/templates - Yeni şablon oluştur
GET /api/templates/:id - Şablon detay (ID)
PUT /api/templates/:id - Şablon güncelle
DELETE /api/templates/:id - Şablon sil
GET /api/templates/type/:type - Şablon (type ile)
POST /api/templates/preview - Önizleme
Settings
GET /api/settings - Tüm ayarlar
PUT /api/settings/gmail - Gmail ayarları
PUT /api/settings/telegram - Telegram ayarları
POST /api/settings/test-gmail - Gmail testi
POST /api/settings/test-telegram - Telegram testi
Stats
GET /api/stats/dashboard - Dashboard özet
GET /api/stats/recent-clicks - Son tıklamalar
GET /api/stats/by-company - Şirket bazlı stats
🔐 Default Credentials
Username: admin
Password: admin123
📊 Database
SQLite database: database/oltalama.db
Tablolar:
- companies (3 örnek şirket)
- tracking_tokens
- click_logs
- mail_templates (2 şablon)
- settings
- admin_user
🧪 Test
# Health check
curl http://localhost:3000/health
# Login
curl -X POST http://localhost:3000/api/auth/login \
-H "Content-Type: application/json" \
-d '{"username":"admin","password":"admin123"}'
📝 Environment Variables
PORT=3000
BASE_URL=http://localhost:3000
SESSION_SECRET=your-secret-key
# Gmail
GMAIL_USER=your-email@gmail.com
GMAIL_APP_PASSWORD=your-app-password
GMAIL_FROM_NAME=Güvenlik Ekibi
# Telegram
TELEGRAM_BOT_TOKEN=your-bot-token
TELEGRAM_CHAT_ID=your-chat-id
🏗️ Yapı
src/
├── config/ - Database, Logger, Session
├── controllers/ - Route handlers (auth, company, token, tracking, etc.)
├── middlewares/ - Auth, error handler, rate limiter
├── models/ - Sequelize models
├── routes/ - API routes
├── services/ - Business logic (mail, telegram, token)
├── utils/ - Helpers (geoip, user-agent parser, token generator)
├── validators/ - Joi schemas
├── public/ - Static files (landing page)
└── app.js - Express app
✅ Durum
Tamamlanan:
- ✅ Authentication sistem (session-based)
- ✅ Company yönetimi (CRUD + stats)
- ✅ Token yönetimi (CRUD + mail)
- ✅ Tracking endpoint (IP, GeoIP, User-Agent)
- ✅ Telegram bildirimleri (real-time)
- ✅ Mail gönderimi (Gmail + Handlebars)
- ✅ GeoIP tracking (geoip-lite)
- ✅ User-Agent parsing
- ✅ Stats & Analytics (dashboard)
- ✅ Landing page (redirect)
- ✅ Rate limiting & Security
- ✅ Session storage (SQLite)
- ✅ Migrations & Seeders
Production Ready! 🎉