Gophish is an open-source phishing framework that simplifies security awareness training by simulating real-world phishing attacks to test and educate users.
Gophish is an open-source phishing framework designed to help organizations assess their vulnerability to phishing attacks. It enables administrators to create and send simulated phishing emails, track user interactions such as email opens and link clicks, and gather data on credential submissions. The platform features a user-friendly web interface for managing campaigns, crafting email templates, and defining target user groups. Gophish uses a REST API to facilitate integrations and automation. It supports cross-platform deployment on Windows, macOS, and Linux, making it accessible for diverse IT environments. The tool is primarily used by security professionals and IT administrators to conduct internal phishing simulations, educate employees about phishing risks, and improve overall security awareness within their organizations.
Gophish is an open-source phishing framework designed to help organizations assess their vulnerability to phishing attacks.
Explore all tools that specialize in create phishing email templates. This domain focus ensures Gophish delivers optimized results for this specific requirement.
Explore all tools that specialize in manage target user lists. This domain focus ensures Gophish delivers optimized results for this specific requirement.
Explore all tools that specialize in launch phishing campaigns. This domain focus ensures Gophish delivers optimized results for this specific requirement.
Explore all tools that specialize in track email open rates. This domain focus ensures Gophish delivers optimized results for this specific requirement.
Explore all tools that specialize in monitor link click rates. This domain focus ensures Gophish delivers optimized results for this specific requirement.
Explore all tools that specialize in capture submitted credentials. This domain focus ensures Gophish delivers optimized results for this specific requirement.
Allows users to import existing HTML email templates for phishing campaigns. This feature parses the HTML and makes it available for customization within Gophish.
Enables users to schedule the launch of phishing campaigns for a specific date and time, allowing for automated execution.
Offers a live dashboard that displays campaign results in real-time, including email opens, link clicks, and credential submissions.
Gophish provides a full REST API, which allows programmatic access to Gophish.
Gophish provides binaries for Windows, Mac OSX, and Linux, which makes it very versatile.
Download the latest Gophish release from the official website.
Extract the downloaded archive to your desired installation directory.
Configure the `config.json` file to specify listener addresses, database settings, and other parameters.
Generate self-signed certificates or configure existing TLS certificates for secure communication.
Launch the Gophish application by executing the appropriate binary for your operating system.
Access the web UI through your browser using the configured listener address.
Create your first user account and log in to the Gophish dashboard.
All Set
Ready to go
Verified feedback from other users.
"Gophish is appreciated for its ease of use and powerful features for simulating phishing attacks. Users find it a valuable tool for security awareness training and testing their organization's vulnerability."
0Post questions, share tips, and help other users.
Trail of Bits fortifies code by combining high-end security research with a real-world attacker mentality.
Vision AI that proves you're a real, unique human, replacing traditional MFA with privacy-safe face verification.
Automated web application security scanning.
Pindrop provides voice security and authentication solutions to detect fraud and protect against deepfakes in contact centers and meetings.
Openpath (Avigilon) provides industry-leading access control systems and technology to protect valuable assets through secure, reliable, and future-proof solutions.
PerimeterX Bot Defender safeguards digital customer experiences by distinguishing between legitimate users, trusted AI agents, and malicious bots, ensuring secure and trustworthy interactions.
Okta is the leading independent identity provider, securing every identity, from customers to workforce, enabling secure access and seamless experiences.
Eagle Eye Networks delivers AI-powered cloud video surveillance for proactive security and smarter business operations.