- 2 min read


Enhance organizational security with Gophish, an open-source toolkit for simulating phishing attacks and training employees against cyber threats.

Gophish is an open-source phishing toolkit designed for security professionals and businesses to simulate phishing attacks. It's a versatile tool that assists in testing an organization's exposure to phishing to bolster defense mechanisms against such threats.

Gophish - Open Source Phishing Framework
Gophish - An Open-Source Phishing Framework

Key Features

  • One-Click Installation: Gophish is straightforward to set up with releases available for Windows, Mac, and Linux platforms.
  • Intuitive Web UI: The user interface is clean and easy to navigate, allowing for quick campaign creation, template importation, and result tracking.
  • Full REST API: The tool offers a powerful REST API providing programmatic access to Gophish functionalities, which is perfect for automation and integration with other tools.
  • Cross-Platform Support: Pre-built binaries are available for most platforms, ensuring compatibility and ease of deployment across different systems.
  • Detailed Reporting: Real-time results with detailed reports help measure the effectiveness of phishing simulations and identify potential vulnerabilities.
  • Email Tracking: Tracks email opens, link clicks, submitted data, and more to provide a comprehensive view of how recipients interact with phishing emails.
  • Scheduling Campaigns: Campaigns can be scheduled to launch at specific times, facilitating time-bound phishing assessments.
  • User Management: Manage user roles and permissions within Gophish to maintain operational security.
  • Docker Support: Docker containers are available for Gophish, simplifying installation and scaling across environments.
  • Community Support: Being open-source means there's community support available, including documentation and a place to report issues or contribute to the project.

Gophish Screenshots

Suggested Developer Use Cases

  • Security Awareness Training: Integrate Gophish into corporate training modules to educate employees about phishing threats in a controlled environment.
  • Automated Phishing Simulations: Use Gophish's REST API within low-code platforms to automate regular phishing simulation campaigns as part of security protocols.
  • Client Security Assessments: Offer phishing vulnerability assessments as a service by incorporating Gophish into existing security offerings for clients.
Stars Last commit Project status
Star Friday, September 15, 2023 🌟 Stale