Sold by: HailBytes
Deployed on AWS
Free Trial
Enterprise phishing simulation platform. One-click AWS deployment with email integration, campaign management, and analytics.
4.2
Overview
Image
SAT Onboarding
Image
SAT Audit Logs
Image
SAT Landing Page Editor
Video
Product video
Deploy Enterprise Phishing Simulation in Minutes
HailBytes SAT is a fully-managed, enterprise-grade phishing simulation platform that helps organizations test and improve their security awareness posture through realistic phishing campaigns.
What You Get
- Complete phishing simulation platform pre-configured and ready to use
- AWS-integrated deployment with EC2, RDS MySQL (optional), and Amazon SES
- Unlimited phishing campaigns with scheduling and automation
- Advanced analytics dashboard with real-time metrics
- Email template library with customization tools
- Landing page designer for capturing credentials (training)
- REST API for automation and integrations
- Standard support included (3-5 day response) - upgrade available
Perfect For
- Security teams running regular awareness training campaigns
- IT departments testing employee security awareness
- Compliance teams meeting security training requirements
- MSPs delivering phishing simulation services to clients
- Organizations of 50-10,000+ employees
Key Features
Campaign Management
- Create unlimited phishing campaigns
- Schedule campaigns for optimal timing
- Clone and reuse successful templates
- Multi-campaign dashboard
- Historical tracking and trending
Email Capabilities
- HTML email template designer
- Dynamic personalization (name, position, department)
- File attachments support
- Automatic tracking pixels
- Import from existing emails
- Amazon SES integration for high deliverability
Analytics & Reporting
- Real-time campaign metrics
- User interaction tracking (opens, clicks, data submission)
- Detailed timeline views
- Exportable reports (PDF, CSV)
- Trend analysis across campaigns
- Risk scoring by department/user
Integration & Automation
- Complete REST API
- Webhook notifications
- LDAP/Active Directory sync
- SAML/SSO authentication
- CI/CD integration support
Pricing
- $0.24 per vCPU/hour - Simple, transparent pricing
- 2 vCPU minimum, 8GB memory - Right-sized for most organizations
- ~$350/month starting cost - Database, storage, and networking included
- 30-day free trial available - Test with no commitment
- Standard support included - Professional and Enterprise support available as add-ons
Deployment Details
Infrastructure Included
- Compute: EC2 instance (t3.medium or larger)
- Database: RDS MySQL (optional) (DB included in VM)
- Email: Amazon SES integration (separate SES costs apply)
- Storage: EBS volumes for data persistence
- Networking: VPC, security groups, load balancer optional
Setup Time
- 5-10 minutes automated CloudFormation deployment
- Pre-configured security groups and IAM roles
- Production-ready out of the box
- Fully managed infrastructure
Security & Compliance
- SOC 2 Type II compliant infrastructure
- Data encryption at rest and in transit
- Private VPC deployment
- Customizable security groups
- Audit logging enabled
- GDPR/CCPA compliant data handling
Why HailBytes SAT?
vs. SaaS Phishing Platforms
- 50-70% cost savings vs. KnowBe4, Proofpoint, or Cofense
- Complete data ownership - all data stays in your AWS account
- No per-user licensing - unlimited users included
- Full customization - modify templates, workflows, branding
Getting Started
- Subscribe on AWS Marketplace (uses your AWS committed spend)
- Deploy using our CloudFormation template (5-10 minutes)
- Configure your first campaign using our template library
- Launch and monitor results in real-time
Technical Requirements
- AWS account with EC2, RDS, SES permissions
- Minimum: 2 vCPUs, 8GB RAM
- Recommended: 4-8 vCPUs for large organizations (500+ employees)
Highlights
- One-click AWS deployment
- Unlimited phishing campaigns with advanced analytics
- 30-day free trial with Standard support included
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
Ubuntu 24.04
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 30 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
m4.large Recommended | $0.48 |
t3.xlarge | $0.48 |
t3.large | $0.48 |
t3.medium | $0.48 |
t3.2xlarge | $0.48 |
Vendor refund policy
Contact us at david@hailbytes.com if you're unhappy with this product for any reason and we'll resolve your issue.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
HailBytes SAT v1.2077 - May 20, 2026
This release expands identity and compliance capabilities, adds multi-channel phishing simulation, broadens integration coverage, and modernizes the platform foundation.
Identity and access management adds SCIM 2.0 provisioning for automated user lifecycle, SAML and OIDC SSO with Microsoft Entra ID, Google, and Okta (including OIDC discovery), plus MFA/TOTP and tenant-aware admin workflows.
Compliance and reporting introduces compliance framework mapping across 20 modules covering PCI-DSS, HIPAA, SOC 2, ISO 27001, and LATAM frameworks. New evidence packs and signed PDF certificates of completion support audit needs. Remedial training assignment with repeat-offender risk scoring, historical risk snapshots, and trend reporting round out the reporting improvements.
Phishing and training expands beyond email with Twilio-powered SMS (smishing) and voice (vishing) simulations, QR-code lures, and AutoPhish template/page/group pools. New role-based training tracks for developers, finance, healthcare, and executive audiences include recurring campaigns, quiz tracking, and certificates. The built-in module and template library has been expanded.
Multi-tenant and MSP capabilities add cross-tenant rollups for activity, risk, and engagement across customer environments, plus system-level library flags and cloned-template governance.
SIEM and ticketing integrations add Microsoft Sentinel and Splunk for SIEM forwarding, and ServiceNow, Jira, and PagerDuty for ticketing workflows.
Email security integrations add Microsoft 365 Advanced Delivery and Google Workspace simulation support, plus Proofpoint TAP and Mimecast compatibility. User-reported phishing introduces an Outlook add-in, Gmail phish-report ingest, and a phishing-report slash command.
Data export adds scheduled exports to Amazon S3, Azure Blob Storage, and SFTP destinations.
Platform and operations modernizes the frontend with ES modules bundled via webpack and a Vitest unit-test harness, replacing the legacy gulp pipeline. Self-hosted opt-in analytics replace Mixpanel via a first-party event pipeline. Spanish and Brazilian Portuguese localization is now supported. Instance export and import enables backups and high-availability patching parity. An automated release pipeline publishes from main with generated patch notes, and first-time admin onboarding is smoother.
Upgrade notes: PostgreSQL is the only supported database engine. Migrations run automatically on startup; back up your PostgreSQL data before upgrading. Analytics remain opt-in and collect no data unless explicitly enabled.
Additional details
Usage instructions
HailBytes Security Awareness Training - v1.2077
== 1. First boot (2-3 minutes) == After launching the AMI, allow 2-3 minutes for hailbytes-sat, nginx, and PostgreSQL to initialize.
- SSH in: ssh -i your-key.pem ubuntu@<public-ip>
- The auto-generated admin password is printed in the SSH login banner and stored at /home/ubuntu/hailbytes-sat-initial-credentials.txt (delete after first login).
- Open the admin UI: https://<public-ip>:3333
- Log in as "admin" with that password. You will be forced to set a new password and are strongly encouraged to enable TOTP MFA on first login.
- Verify the service: curl -k https://<public-ip>:3333/api/ready curl -k https://<public-ip>:3333/api/instance/schema-version
== 2. Launch your first campaign ==
- Sending Profile - add an SMTP profile (AWS SES recommended). Use the in-app email-warming guide to ramp sender reputation gradually.
- Email Template - HTML editor with variable substitution: {{.FirstName}} {{.LastName}} {{.Email}} {{.Position}} {{.URL}} {{.RID}}.
- Landing Page - build a credential-capture or training page, or clone an existing site via the import URL field.
- Target Group - add recipients manually, import via CSV, or sync from LDAP / Active Directory / SCIM 2.0.
- Campaign - select template, landing page, sending profile, and targets; schedule or send immediately.
- Results - opens, clicks, submissions, and user-reported phish appear in real time. Export CSV or push events to SIEM via webhook.
== 3. AWS SES integration ==
- Verify your sending domain in AWS SES.
- Move SES out of sandbox (request production access).
- In SAT, create a Sending Profile: Host: email-smtp.<region>.amazonaws.com Port: 587 (STARTTLS) Auth: your SES SMTP credentials
- Send a test email, then ramp volume per the warming guide. EU customers: us-east-1 SES is not GDPR-appropriate -- use eu-west-1 or eu-central-1.
== 4. Network & security ==
- Admin UI: TCP 3333 (HTTPS) - restrict by Security Group to admin IPs.
- Phish srv: TCP 80/443 (nginx, SSL/TLS) - open to the public Internet.
- SSH: TCP 22, key-only auth - restrict by Security Group.
- AES-256-GCM at rest for all PII; key in /etc/hailbytes-sat/.
- Comprehensive audit logging with IP and user-agent tracking.
- UFW blocks all other ports by default.
== 5. High availability (optional) == For multi-AZ active-active behind an Application Load Balancer with RDS Multi-AZ Postgres and ElastiCache Redis:
- CloudFormation: deploy/aws/cloudformation-ha.yaml
- Cloud Shell: deploy/aws/provision-ha.sh
- Runbook: docs/AWS_HA_DEPLOYMENT.md HA patching helpers ship at: /opt/hailbytes/bin/ha-pre-patch-backup.sh /opt/hailbytes/bin/ha-post-patch-verify.sh
== 6. Backup & restore ==
- Export a full instance bundle (DB + uploads + config metadata): GET /api/instance/export -> .tar.gz
- Restore to a matching-version SAT host: POST /api/instance/import?confirm=replace-all-data=true The bundle records a SHA-256 fingerprint of the encryption key so a host with the wrong key is rejected before any data is written.
== 7. Service operations ==
- Status: sudo systemctl status hailbytes-sat
- Logs: sudo journalctl -u hailbytes-sat -f
- Restart: sudo systemctl restart hailbytes-sat If the UI is unreachable, wait 3 minutes after launch and confirm Security Group rules allow inbound 3333, 80, and 443.
== 8. Support ==
- Support portal: https://support.hailbytes.com (Entra ID SSO, SLA tracking, encrypted file storage, ticket dashboard)
- Email: support@hailbytes.com
- Documentation: https://hailbytes.com/sat/ For AWS-infrastructure issues (EC2, networking, SES, IAM), open a case through AWS Support on your account.
Resources
Vendor resources
Support
Vendor support
Support Resources
- Email: support@hailbytes.com
- Documentation: https://hailbytes.com/documentation/
- Product Page: https://hailbytes.com/sat/
- Support Plans: https://hailbytes.com/support-pricing/
Questions? Visit https://hailbytes.com or email sales@hailbytes.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Proofpoint
By NetSPI
Top
10
In eLearning, Application Stacks
Top
10
In Data Security and Governance
Top
10
In Assessments
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Campaign Management and Scheduling
Supports unlimited phishing campaigns with scheduling, automation, campaign cloning, multi-campaign dashboard, and historical tracking with trend analysis capabilities.
Email Template and Personalization
Includes HTML email template designer with dynamic personalization (name, position, department), file attachment support, automatic tracking pixels, and Amazon SES integration for email delivery.
Analytics and Reporting
Provides real-time campaign metrics with user interaction tracking (opens, clicks, data submission), detailed timeline views, exportable reports in PDF and CSV formats, and risk scoring by department or user.
Integration and Automation
Offers complete REST API, webhook notifications, LDAP/Active Directory synchronization, SAML/SSO authentication, and CI/CD integration support.
Security and Compliance
Implements SOC 2 Type II compliant infrastructure with data encryption at rest and in transit, private VPC deployment, customizable security groups, audit logging, and GDPR/CCPA compliant data handling.
AI-Driven Threat Detection
Utilizes artificial intelligence to detect and prevent advanced email attacks, phishing, credential theft, ransomware, business email compromise, and cloud account takeover threats.
Unified Cross-Channel Visibility
Provides centralized dashboard with holistic view of user interaction and threat telemetry across cloud, email, endpoint, and web channels in a cloud-native interface.
Automated Incident Response
Enables automated remediation and consistent, scalable incident response to sophisticated email attacks with reduced manual triage requirements.
Behavioral and Content Analysis
Correlates user activity, behavior patterns, and content analysis with threat intelligence and data movement to identify and prevent data loss and insider threats in real time.
Data Protection and Privacy Controls
Implements anonymization of user data, content snippet masking, and regional data residency management to protect user privacy while defending against data loss scenarios.
Penetration Testing Service
Penetration Testing as a Service (PTaaS) platform combining security professionals with AI and automation, delivering 50+ pentest types with streamlined workflows and accelerated remediation.
Attack Surface Management
Continuous visibility into internal and external attack surfaces with capabilities to discover unknown assets, identify exposure gaps, and prioritize remediation based on real-world risk contextualization.
Red Team and Adversary Simulation
Red team engagements simulating real-world adversaries to test people, processes, and technology, chaining vulnerabilities across identity, application, cloud, and infrastructure layers to demonstrate breach scenarios.
Specialized Security Assessment Teams
Dedicated teams specializing in application, cloud, infrastructure, identity, and mainframe security with proprietary testing frameworks and tooling for deeper technical validation.
AI-Accelerated Security Workflows
AI-accelerated platform experience enabling critical security workflows with reduced complexity, translating vulnerabilities into business and regulatory risk insights with real-time reporting and remediation guidance.
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
No security profile
-
-
-
-
-
No security profile
Standard contract
No
No
Customer reviews
Matdiallo Dussipour
Phishing simulations have strengthened user awareness and reveal real click and report behavior
Reviewed on May 19, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for Gophish is for penetration testing on cybersecurity with phishing links and others. We used Gophish to test the mindset of different users in the company. We used Gophish to send intrusion links and links by email, for example, links supposedly from sites they visit or related to their Facebook or Instagram account.
We determined the number of people who clicked on the link, those who reported it before clicking on the link, and those who did not click on the link. It was a survey campaign that we conducted after an awareness session that we carried out with the different users of the company.
What is most valuable?
The best features offered by Gophish stand out to me as most valuable because we can design virtual sites for intrusions, especially with cybercrime testing with phishing awareness. We have a backlog where we can monitor the number of links clicked and the number of links not clicked.
These elements are useful to me with Gophish because we actually understand the mindset of users after the awareness session, whether they have already absorbed the advice that was given to them. Through the phishing and penetration testing we conducted, Gophish has had a major positive impact on my organization, especially in my department, because we were able to find out whether the different users already understood the concept of phishing.
What needs improvement?
For the moment, I have nothing to suggest about Gophish; the application works very well and it offers many features. As you progress, you discover more and more options. I chose a rating of eight because there are always options to add and there are always upgrades that will be made.
For how long have I used the solution?
I have been using Gophish for a month.
What other advice do I have?
One piece of advice I give to those who need to use Gophish is to be patient and read extensively. If necessary, even follow user manuals to better grasp Gophish's functionality.
Gophish is a good structure and a good technological innovation that deserves to be studied and much better known by the world because not everyone knows Gophish. Gophish is good and the structure is solid. I gave this product a rating of eight out of ten.
reviewer2842815
Targeted phishing tests have revealed security gaps and guide staff awareness training
Reviewed on May 18, 2026
Review provided by PeerSpot
What is our primary use case?
What is most valuable?
The best features that Gophish offers are that it has an easy-to-use platform and that it also has documentation to guide you through the implementation.
The ease of use and the documentation have helped me in my daily work with Gophish because, having zero experience with this platform, by looking up the documentation and having an easy-to-use interface, it was much easier for me to learn and implement it in the organization.
Gophish has positively impacted my organization by finding security gaps among our collaborators, and we found people who did not know or did not understand security. This platform helped us to be able to train collaborators about phishing after the tests.
What needs improvement?
I think that Gophish could be improved, but currently, all the functionalities it has and all the types of platforms that can be implemented are very interesting. For my part, I would not see any improvement. I would like to add nothing else about possible improvements, even if they are minor details or suggestions for the future.
For how long have I used the solution?
I have been working in my current field for two years.
What do I think about the stability of the solution?
I consider Gophish to be stable.
What do I think about the scalability of the solution?
I consider the scalability of Gophish interesting; it is a platform on which you can increase the number of staff and the number of platforms to run tests on, as well as the number of independent tests I can perform.
How are customer service and support?
I have not needed customer support for Gophish so far.
Which solution did I use previously and why did I switch?
I did not use any other solution before implementing Gophish; it was the first time it was implemented, so this platform was used.
How was the initial setup?
Before choosing Gophish, I did not evaluate other options; it was an idea that came up after finding this platform.
What was our ROI?
I have seen a return on investment with Gophish, as indicated by the savings in implementation time and the responses we had to measure the awareness of the collaborators.
What's my experience with pricing, setup cost, and licensing?
My experience with the price, implementation cost, and licensing of Gophish is that personally, I have used the open platform, so we have not had to pay anything yet.
What other advice do I have?
My advice to other professionals who are considering using Gophish is that it is a platform for people who are just starting out and do not have the resources and also do not have knowledge. It is an excellent platform to start with and learn about the world of awareness campaigns for collaborators. It is an easy-to-use, stable platform; it can be set up on different platforms, whether Windows or Linux, and it is easy to use since it has an integrated interface that is very easy to use and it has no cost. Gophish would be an interesting platform to start testing awareness platforms for phishing campaigns. I would give this platform a rating of 10.
reviewer2842221
Running awareness campaigns has improved phishing assessments and simplified reporting
Reviewed on May 17, 2026
Review provided by PeerSpot
What is our primary use case?
I use Gophish to run fake awareness campaigns with our clients. Everything is framed and I use the product to send emails, get reporting, and then present the results afterward.
The objective of the campaign I carried out with Gophish was to determine the level of maturity of employees and staff. So the goal is to send an email to everyone and see the percentage of people who fall into the trap.
We analyze the results of these campaigns by going back with the same data but for different companies to see whether the alerts are being followed.
What is most valuable?
The best features that Gophish offers include importing an Excel CSV file to import all the users and creating a web page directly from the feature in the product.
Importing users was made much easier for me with Gophish, and the same applies for web pages, as it was very convenient.
Gophish has had a positive impact on my organization because it is open source, so it is free. The product is easy to get started with, and likewise the campaigns are very quick to prepare.
The time savings I noticed thanks to Gophish are exceptional. You can create templates.
What needs improvement?
I think Gophish could be improved with a user-level function, meaning if the person is strong or weak, we send more or fewer awareness emails, and rely on real attacks in order to be able to create a template by itself.
I have covered everything regarding the necessary improvements or points that could make Gophish even more effective in my view.
For how long have I used the solution?
It has been six years since I began working in my current field.
What do I think about the stability of the solution?
I would say Gophish is stable based on the only campaigns I have been able to run a few months ago.
What do I think about the scalability of the solution?
In my context, Gophish is scalable enough to handle an increasing number of users or campaigns because I have not had any slowdown when adding user groups.
How are customer service and support?
There is no support for Gophish because it is open source, so I have not needed to contact assistance or technical support for this tool.
We have no contact with Gophish aside from being a customer.
Which solution did I use previously and why did I switch?
I was not using another product before Gophish.
How was the initial setup?
I have noted time savings in the preparation of campaigns since I started using Gophish.
What about the implementation team?
I did not evaluate any competing solution because Gophish was the product that was already there when I arrived.
What was our ROI?
The time savings I noticed thanks to Gophish are exceptional.
What's my experience with pricing, setup cost, and licensing?
I find Gophish advantageous since it is open source, so there is no price or installation costs.
Which other solutions did I evaluate?
I did not evaluate any competing solution because Gophish was the product that was already there when I arrived.
What other advice do I have?
I do not know what advice to give to a company that is considering using Gophish regarding points to watch out for or anticipate. My overall rating for this product is 8 out of 10.
reviewer2842167
Targeted phishing campaigns have become streamlined and monitoring now improves team engagement
Reviewed on May 17, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for Gophish is sending phishing emails. The main benefit of using Gophish in phishing campaigns is the monitoring panel because sending emails by other methods already exists through other tools. The ease of configuration and the visual feedback in the tool is what makes me want to use Gophish.
What is most valuable?
In my opinion, the best features that Gophish offers are the customized dashboard.
The customized dashboard makes my work easier and brings benefits to the monitoring of campaigns because quick access and the information laid out in a user-friendly way allow me to monitor all campaigns in a single place.
Gophish has had a positive impact on my organization by using a tool that has an open-source version. We can start phishing campaigns that until a short time ago were not carried out. In addition, it is a tool with good features and a good dashboard but free, so it got everyone here excited.
I notice it in the team; people are a little more excited to configure, parameterize, and send new campaigns from within Gophish.
What needs improvement?
I believe that Gophish can be improved by increasing the number of possible integrations. However, the main point would be to make Gophish modular in relation to the campaigns that are carried out in order to allow it to be used not only in pentests or phishing pentests but also in Red Team Operations. For that, there is a need to make it more targeted and to configure stealth features.
For how long have I used the solution?
I have been using Gophish for around six months.
What do I think about the stability of the solution?
Gophish is stable.
What do I think about the scalability of the solution?
I cannot answer that question with certainty because I have not had the need to scale.
Which solution did I use previously and why did I switch?
At my current company, I do not use another solution.
How was the initial setup?
Gophish is deployed in my organization on a local server.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup costs, and licensing is very pleasant as I have only tested the open-source version.
Which other solutions did I evaluate?
I did not evaluate others before choosing Gophish because I had already taken a course on Gophish and I liked the tool, so I went straight to it.
What other advice do I have?
I would say not to think twice and to use Gophish; it is a good tool with excellent features and a good dashboard, so there is no reason to keep looking elsewhere. I would rate this product 8 out of 10.
Rocky Yuan
Targeted phishing campaigns have become highly customizable and track social engineering success
Reviewed on May 16, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for Gophish is red team engagements. During a red team engagement, we use Gophish to host the landing pages and send the emails for social engineering engagements. It tracks the progress of the social engineering engagement, including who has clicked what, who has entered what, and it also sends out the emails with custom templates for us.
What is most valuable?
The best feature that Gophish offers is its customizability. It makes everything look very professional and makes tracking very easy.
The customizability of Gophish helps my team significantly; the landing pages are a big bonus to make it look the intended target, and also the emails. Making them look believable improves the success rate significantly.
Gophish has positively impacted my organization by showing the value of doing social engineering, not necessarily just at Roblox, but in my previous roles where we could show that pretty much everyone clicks and it is more about what happens after you click.
What needs improvement?
For Gophish, there is a lack of integration with MFA and cookie captures that are more advanced attack methods. I have recently had to loop in Gophish with Evil GINX, which helps to capture the MFA and the sessions as well, so I think it could be improved from that aspect.
For how long have I used the solution?
I have been using Gophish for five years.
What do I think about the stability of the solution?
Gophish is stable.
What do I think about the scalability of the solution?
I have never had to scale Gophish because my engagements are not that big.
How are customer service and support?
Customer support is non-existent except through GitHub ; you could submit issues via open-source, but it is open-source.
Which solution did I use previously and why did I switch?
At one point, we did try to use KnowBe4 and we have also tried smaller vendors. I do not even remember the vendor name anymore; it has been that long. All of these presented issues with getting whitelisting done for some reason, and the emails were not landing, so we decided to continue to use Gophish.
Before choosing Gophish, I did evaluate other options including KnowBe4 and another one that we actually used for a while, but I do not remember the name, unfortunately.
How was the initial setup?
My experience with pricing, setup cost, and licensing for Gophish is great because it is free.
What was our ROI?
I have seen a return on investment generally because it is just time saved; if I were to self-create that, it would take a lot of tokens, so it is nice not to have to build it myself.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing for Gophish is great because it is free.
What other advice do I have?
My advice for others looking into using Gophish is that there are aspects of learning in terms of the template and making sure to set it up so that your domain does not get blocked; things of that nature. I would highly suggest putting Cloudflare in front. I would rate this product a 9 out of 10.
Which deployment model are you using for this solution?
Public Cloud