SATOpen source · MIT
Gophish
Community project
A free, self-hosted phishing simulation framework for building campaigns, landing pages, and tracking results through a REST API. Jordan Wright created the MIT-licensed project; tagged release activity has slowed, so prospective users should review the repository before deploying it.
Verified Source: 1
- Product type
- Community project
- Deployment
- On-premCLI
- Organization size
- IndividualSMBMid-marketEnterprise
- Pricing tier
- Free
Capability checklist
SATHow Gophish measures up against the full Security Awareness Training taxonomy.
- Phishing simulation campaigns — supported
- Sends realistic simulated phishing emails to measure and train employee response.
- Training content library — not supported
- Provides short, ongoing microlearning modules on security topics.
- Risk scoring by user & department — not supported
- Identifies which employees or teams pose the highest human risk.
- Compliance & completion tracking — supported
- Tracks who completed required training for audit and compliance purposes.
- Culture & behavior analytics — not supported
- Measures security culture trends across the organization over time.
- Automated remedial assignment — not supported
- Automatically assigns extra training to employees who fail a simulation.
Alternatives
Other Security Awareness Training tools with overlapping capabilities, sized for similar teams.
Appears in stacks
Real-world stacks that include Gophish.