Cyber Tool Stack
All tools
SATOpen source · MIT

Gophish

Community project

A free, self-hosted phishing simulation framework for building campaigns, landing pages, and tracking results through a REST API. Jordan Wright created the MIT-licensed project; tagged release activity has slowed, so prospective users should review the repository before deploying it.

Verified Source: 1

Product type
Community project
Deployment
On-premCLI
Organization size
IndividualSMBMid-marketEnterprise
Pricing tier
Free

Capability checklist

SAT

How Gophish measures up against the full Security Awareness Training taxonomy.

Phishing simulation campaigns — supported
Sends realistic simulated phishing emails to measure and train employee response.
Training content library — not supported
Provides short, ongoing microlearning modules on security topics.
Risk scoring by user & department — not supported
Identifies which employees or teams pose the highest human risk.
Compliance & completion tracking — supported
Tracks who completed required training for audit and compliance purposes.
Culture & behavior analytics — not supported
Measures security culture trends across the organization over time.
Automated remedial assignment — not supported
Automatically assigns extra training to employees who fail a simulation.

Alternatives

Other Security Awareness Training tools with overlapping capabilities, sized for similar teams.

Appears in stacks

Real-world stacks that include Gophish.

Search Cyber Tool Stack

Jump to any tool, vendor, category, or glossary term.