Gophish Reviews

Name: Gophish
Brand: HailBytes
Rating: 4.3 (18 reviews)

Vendor: HailBytes

4.3 out of 5

18 reviews
100% willing to recommend

Leave a review

What is Gophish?

Gophish is an open-source phishing toolkit aimed at simplifying the creation and execution of phishing campaigns for cybersecurity professionals.

Get the AWS Marketplace Buyer's Guide and find out what your peers are saying about Gophish and more!

Buyer's Guide

AWS Marketplace

June 2026

Get the category report

Helped 899,258 peers since 2012

Featured Gophish reviews

Juanfran Celdran

Administrador de sistemas informaticos en red at a consultancy with 201-500 employees

I think Gophish could be improved with more automation, for instance. It is great that you can create templates, schedule them, and do everything you want in Gophish, but it would be nice to have a small integrated AI model with which you could create email templates and phishing templates. It would be nice if Gophish implemented artificial intelligence. I wish Gophish could provide more support and be more advanced and that they continue developing it because it seems that Gophish does not get many updates, and I think they need to implement more features. It is great because it is free, but it needs more features. It would be cool if there was an artificial intelligence model that could create phishing campaigns or templates or email templates for you integrated within Gophish. I would rate it a seven. It is quite good and free software, but it needs more substance. It also depends on the number of clients a company has; it may be necessary to launch Gophish in a staggered way, which I also think is a drawback Gophish has. The issue is that if there are many people being targeted, for example, 5,000 employees in a company and you send 5,000, it may be that sending so many messages gets blocked by the security systems companies have. I think that Gophish could also improve the message sending flows. I gave it a seven because there are things to improve and it is not perfect. As I said before, it would be nice if templates could be created with AI, integrated into Gophish using an API with Gemini or ChatGPT or whichever, but the point is that it would be nice if the sending flows at large scale were better managed. When you send a phishing campaign to 5,000 people, you have to send it in sections in a staggered way, for example: to these 5,000 people it is going to be sent between eight in the morning and four in the afternoon. If you send them all at once, the phishing may get blocked and then the campaign has no effect. I would like it if Gophish implemented more improvements because they are needed, as it is kind of a bit stagnant. I hope that in the future they add more improvements including creating personalized templates with artificial intelligence and improving the message sending flows.

Read full review

Rocky Yuan

Senior Offensive Security Engineer at a computer software company with 1,001-5,000 employees

For Gophish, there is a lack of integration with MFA and cookie captures that are more advanced attack methods. I have recently had to loop in Gophish with Evil GINX, which helps to capture the MFA and the sessions as well, so I think it could be improved from that aspect.

Read full review

Anass Bekar

Senior Offensive Security Engineer at Secmund

Gophish could be improved by adding a section where you can manage payloads, so executables, and receive sessions; that is what is missing from it. It does not handle lists well either, so when you have a big list of email addresses or users, it crashes, perhaps in the sending of the emails or somewhere else, but it crashes. It would also be great if you added spam detection and prevention capabilities, so the emails you are using in your campaign do not get blacklisted. I do not think the user interface needs major improvements, as it is great. Sometimes, the difference between opened emails and sent feedback is a little bit confusing, but overall, I think it is great.

Read full review

Gophish mindshare

As of June 2026, the mindshare of Gophish in the AWS Marketplace category stands at 0.2%, up from 0.2% compared to the previous year, according to calculations based on PeerSpot user engagement data.

AWS Marketplace Mindshare Distribution
Product	Mindshare (%)
Gophish	0.2%
Stardog Enterprise Knowledge Graph Platform	0.4%
Freight Emissions API - Carbon data for shipping and logistics	0.3%
Other	99.1%

AWS Marketplace

Key learnings from peers

Last updated Jun 12, 2026

Valuable Features

"With Gophish, I am able to work in a more appropriate way on phishing awareness, and I am also able to make employees aware in an easy and appropriate way because they see how a phishing attack works in a real way."
"Gophish has impacted my organization positively in terms of security awareness, as I have noticed fewer phishing incidents and more responses towards reporting phishing emails as specific improvements."
"Gophish is one of the easiest tools that I can see available online, and a significant advantage is that it is free of cost and open source."

Room for Improvement

"Gophish can be improved by adding more languages and maybe a web version for it, a SaaS platform."
"The customer support needs improvement."
"Currently, we do not think Gophish requires much improvement other than a better graphical user interface."

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our AWS Marketplace Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	6
Midsize Enterprise	5
Large Enterprise	6

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	29
Midsize Enterprise	51
Large Enterprise	65

By visitors reading reviews

Top industries

By visitors reading reviews

Construction Company

27%

University

12%

Manufacturing Company

10%

Comms Service Provider

Financial Services Firm

Educational Organization

Security Firm

Outsourcing Company

Insurance Company

Retailer

Pharma/Biotech Company

Healthcare Company

Government

Computer Software Company

Energy/Utilities Company

Wholesaler/Distributor

Marketing Services Firm

Transportation Company

Hospitality Company

Learn more about Gophish

Designed to cater to organizations seeking to enhance their security awareness, Gophish offers a streamlined process for launching phishing simulations. It provides a customizable environment, allowing users to simulate real-world phishing scenarios efficiently. With its user-friendly interface, even those with limited technical skills can easily navigate and deploy effective campaigns. Gophish has become a vital tool for companies looking to test employee susceptibility to phishing attacks and refine their security protocols.

What are the key features of Gophish?

Campaign Automation: Automate phishing campaigns with pre-designed templates and schedules.
Customizable Landing Pages: Easily create and edit landing pages to closely mimic real phishing sites.
Real-time Reporting: Obtain immediate results and insights for each campaign to assess effectiveness.
User Management: Organize targets into groups for specific and detailed phishing simulations.

What benefits and ROI can users expect?

Enhanced Security Awareness: Users gain valuable insights into employee responses to phishing attempts.
Cost-effective Training: Reduces the need for expensive external security consultants.
Improved Incident Response: Helps organizations develop more robust protocols against security threats.
Scalable Solutions: Easily manage small to large-scale campaigns with minimal operational impact.

Gophish is widely adopted across banking, healthcare, and retail industries to tackle specific challenges related to phishing risks. In banking, it helps simulate threats that target customer financial information. Healthcare organizations leverage it to protect sensitive patient data by educating staff to recognize phishing attempts. In retail, Gophish assists in safeguarding consumer transaction data. Its adaptability and effectiveness make it a favored choice for diverse industry needs.

Product Categories

AWS Marketplace

Gophish Reviews Summary
Author info	Rating	Review Summary
Administrador de sistemas informaticos en red at a consultancy with 201-500 employees	3.5	I use Gophish for diverse phishing, smishing, and quishing campaigns, valuing its free, open-source, and customizable nature for clients. While it requires IT knowledge and offers great ROI, it needs more automation, AI for templates, and improved large-scale message sending flows.
Senior Offensive Security Engineer at a computer software company with 1,001-5,000 employees	4.5	I use Gophish for red team social engineering due to its excellent customizability, which saves time. While stable and free, it lacks MFA integration, requiring workarounds. Customer support is minimal, but it outperforms previous solutions, earning a 9/10 rating.
Senior Offensive Security Engineer at Secmund	4.0	I use Gophish for efficient phishing simulations, saving significant time and staff, praising its extensibility and ease of use. However, it needs payload management, better handling of large target lists, and spam prevention. I rate it 8/10.
Security Engineer at a manufacturing company with 1,001-5,000 employees	4.0	I use Gophish, a free, open-source tool, quarterly for phishing simulations, assessing employee awareness and identifying training needs. I value its ease and customization, despite wishing for a better GUI. I recommend it.
Software Engineer at TechZone LLC	4.0	As a core phishing simulation engine, Gophish offers reliable campaign creation, customizable templates, and excellent tracking/reporting, which I find most valuable. Its open-source nature, stability, and easy integration are great, though advanced reporting could improve. Overall, I rate it 8/10.
Cybersecurity Analyst at a university with 1,001-5,000 employees	4.0	I find Gophish excellent for phishing simulations, automating tasks, and saving significant time by reducing campaign setup from hours to minutes. However, its image booting time is a noticeable drawback, leading to my 8/10 rating.
Infrastructure Analyst at Biomtech	4.5	I extensively use Gophish for anti-phishing and awareness campaigns, highly valuing its detailed tracking and customization capabilities, which provided a significant ROI. While stable and scalable, I found the external email sending setup complex and wished it offered native campaign templates.
Senior Information Technology Auditor at a tech vendor with 10,001+ employees	4.0	I use Gophish for user-friendly phishing campaigns, finding it open-source, cost-effective, and easy to set up, which has improved our security awareness. I recommend it, despite needing better customer service and more detailed user manuals.

Gophish Reviews

What is Gophish?

Featured Gophish reviews

Gophish mindshare

Valuable Features

Room for Improvement

Review data by company size

Top industries

Learn more about Gophish

Related questions

Product Categories