No more typing reviews! Try our Samantha, our new voice AI agent.
reviewer2850027 - PeerSpot reviewer
Senior Information Technology Auditor at a tech vendor with 10,001+ employees
Real User
Top 10
Jun 10, 2026
Targeted phishing simulations have strengthened security awareness and improved reporting rates
Pros and Cons
  • "Gophish has impacted my organization positively in terms of security awareness, as I have noticed fewer phishing incidents and more responses towards reporting phishing emails as specific improvements."
  • "The customer support needs improvement."

What is our primary use case?

My main use case for Gophish is phishing campaigns. A quick specific example of how I use Gophish for phishing campaigns is for security awareness and training.

I use it for tracking responses, ratings, and also analyze statistics regarding my main use case.

What is most valuable?

The best features Gophish offers are that it is user-friendly and easy to use. Its user-friendly interface helps me in my daily work by making setup quicker.

Gophish has impacted my organization positively in terms of security awareness. I have noticed fewer phishing incidents and more responses towards reporting phishing emails as specific improvements.

What needs improvement?

Including more templates would be nice, and it would be beneficial to elaborate more on the user manual on how to use Gophish as some users have been struggling in using the tool.

Gophish can be improved by elaborating more and putting more screenshots in providing user manuals and user instructions for users to make installation easier. I think including more phishing templates would be a needed improvement. Other improvements Gophish needs include having the setup instructions be more detailed and clear.

For how long have I used the solution?

I have been using Gophish for more than one year.

Buyer's Guide
Gophish
July 2026
Learn what your peers think about Gophish. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,146 professionals have used our research since 2012.

What do I think about the stability of the solution?

In my experience, Gophish is stable.

What do I think about the scalability of the solution?

The scalability of Gophish is good.

How are customer service and support?

The customer support needs improvement.

Which solution did I use previously and why did I switch?

I previously used other solutions before Gophish, and I switched to it because it is open-source and easy to use, which saves us costs.

How was the initial setup?

I did not purchase Gophish through the AWS Marketplace; I have installed it manually, only as a server. It is easier to install compared to other simulating tools.

What was our ROI?

I have seen a return on investment in terms of time saved; building phishing campaigns is much more straightforward, and the setup was acceptable, but with more instructions on the user manual, that would be quicker.

What's my experience with pricing, setup cost, and licensing?

My experience with pricing, setup cost, and licensing is that overall, it was good compared to other competitors.

Which other solutions did I evaluate?

Before choosing Gophish, I evaluated options such as King Fisher, Evilginx, and the B4, but I found that Gophish was an open-source and readily available tool with very little costs and also the flexibility of using my own templates.

What other advice do I have?

Regarding Gophish's AI capabilities, I find its governance and security overall acceptable. Regarding Gophish's AI capabilities, I think the accuracy and reliability of output are good. I would recommend others looking into using Gophish to use it for performing their security awareness and campaigns because it is easier to install compared to other simulating tools.

Providing more details and videos on proper tutorials would be helpful. I found this interview to be good; it is well-calibrated and conducted effectively. I would rate this review an 8 out of 10.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Jun 10, 2026
Flag as inappropriate
PeerSpot user
Mentor at Code Academy
Real User
Top 20
May 29, 2026
Real-time phishing simulations have improved security awareness in my projects
Pros and Cons
  • "Gophish has positively impacted my organization by helping my team reach our goals."
  • "I believe Gophish can be improved by adding new features based on attack types in the future, particularly for new zero-day attacks, and incorporating AI-based tools to enhance analyzing and automation."

What is our primary use case?

My main use case for Gophish is simulating attacks, and I primarily use it for my specialty in cybersecurity projects or simulating phishing attacks on some of my friends for my project goals and for obtaining certificates.

I had my final project and wanted to do something extra to earn extra points, so I created an email account with a domain name and a site for the phishing attack. I connected the site, emails, and all data with my Gophish account, added usernames and emails for sending phishing emails, created a phishing email, and sent it to all of them. Some of my friends clicked the link and submitted their usernames, passwords, and personal data, allowing me to analyze all the data they sent, including when they clicked the link and submitted the form. Gophish enabled me to see all personal data in real time.

I believe the best feature Gophish offers is the analyzing and dashboard part, which provides all data and information in specific formats, showing how many people clicked the link and sent data in diagrams that are very useful for me. Its user-friendly interface is another standout feature.

What is most valuable?

I believe the best feature Gophish offers is the analyzing and dashboard part, which provides all data and information in specific formats, showing how many people clicked the link and sent data in diagrams that are very useful for me. Its user-friendly interface is another standout feature.

I also appreciate that it works in real time with no delays. When someone sends data, it arrives on time without any issues. Gophish has positively impacted my organization by helping my team reach our goals. My teacher initially recommended Gophish because it was used in their organization for pen testing, simulating attacks, and testing employees, which inspired me to use it for my project and helped me earn maximum points while gaining real-world experience.

Gophish helped improve our security. For example, I sent dashboard screenshots to my friends, showing them that if they filled out emails that looked unverified, their data could be stolen. After they saw the data I collected correctly and realized I could use that information in sensitive areas, they decided to stop responding to such emails, recognizing that although it was a test, this could happen to anyone.

What needs improvement?

I believe Gophish can be improved by adding new features based on attack types in the future, particularly for new zero-day attacks, and incorporating AI-based tools to enhance analyzing and automation.

I believe the user interface is good, but it could benefit from a demo or introduction for users unfamiliar with Gophish. An AI chatbot could be integrated for assistance.

For how long have I used the solution?

I have been working in my current field for nearly six to eight months, but if I look at my projects, I have been working on them for a year.

What do I think about the stability of the solution?

Gophish is stable for me.

What do I think about the scalability of the solution?

Gophish can scale up and down based on demand, making it scalable.

How are customer service and support?

Customer support has been good and very responsive. I rate customer support ten out of ten as I did not encounter any problems.

Which solution did I use previously and why did I switch?

I used Gophish for the first time and did not have a previous solution that I switched from.

How was the initial setup?

My experience with pricing, setup cost, and licensing is ideal. Overall, it was good.

What was our ROI?

I have not seen a return on investment and cannot recall any relevant metrics such as money saved, time saved, or fewer employees needed.

What's my experience with pricing, setup cost, and licensing?

My experience with pricing, setup cost, and licensing is ideal. Overall, it was good.

Which other solutions did I evaluate?

I did not evaluate other options before choosing Gophish as my teacher recommended it.

What other advice do I have?

I advise others to use Gophish for both organizational and personal projects since it is an excellent and manageable tool. I rate this review ten out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 29, 2026
Flag as inappropriate
PeerSpot user
Buyer's Guide
Gophish
July 2026
Learn what your peers think about Gophish. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,146 professionals have used our research since 2012.
VINICIUS DA SILVA - PeerSpot reviewer
analista de segurança da informação at a financial services firm with 201-500 employees
Real User
Top 5
Jun 12, 2026
Practical phishing campaigns have raised staff awareness but still need more languages and SaaS access
Pros and Cons
  • "With Gophish, I am able to work in a more appropriate way on phishing awareness, and I am also able to make employees aware in an easy and appropriate way because they see how a phishing attack works in a real way."
  • "Gophish can be improved by adding more languages and maybe a web version for it, a SaaS platform."

What is our primary use case?

My main use case for Gophish is for employee awareness within the company, and I use it for phishing campaigns.

I create emails to raise employee awareness and send them to see if employees end up clicking. If they click, I reach out to them after finishing the campaign and conduct awareness work so they do not fall for phishing.

I configure Gophish within our Office 365 and proceed with the campaigns, sending emails similar to Microsoft's, emails similar to service providers', and I analyze the results. If someone falls for it, I then handle awareness together with that person.

What is most valuable?

The main point of Gophish is the automated sending, as I can send to several email addresses at once by uploading a list of emails.

I also consider the SMTP configuration of the server from which I send the emails to be a differentiator because it is very simple to do.

With Gophish, I am able to work in a more appropriate way on phishing awareness, and I am also able to make employees aware in an easy and appropriate way because they see how a phishing attack works in a real way. This allows them to become aware in a more practical way.

I did notice a measurable change as employees are more aware of phishing and the number of incidents has decreased because they now know how phishing works.

What needs improvement?

Gophish can be improved by adding more languages and maybe a web version for it, a SaaS platform.

I rate it a seven because of the improvements I mentioned. I think if it were a SaaS platform and had more languages, including Brazilian Portuguese, it might be a ten.

For how long have I used the solution?

I have been using Gophish for around three years.

What do I think about the stability of the solution?

Gophish is stable.

What do I think about the scalability of the solution?

Gophish's scalability is good today and does not cause problems, and I can work with it.

How are customer service and support?

I have never needed to use Gophish's customer support.

Which solution did I use previously and why did I switch?

I did not use another solution and only use Gophish.

How was the initial setup?

My experience with pricing, setup costs, and licensing has been great. There are no costs since Gophish is publicly licensed software, and it was easy to implement because there are no costs.

What about the implementation team?

We do not have any business relationship with this vendor besides being a customer.

What was our ROI?

I have gotten a return on investment.

What's my experience with pricing, setup cost, and licensing?

There are no costs since Gophish is publicly licensed software, and it was easy to implement because there are no costs.

Which other solutions did I evaluate?

I evaluated some options on the market before choosing Gophish, but the cost was very high. I chose Gophish because it has a relatively low cost and features that are more appropriate for what I need on a daily basis.

What other advice do I have?

My advice to others who are thinking about using Gophish is to use it because it is a very practical tool for running phishing tests, it is very easy to configure, and it is free. I would rate this product a seven out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Jun 12, 2026
Flag as inappropriate
PeerSpot user
Security Analyst at a consultancy with self employed
Real User
Top 20
May 28, 2026
Internal phishing training has improved awareness and supports repeatable low cost campaigns
Pros and Cons
  • "The best features Gophish offers are that it is free and it can detect if the user reads the email, clicks the email, and submits the info in your attachment."
  • "Regarding how Gophish can be improved, the latest update is from 2022."

What is our primary use case?

My main use case for Gophish is internal assessment for my small company and for low budget clients.

What is most valuable?

The best features Gophish offers are that it is free and it can detect if the user reads the email, clicks the email, and submits the info in your attachment. The best aspect is that it can save your data, but it needs to be configured manually. It is a little bit tricky, but eventually you will get through it. You can refer to many resources on the internet such as any community or GitHub.

Out of those features, I find most valuable the ability to use a campaign multiple times. I can copy the campaign and change just a little bit, so I can eventually have less hard work, such as just changing the recipient and domain for my other clients or other targets.

For Gophish's impact, particularly for my company, I am not sure. However, from a technical perspective, I understand many things. From the company's side, they see it as a good tool for internal phishing.

What needs improvement?

Regarding how Gophish can be improved, the latest update is from 2022. I am not sure if the creator is still updating it or if other contributors want to improve it. What I can say is that currently you should make sure all the features are usable and update the documentation. There are some features that are there but not usable, so just double-check all the current features and fix them.

There is a feature in the dashboard where you can see if the user is reporting the email or not. I found out that the function is not working well because I have followed the documentation and the Reddit community and other communities that I found on the internet to make sure that the reporting indication is working well. I tried it myself to report and it did not show that I have reported it in Gophish. Other than that, the rest is working well.

For how long have I used the solution?

I have been using Gophish for one year.

What do I think about the stability of the solution?

Gophish is stable. It depends on your hosting and your configuration settings.

What do I think about the scalability of the solution?

The scalability of Gophish also depends on your hosting. If your hosting has basic features, you can handle a basic amount of employee emails. If you are targeting many more targets, you have to upgrade.

How are customer service and support?

There is no customer support for Gophish.

Which solution did I use previously and why did I switch?

I have no previous solution, but after using Gophish, I know another solution such as KnowBe4.

How was the initial setup?

Since Gophish is a framework that is free or open source, I need to set up many things manually, such as hosting. I am using public hosts such as AWS. I need an email delivery service. I use Mailgun, and I can also use other frameworks for phishing assessment such as Evilginx. I can sometimes do it with Evilginx and sometimes I am not using Evilginx. That is basically the part that needs a basic setup for Gophish. If one of these is not there, then eventually you cannot do Gophish.

What I learned from using Gophish is to set up hosting for Gophish, set up an email delivery service, set up a domain into AWS, and learn more technical things in AWS and Amazon.

What about the implementation team?

It needs really few employees, which is very money saving. Time saving is something where you need to invest some time, especially if you are newly into the niche. So far for return on investment, for me, it is really return on investment. For project-based investment, it is also a return, but there are more capable and better paid frameworks that can do better than Gophish.

What was our ROI?

For pricing for the domain, it is cheap in Malaysian currency. For hosting, you need to really target how long you want to do it or the cost will be high. The pricing is very affordable; I can say less than ten dollars. Since Gophish is free, it has no licensing.

What's my experience with pricing, setup cost, and licensing?

I did not purchase Gophish. I just purchased hosting services.

Which other solutions did I evaluate?

Before choosing Gophish, I found that Gophish is a good framework, better than others.

What other advice do I have?

I am not sure what else to add about how I use Gophish for these assessments, but that is all I do with hosting using public hosts. My advice to others looking into using Gophish is to use it and good luck. You can do it. I think all works perfectly with Gophish. I would rate this product eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 28, 2026
Flag as inappropriate
PeerSpot user
Especialista em Segurança da informação at a manufacturing company with 501-1,000 employees
Real User
Top 20
May 20, 2026
Phishing simulations have improved awareness and now redirect resources to deeper security training
Pros and Cons
  • "Gophish, despite being a free tool, fits very well because it has all the features we need, from creating landing pages and creating the email to tracking the click traffic and the ingestion of information."
  • "When I send to more than 300 recipients, I am forced to split it into several sends because the tool doesn't behave effectively and freezes."

What is our primary use case?

Gophish is used in my current company and in my previous one for anti-phishing campaigns, awareness campaigns, and training in the company.

In our last campaign, for example, we created a fake iFood ad where the user had to click on the link. This link would take them to a login screen for our corporate email. After entering their information, they received an alert saying they had fallen for a phishing attempt, with a link for them to join a training campaign. All of this with analysis was created within Gophish.

What is most valuable?

Gophish, despite being a free tool, fits very well because it has all the features we need, from creating landing pages and creating the email to tracking the click traffic and the ingestion of information. We stopped spending on a paid tool and can redirect that budget to other needs. All thanks to Gophish, which is a complete and free tool.

All features are useful, from uploading recipients in bulk to creating landing pages, creating emails, and having tracking of the entire email trail. I can track sending, receiving, clicking on the link, managing information, and whether the person then joined the training campaign. All these items in Gophish are absolutely valuable.

With the tracking of the email trail, I can truly know the campaign's adherence, if it was received, if it was read, and if data was input. After the data was input, I can see what the user did. I have a complete mapping of the phishing campaign to know whether it was really accurate and met our expectations.

What needs improvement?

I don't see anything that Gophish needs to improve within the scope of a free tool. An integration with Active Directory and Azure AD for login would be interesting.

Gophish is a great tool; for what it proposes, it delivers. I would also suggest an improvement regarding recipients. When I send to more than 300 recipients, I am forced to split it into several sends because the tool doesn't behave effectively and freezes.

For how long have I used the solution?

I have been in my field for 8 years.

What do I think about the stability of the solution?

From the first moment I looked for a good, robust, and free phishing campaign solution, Gophish was the first and only one I used. I have never had problems with it.

What do I think about the scalability of the solution?

It scales effectively. The only problem is the issue with recipients. If I have a list with more than 300 recipients, I am forced to split it into several blocks.

How are customer service and support?

I have never needed support.

Which solution did I use previously and why did I switch?

I didn't have any problems because the setup has a lot of documentation, there is support, and I didn't have any licensing because we use the free version.

What was our ROI?

It made it possible for us to direct financial and human resources toward training, hiring training tools, hiring support to improve the security of the environment.

What's my experience with pricing, setup cost, and licensing?

Since it is a free tool, I had no costs. However, it brought me several strategic advantages for directing resources.

Which other solutions did I evaluate?

I don't remember specifically which alternatives were evaluated, but others were considered and we did not proceed with them.

What other advice do I have?

Go for it. Gophish is a good, complete tool that delivers everything it promises and is efficient. This review receives a rating of 10.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 20, 2026
Flag as inappropriate
PeerSpot user
reviewer2842167 - PeerSpot reviewer
Especialista em Cibersegurança at a security firm with 5,001-10,000 employees
Real User
Top 10
May 18, 2026
Targeted phishing campaigns have become streamlined and monitoring now improves team engagement
Pros and Cons
  • "I would say not to think twice and to use Gophish; it is a good tool with excellent features and a good dashboard, so there is no reason to keep looking elsewhere."
  • "I believe that Gophish can be improved by increasing the number of possible integrations."

What is our primary use case?

My main use case for Gophish is sending phishing emails. The main benefit of using Gophish in phishing campaigns is the monitoring panel because sending emails by other methods already exists through other tools. The ease of configuration and the visual feedback in the tool is what makes me want to use Gophish.

What is most valuable?

In my opinion, the best features that Gophish offers are the customized dashboard.

The customized dashboard makes my work easier and brings benefits to the monitoring of campaigns because quick access and the information laid out in a user-friendly way allow me to monitor all campaigns in a single place.

Gophish has had a positive impact on my organization by using a tool that has an open-source version. We can start phishing campaigns that until a short time ago were not carried out. In addition, it is a tool with good features and a good dashboard but free, so it got everyone here excited.

I notice it in the team; people are a little more excited to configure, parameterize, and send new campaigns from within Gophish.

What needs improvement?

I believe that Gophish can be improved by increasing the number of possible integrations. However, the main point would be to make Gophish modular in relation to the campaigns that are carried out in order to allow it to be used not only in pentests or phishing pentests but also in Red Team Operations. For that, there is a need to make it more targeted and to configure stealth features.

For how long have I used the solution?

I have been using Gophish for around six months.

What do I think about the stability of the solution?

Gophish is stable.

What do I think about the scalability of the solution?

I cannot answer that question with certainty because I have not had the need to scale.

Which solution did I use previously and why did I switch?

At my current company, I do not use another solution.

How was the initial setup?

Gophish is deployed in my organization on a local server.

What's my experience with pricing, setup cost, and licensing?

My experience with pricing, setup costs, and licensing is very pleasant as I have only tested the open-source version.

Which other solutions did I evaluate?

I did not evaluate others before choosing Gophish because I had already taken a course on Gophish and I liked the tool, so I went straight to it.

What other advice do I have?

I would say not to think twice and to use Gophish; it is a good tool with excellent features and a good dashboard, so there is no reason to keep looking elsewhere. I would rate this product 8 out of 10.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 18, 2026
Flag as inappropriate
PeerSpot user
reviewer2845620 - PeerSpot reviewer
Analista de Infraestrutura de TI at a tech vendor with 11-50 employees
Real User
Top 5Leaderboard
May 28, 2026
Targeted phishing campaigns have boosted user awareness and now provide actionable metrics
Pros and Cons
  • "I think Gophish is a fantastic tool that, at least for my use case, worked perfectly."
  • "Gophish can be improved in that it is an open-source solution and there is a bottleneck issue related to sending emails."

What is our primary use case?

My primary use case for Gophish is using it extensively for anti-phishing campaigns and awareness campaigns with employees. I believe it is an excellent tool to train users against phishing emails and awareness in general, as well as to understand how users are behaving when they receive a phishing email, if they end up clicking on that email, if they click on the links in that email, and if they end up entering information. I am able to have that level of granularity with Gophish.

What is most valuable?

The best features that Gophish offers are the ability to track these metrics in a detailed way. This includes the number of emails sent, the number of emails opened, the number of emails that were opened and had the link accessed, the number that had information entered, and the users who reported that email as phishing. The ability to customize this email as well, making it more professional-looking and less like a phishing email, is valuable. You can parameterize it using HTML, CSS, and some basic JavaScript, and you can do some cool things such as pointing to a link. In my case, I used a staging infrastructure and I was able to deploy what I needed, which was an authentication screen. I basically made a form with username, password, and a login button, actually simulating logging into the corporate system. You can format this entire email and much more. With this tracking, you can also send various campaigns in a targeted way. If you want to target, say, the sales team, support, development, the board of directors, HR, and human resources, and so on, you have that capability. I think Gophish is a fantastic tool that, at least for my use case, worked perfectly.

Gophish had a positive impact on my organization because I was able to run awareness campaigns, measure and present the data to the board, and also do more targeted work with users who were, let's say, more careless with entering sensitive information. Gophish itself gives us these metrics directly. The number of emails sent, opened, links clicked, information entered, and emails reported are all available directly through Gophish. Based on these metrics, I processed them and put them into an executive report, which I presented to the board so that we could also move forward with other layers of security and improvements, mainly focused on users.

What needs improvement?

Gophish can be improved in that it is an open-source solution and there is a bottleneck issue related to sending emails. You basically have to provide an external service and set up a connection to actually send the emails. You need a third-party service to make this connection so that you can actually use the full capabilities of Gophish. This part specifically is really complex and difficult. I think there could be options within Gophish itself that allow you to handle this in a more streamlined way. Of course, Gophish is a tool more obviously geared toward the IT team that will do all the configurations and create all the pages and contexts. However, the email-sending part, where I needed to use an external service, is a bottleneck that the development team could look into regarding how it might be improved.

I think Gophish could natively include templates for use in campaigns because you currently have to develop the whole campaign yourself. If you also had some pre-built email templates, maybe with the ability to integrate some AI agent, that would be an interesting feature as well. I believe the main improvement would be the inclusion of templates that you can use as pre-built models so you can get started faster with Gophish and also address the email-sending issue.

For how long have I used the solution?

I have been using Gophish for about two years.

What do I think about the stability of the solution?

Gophish is stable.

What do I think about the scalability of the solution?

The scalability of Gophish is very good, and I was impressed with it.

How are customer service and support?

Gophish's customer support is not something I investigated deeply since it is an open-source solution. Of course, you have the community on GitHub and many ways to research. There is also Gophish documentation, which I saw exists. However, Gophish is a very intuitive tool, so it does not raise major questions. I did not need any support from their team.

How was the initial setup?

There is no licensing cost, and because Gophish is open source, it gives you the flexibility to customize the tool itself the way you want. I do not give it a 10 because it is missing some refinements. For example, having some templates already available so you can get started faster would be helpful. Sometimes having ways to integrate email sending directly with some of the more popular services would also be useful, or enabling you to do everything you need directly on the platform without needing, as I did in my case, a third-party service for mass email sending.

What about the implementation team?

Gophish is deployed in my organization in a public cloud. I use AWS as my cloud provider. I did not acquire Gophish through the AWS Marketplace.

What was our ROI?

I have seen a return on investment with Gophish because I was able to run a phishing-awareness campaign in a cost-effective way. That is, I did not need to spend money on licenses or invest time in developing a technology or solution for this. The benefits were practically immediate. I configured and customized everything in about two days. Obviously, it was not two full days; it was part of one day and part of the next to configure and customize everything I needed. The return was very high. I was able to generate an executive report, present it to the board with an action plan, and then execute that action plan, which was to guide employees, especially focusing on those who fell for the phishing.

What's my experience with pricing, setup cost, and licensing?

My experience with Gophish regarding pricing, setup costs, and licensing is that because it is an open-source tool, I did not have any costs related to licensing with it.

Which other solutions did I evaluate?

Before choosing Gophish, I did look at SaaS solutions on the market and ready-made solutions. However, since the nature of the solution is phishing awareness campaigns, it is understood that I am not going to be doing this every month because otherwise users will say they already know this is phishing. When a real phishing attack comes, they might actually be more likely to fall for it. I believe it has to be targeted; you have to catch users by surprise. I do it periodically, but not on fixed intervals, that is, not exactly every two months or every three months, but every certain period of time I end up using Gophish.

What other advice do I have?

My advice to others who are thinking about using Gophish is that, especially in my context, which is a small company with about 50-plus employees, you should take into account the users' skill level and maybe run awareness campaigns even beforehand, informing users in advance, and then after some time, plan the execution and how you will actually use Gophish. I believe it will meet many of the scenarios that exist in the market today, at least for small companies. For small companies with about 10 to 50 employees, it works perfectly. Below that, you can still use it, but if you have very few employees, perhaps direct interaction or even creating an email yourself and sending it to the user to see if they will click on it or not, might even be faster. If you think about a very small team, you may not have any IT person at all. If it is a very large company, maybe a commercial solution will deliver more features that might be interesting for large enterprises. You have to analyze each situation based on your objectives and what you expect from the solution and what your goals are. If you want to run an awareness campaign, as in my case, and know your users' level of whether they are likely to click on the link, report it to the IT team, enter information, and especially what you do after completing the campaign, I think that is essential. You can get these metrics and deliver everything that is needed. I would rate my overall experience with Gophish as a 9 out of 10.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 28, 2026
Flag as inappropriate
PeerSpot user
Supervisor Informatic
Real User
Top 20
May 19, 2026
Phishing simulations have strengthened user awareness and reveal real click and report behavior
Pros and Cons
  • "Gophish is a good structure and a good technological innovation that deserves to be studied and much better known by the world because not everyone knows Gophish."

    What is our primary use case?

    My main use case for Gophish is for penetration testing on cybersecurity with phishing links and others. We used Gophish to test the mindset of different users in the company. We used Gophish to send intrusion links and links by email, for example, links supposedly from sites they visit or related to their Facebook or Instagram account.

    We determined the number of people who clicked on the link, those who reported it before clicking on the link, and those who did not click on the link. It was a survey campaign that we conducted after an awareness session that we carried out with the different users of the company.

    What is most valuable?

    The best features offered by Gophish stand out to me as most valuable because we can design virtual sites for intrusions, especially with cybercrime testing with phishing awareness. We have a backlog where we can monitor the number of links clicked and the number of links not clicked.

    These elements are useful to me with Gophish because we actually understand the mindset of users after the awareness session, whether they have already absorbed the advice that was given to them. Through the phishing and penetration testing we conducted, Gophish has had a major positive impact on my organization, especially in my department, because we were able to find out whether the different users already understood the concept of phishing.

    What needs improvement?

    For the moment, I have nothing to suggest about Gophish; the application works very well and it offers many features. As you progress, you discover more and more options. I chose a rating of eight because there are always options to add and there are always upgrades that will be made.

    For how long have I used the solution?

    I have been using Gophish for a month.

    What other advice do I have?

    One piece of advice I give to those who need to use Gophish is to be patient and read extensively. If necessary, even follow user manuals to better grasp Gophish's functionality.

    Gophish is a good structure and a good technological innovation that deserves to be studied and much better known by the world because not everyone knows Gophish. Gophish is good and the structure is solid. I gave this product a rating of eight out of ten.

    Which deployment model are you using for this solution?

    On-premises

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    Last updated: May 19, 2026
    Flag as inappropriate
    PeerSpot user
    Bright Boateng - PeerSpot reviewer
    Soc Analyst And Threat Intelligence Analyst at CYBERTEQ
    Real User
    Top 20
    May 22, 2026
    Targeted simulations have improved phishing awareness and support ongoing security training
    Pros and Cons
    • "Gophish has really improved security awareness in my organization."
    • "Although the tool is very good, I think there could be some improvements, especially when it comes to leveraging AI for testing and also when it comes to the expansion beyond email phishing."

    What is our primary use case?

    My main use case for Gophish is to create phishing campaigns and to test, mostly for phishing simulation across organizations. I create custom templates when I set up those phishing campaigns, and I also set up the campaign according to the departments.

    What is most valuable?

    One of the best features I like in Gophish is the site importation feature that allows you to import sites by simply pasting the URL of any existing landing page in order to automatically get the HTML and CSS content, a clone of it.

    Another feature I find valuable is the built-in credential harvesting feature which allows you to harvest credentials when it comes to your phishing simulations.

    Gophish has really improved security awareness in my organization. As we conduct phishing simulations, we also make sure we conduct awareness training alongside them. After the phishing simulation that we do, with the results that we get, we make sure we do the necessary remediations and take the necessary actions. For instance, if we realize that a particular person is a victim to the phish test that we conducted, what we do is educate the person and train the person so that the person becomes aware of phishing and aware of their security, and also helps them have some form of knowledge when it comes to their security.

    I cannot give exact numbers, but what I can say is there has been a reduction in phishing. There has been a reduction in interaction with phishing emails, so most people have become aware now. Whenever they see a phishing email, they really know that it is a phishing email based on certain features that we have taken them through in order for them to identify whether an email is phishing or not. We have made them aware and also utilized the tool in order to help them have a feel of how it works in the real world. We taught them features such as typo-squatting and many other techniques.

    What needs improvement?

    I wish you could add AI features to Gophish, because since AI is a new thing, I think leveraging it in the tool is going to help a lot. It is going to make work easier and faster, for instance, when it comes to setting up the phish.

    An improvement that could be done would be expanding the tool beyond phishing, adding other multi-channel attacks such as deepfake voice scams, vishing, or smishing. Adding other features when it comes to social engineering would be beneficial.

    Although the tool is very good, I think there could be some improvements, especially when it comes to leveraging AI for testing and also when it comes to the expansion beyond email phishing.

    For how long have I used the solution?

    I have been using Gophish for about two years now.

    What do I think about the stability of the solution?

    Gophish is very stable and highly stable.

    What do I think about the scalability of the solution?

    Gophish is highly scalable and very scalable.

    How are customer service and support?

    I have never reached out to customer support before. What I normally do is research, sometimes read the documentation, or sometimes go through some YouTube videos to find my way around things instead of contacting support directly. If I do everything that I have already said and it does not work out, the next thing I tend to do is contact customer support. As of now, I have never contacted customer support before.

    Which solution did I use previously and why did I switch?

    Another tool that I have used was Evilginx, but I did not switch. I think I like using Gophish because it is a lot simpler, simple to use, and simple to set up.

    What other advice do I have?

    For others looking into Gophish, my advice to them is for them to really start using it. They should not be wasting time on planning. As long as they have the mentality that they are going for Gophish, they should just start using the tool and stop planning. This is because the tool is very great. When it comes to scalability, when it comes to setting up phishlets, everything has been made simple. I think, especially for those who are now starting with phishing, this would be a great start because you can clone other websites easily and do many other actions easily. Setting up a campaign is also very simple. Gophish has made the user experience very easy for its users, and that is a good thing. I rate this product a nine out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    Last updated: May 22, 2026
    Flag as inappropriate
    PeerSpot user
    reviewer2841939 - PeerSpot reviewer
    IT Secur IT Y at a manufacturing company with 11-50 employees
    Real User
    Top 20
    May 15, 2026
    Security training has revealed employee awareness gaps and provides clear phishing metrics
    Pros and Cons
    • "I really appreciate using Gophish because it is open-source and non-paid, which provides cost savings for the company and allows modifications so you can use it in your own way."
    • "The improvement I want to be made to Gophish is at the DNS level."

    What is our primary use case?

    I am using Gophish for awareness training for my employees in my company. My main use case for Gophish is because it is easy to set up, easy to use, and very user-friendly.

    What is most valuable?

    I really appreciate using Gophish. I was offered many platforms, but I chose Gophish because it is open-source. With open-source software, there are modifications you can add so you can use it in your own way. Gophish is open-source and non-paid, which provides cost savings for the company. According to the summary, 3% of my employees are aware and the other 97% are not aware. This has made it easier for me to create a report on how the users in my organization use the internet in terms of security.

    Gophish has a management model that displays a good dashboard. You can see the number of employees who received the link, those who opened it, those who clicked it, and more. I really appreciate this feature.

    Gophish is very easy to use and user-friendly. I deployed it in less than 30 minutes. It is a platform that is one of the best because you can deploy it in less than 30 minutes. You can find appliances on the internet that are ready to use.

    What needs improvement?

    The improvement I want to be made to Gophish is at the DNS level. When a user receives the link and clicks on it, I want to get feedback to confirm exactly whether the user clicked on the link or not. That is one point on which I want Gophish to be improved.

    For how long have I used the solution?

    I have been using Gophish for 4 months.

    What other advice do I have?

    I recommend that others use Gophish because it is a tool that is very easy to set up and open-source. I have no suggestions about Gophish, as it is satisfactory for my needs.

    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    Last updated: May 15, 2026
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Gophish Report and get advice and tips from experienced pros sharing their opinions.
    Updated: July 2026
    Product Categories
    AWS Marketplace
    Buyer's Guide
    Download our free Gophish Report and get advice and tips from experienced pros sharing their opinions.