Gophish Reviews

My primary use case for Gophish is using it extensively for anti-phishing campaigns and awareness campaigns with employees. I believe it is an excellent tool to train users against phishing emails and awareness in general, as well as to understand how users are behaving when they receive a phishing email, if they end up clicking on that email, if they click on the links in that email, and if they end up entering information. I am able to have that level of granularity with Gophish.

The best features that Gophish offers are the ability to track these metrics in a detailed way. This includes the number of emails sent, the number of emails opened, the number of emails that were opened and had the link accessed, the number that had information entered, and the users who reported that email as phishing. The ability to customize this email as well, making it more professional-looking and less like a phishing email, is valuable. You can parameterize it using HTML, CSS, and some basic JavaScript, and you can do some cool things such as pointing to a link. In my case, I used a staging infrastructure and I was able to deploy what I needed, which was an authentication screen. I basically made a form with username, password, and a login button, actually simulating logging into the corporate system. You can format this entire email and much more. With this tracking, you can also send various campaigns in a targeted way. If you want to target, say, the sales team, support, development, the board of directors, HR, and human resources, and so on, you have that capability. I think Gophish is a fantastic tool that, at least for my use case, worked perfectly.

Gophish had a positive impact on my organization because I was able to run awareness campaigns, measure and present the data to the board, and also do more targeted work with users who were, let's say, more careless with entering sensitive information. Gophish itself gives us these metrics directly. The number of emails sent, opened, links clicked, information entered, and emails reported are all available directly through Gophish. Based on these metrics, I processed them and put them into an executive report, which I presented to the board so that we could also move forward with other layers of security and improvements, mainly focused on users.

Gophish can be improved in that it is an open-source solution and there is a bottleneck issue related to sending emails. You basically have to provide an external service and set up a connection to actually send the emails. You need a third-party service to make this connection so that you can actually use the full capabilities of Gophish. This part specifically is really complex and difficult. I think there could be options within Gophish itself that allow you to handle this in a more streamlined way. Of course, Gophish is a tool more obviously geared toward the IT team that will do all the configurations and create all the pages and contexts. However, the email-sending part, where I needed to use an external service, is a bottleneck that the development team could look into regarding how it might be improved.

I think Gophish could natively include templates for use in campaigns because you currently have to develop the whole campaign yourself. If you also had some pre-built email templates, maybe with the ability to integrate some AI agent, that would be an interesting feature as well. I believe the main improvement would be the inclusion of templates that you can use as pre-built models so you can get started faster with Gophish and also address the email-sending issue.

I have been using Gophish for about two years.

Gophish is stable.

The scalability of Gophish is very good, and I was impressed with it.

Gophish's customer support is not something I investigated deeply since it is an open-source solution. Of course, you have the community on GitHub and many ways to research. There is also Gophish documentation, which I saw exists. However, Gophish is a very intuitive tool, so it does not raise major questions. I did not need any support from their team.

There is no licensing cost, and because Gophish is open source, it gives you the flexibility to customize the tool itself the way you want. I do not give it a 10 because it is missing some refinements. For example, having some templates already available so you can get started faster would be helpful. Sometimes having ways to integrate email sending directly with some of the more popular services would also be useful, or enabling you to do everything you need directly on the platform without needing, as I did in my case, a third-party service for mass email sending.

Gophish is deployed in my organization in a public cloud. I use AWS as my cloud provider. I did not acquire Gophish through the AWS Marketplace.

I have seen a return on investment with Gophish because I was able to run a phishing-awareness campaign in a cost-effective way. That is, I did not need to spend money on licenses or invest time in developing a technology or solution for this. The benefits were practically immediate. I configured and customized everything in about two days. Obviously, it was not two full days; it was part of one day and part of the next to configure and customize everything I needed. The return was very high. I was able to generate an executive report, present it to the board with an action plan, and then execute that action plan, which was to guide employees, especially focusing on those who fell for the phishing.

My experience with Gophish regarding pricing, setup costs, and licensing is that because it is an open-source tool, I did not have any costs related to licensing with it.

Before choosing Gophish, I did look at SaaS solutions on the market and ready-made solutions. However, since the nature of the solution is phishing awareness campaigns, it is understood that I am not going to be doing this every month because otherwise users will say they already know this is phishing. When a real phishing attack comes, they might actually be more likely to fall for it. I believe it has to be targeted; you have to catch users by surprise. I do it periodically, but not on fixed intervals, that is, not exactly every two months or every three months, but every certain period of time I end up using Gophish.

My advice to others who are thinking about using Gophish is that, especially in my context, which is a small company with about 50-plus employees, you should take into account the users' skill level and maybe run awareness campaigns even beforehand, informing users in advance, and then after some time, plan the execution and how you will actually use Gophish. I believe it will meet many of the scenarios that exist in the market today, at least for small companies. For small companies with about 10 to 50 employees, it works perfectly. Below that, you can still use it, but if you have very few employees, perhaps direct interaction or even creating an email yourself and sending it to the user to see if they will click on it or not, might even be faster. If you think about a very small team, you may not have any IT person at all. If it is a very large company, maybe a commercial solution will deliver more features that might be interesting for large enterprises. You have to analyze each situation based on your objectives and what you expect from the solution and what your goals are. If you want to run an awareness campaign, as in my case, and know your users' level of whether they are likely to click on the link, report it to the IT team, enter information, and especially what you do after completing the campaign, I think that is essential. You can get these metrics and deliver everything that is needed. I would rate my overall experience with Gophish as a 9 out of 10.

My main use case for Gophish is for penetration testing on cybersecurity with phishing links and others. We used Gophish to test the mindset of different users in the company. We used Gophish to send intrusion links and links by email, for example, links supposedly from sites they visit or related to their Facebook or Instagram account.

We determined the number of people who clicked on the link, those who reported it before clicking on the link, and those who did not click on the link. It was a survey campaign that we conducted after an awareness session that we carried out with the different users of the company.

The best features offered by Gophish stand out to me as most valuable because we can design virtual sites for intrusions, especially with cybercrime testing with phishing awareness. We have a backlog where we can monitor the number of links clicked and the number of links not clicked.

These elements are useful to me with Gophish because we actually understand the mindset of users after the awareness session, whether they have already absorbed the advice that was given to them. Through the phishing and penetration testing we conducted, Gophish has had a major positive impact on my organization, especially in my department, because we were able to find out whether the different users already understood the concept of phishing.

For the moment, I have nothing to suggest about Gophish; the application works very well and it offers many features. As you progress, you discover more and more options. I chose a rating of eight because there are always options to add and there are always upgrades that will be made.

I have been using Gophish for a month.

One piece of advice I give to those who need to use Gophish is to be patient and read extensively. If necessary, even follow user manuals to better grasp Gophish's functionality.

Gophish is a good structure and a good technological innovation that deserves to be studied and much better known by the world because not everyone knows Gophish. Gophish is good and the structure is solid. I gave this product a rating of eight out of ten.

My main use case for Gophish is to create phishing campaigns and to test, mostly for phishing simulation across organizations. I create custom templates when I set up those phishing campaigns, and I also set up the campaign according to the departments.

One of the best features I like in Gophish is the site importation feature that allows you to import sites by simply pasting the URL of any existing landing page in order to automatically get the HTML and CSS content, a clone of it.

Another feature I find valuable is the built-in credential harvesting feature which allows you to harvest credentials when it comes to your phishing simulations.

Gophish has really improved security awareness in my organization. As we conduct phishing simulations, we also make sure we conduct awareness training alongside them. After the phishing simulation that we do, with the results that we get, we make sure we do the necessary remediations and take the necessary actions. For instance, if we realize that a particular person is a victim to the phish test that we conducted, what we do is educate the person and train the person so that the person becomes aware of phishing and aware of their security, and also helps them have some form of knowledge when it comes to their security.

I cannot give exact numbers, but what I can say is there has been a reduction in phishing. There has been a reduction in interaction with phishing emails, so most people have become aware now. Whenever they see a phishing email, they really know that it is a phishing email based on certain features that we have taken them through in order for them to identify whether an email is phishing or not. We have made them aware and also utilized the tool in order to help them have a feel of how it works in the real world. We taught them features such as typo-squatting and many other techniques.

I wish you could add AI features to Gophish, because since AI is a new thing, I think leveraging it in the tool is going to help a lot. It is going to make work easier and faster, for instance, when it comes to setting up the phish.

An improvement that could be done would be expanding the tool beyond phishing, adding other multi-channel attacks such as deepfake voice scams, vishing, or smishing. Adding other features when it comes to social engineering would be beneficial.

Although the tool is very good, I think there could be some improvements, especially when it comes to leveraging AI for testing and also when it comes to the expansion beyond email phishing.

I have been using Gophish for about two years now.

Gophish is very stable and highly stable.

Gophish is highly scalable and very scalable.

I have never reached out to customer support before. What I normally do is research, sometimes read the documentation, or sometimes go through some YouTube videos to find my way around things instead of contacting support directly. If I do everything that I have already said and it does not work out, the next thing I tend to do is contact customer support. As of now, I have never contacted customer support before.

Another tool that I have used was Evilginx, but I did not switch. I think I like using Gophish because it is a lot simpler, simple to use, and simple to set up.

For others looking into Gophish, my advice to them is for them to really start using it. They should not be wasting time on planning. As long as they have the mentality that they are going for Gophish, they should just start using the tool and stop planning. This is because the tool is very great. When it comes to scalability, when it comes to setting up phishlets, everything has been made simple. I think, especially for those who are now starting with phishing, this would be a great start because you can clone other websites easily and do many other actions easily. Setting up a campaign is also very simple. Gophish has made the user experience very easy for its users, and that is a good thing. I rate this product a nine out of ten.

I am using Gophish for awareness training for my employees in my company. My main use case for Gophish is because it is easy to set up, easy to use, and very user-friendly.

I really appreciate using Gophish. I was offered many platforms, but I chose Gophish because it is open-source. With open-source software, there are modifications you can add so you can use it in your own way. Gophish is open-source and non-paid, which provides cost savings for the company. According to the summary, 3% of my employees are aware and the other 97% are not aware. This has made it easier for me to create a report on how the users in my organization use the internet in terms of security.

Gophish has a management model that displays a good dashboard. You can see the number of employees who received the link, those who opened it, those who clicked it, and more. I really appreciate this feature.

Gophish is very easy to use and user-friendly. I deployed it in less than 30 minutes. It is a platform that is one of the best because you can deploy it in less than 30 minutes. You can find appliances on the internet that are ready to use.

The improvement I want to be made to Gophish is at the DNS level. When a user receives the link and clicks on it, I want to get feedback to confirm exactly whether the user clicked on the link or not. That is one point on which I want Gophish to be improved.

I have been using Gophish for 4 months.

I recommend that others use Gophish because it is a tool that is very easy to set up and open-source. I have no suggestions about Gophish, as it is satisfactory for my needs.

I have been using Gophish for a year. My main use case for Gophish is awareness campaigns for staff. A specific example of how I use Gophish in a campaign for staff is that I create fake internal-use pages and send them to collaborators' emails to see if they fall for the tests.

The best features that Gophish offers are that it has an easy-to-use platform and that it also has documentation to guide you through the implementation.

The ease of use and the documentation have helped me in my daily work with Gophish because, having zero experience with this platform, by looking up the documentation and having an easy-to-use interface, it was much easier for me to learn and implement it in the organization.

Gophish has positively impacted my organization by finding security gaps among our collaborators, and we found people who did not know or did not understand security. This platform helped us to be able to train collaborators about phishing after the tests.

I think that Gophish could be improved, but currently, all the functionalities it has and all the types of platforms that can be implemented are very interesting. For my part, I would not see any improvement. I would like to add nothing else about possible improvements, even if they are minor details or suggestions for the future.

I have been working in my current field for two years.

I consider Gophish to be stable.

I consider the scalability of Gophish interesting; it is a platform on which you can increase the number of staff and the number of platforms to run tests on, as well as the number of independent tests I can perform.

I have not needed customer support for Gophish so far.

I did not use any other solution before implementing Gophish; it was the first time it was implemented, so this platform was used.

Before choosing Gophish, I did not evaluate other options; it was an idea that came up after finding this platform.

I have seen a return on investment with Gophish, as indicated by the savings in implementation time and the responses we had to measure the awareness of the collaborators.

My experience with the price, implementation cost, and licensing of Gophish is that personally, I have used the open platform, so we have not had to pay anything yet.

My advice to other professionals who are considering using Gophish is that it is a platform for people who are just starting out and do not have the resources and also do not have knowledge. It is an excellent platform to start with and learn about the world of awareness campaigns for collaborators. It is an easy-to-use, stable platform; it can be set up on different platforms, whether Windows or Linux, and it is easy to use since it has an integrated interface that is very easy to use and it has no cost. Gophish would be an interesting platform to start testing awareness platforms for phishing campaigns. I would give this platform a rating of 10.

I use Gophish to run fake awareness campaigns with our clients. Everything is framed and I use the product to send emails, get reporting, and then present the results afterward.

The objective of the campaign I carried out with Gophish was to determine the level of maturity of employees and staff. So the goal is to send an email to everyone and see the percentage of people who fall into the trap.

We analyze the results of these campaigns by going back with the same data but for different companies to see whether the alerts are being followed.

The best features that Gophish offers include importing an Excel CSV file to import all the users and creating a web page directly from the feature in the product.

Importing users was made much easier for me with Gophish, and the same applies for web pages, as it was very convenient.

Gophish has had a positive impact on my organization because it is open source, so it is free. The product is easy to get started with, and likewise the campaigns are very quick to prepare.

The time savings I noticed thanks to Gophish are exceptional. You can create templates.

I think Gophish could be improved with a user-level function, meaning if the person is strong or weak, we send more or fewer awareness emails, and rely on real attacks in order to be able to create a template by itself.

I have covered everything regarding the necessary improvements or points that could make Gophish even more effective in my view.

It has been six years since I began working in my current field.

I would say Gophish is stable based on the only campaigns I have been able to run a few months ago.

In my context, Gophish is scalable enough to handle an increasing number of users or campaigns because I have not had any slowdown when adding user groups.

There is no support for Gophish because it is open source, so I have not needed to contact assistance or technical support for this tool.

We have no contact with Gophish aside from being a customer.

I was not using another product before Gophish.

I have noted time savings in the preparation of campaigns since I started using Gophish.

I did not evaluate any competing solution because Gophish was the product that was already there when I arrived.

The time savings I noticed thanks to Gophish are exceptional.

I find Gophish advantageous since it is open source, so there is no price or installation costs.

I did not evaluate any competing solution because Gophish was the product that was already there when I arrived.

I do not know what advice to give to a company that is considering using Gophish regarding points to watch out for or anticipate. My overall rating for this product is 8 out of 10.