For the moment, I have nothing to suggest about Gophish; the application works very well and it offers many features. As you progress, you discover more and more options. I chose a rating of eight because there are always options to add and there are always upgrades that will be made.
Analista de TI at a educational organization with 1,001-5,000 employees
Real User
Top 10
May 18, 2026
I think that Gophish could be improved, but currently, all the functionalities it has and all the types of platforms that can be implemented are very interesting. For my part, I would not see any improvement. I would like to add nothing else about possible improvements, even if they are minor details or suggestions for the future.
Ingénieur en Sécurité at a tech vendor with 501-1,000 employees
Real User
Top 10
May 17, 2026
I think Gophish could be improved with a user-level function, meaning if the person is strong or weak, we send more or fewer awareness emails, and rely on real attacks in order to be able to create a template by itself. I have covered everything regarding the necessary improvements or points that could make Gophish even more effective in my view.
Especialista em Cibersegurança at a security firm with 5,001-10,000 employees
Real User
Top 10
May 17, 2026
I believe that Gophish can be improved by increasing the number of possible integrations. However, the main point would be to make Gophish modular in relation to the campaigns that are carried out in order to allow it to be used not only in pentests or phishing pentests but also in Red Team Operations. For that, there is a need to make it more targeted and to configure stealth features.
Senior Offensive Security Engineer at a computer software company with 1,001-5,000 employees
Real User
Top 10
May 16, 2026
For Gophish, there is a lack of integration with MFA and cookie captures that are more advanced attack methods. I have recently had to loop in Gophish with Evil GINX, which helps to capture the MFA and the sessions as well, so I think it could be improved from that aspect.
IT Secur IT Y at a manufacturing company with 11-50 employees
Real User
Top 20
May 15, 2026
The improvement I want to be made to Gophish is at the DNS level. When a user receives the link and clicks on it, I want to get feedback to confirm exactly whether the user clicked on the link or not. That is one point on which I want Gophish to be improved.
Gophish is an open-source phishing toolkit aimed at simplifying the creation and execution of phishing campaigns for cybersecurity professionals.Designed to cater to organizations seeking to enhance their security awareness, Gophish offers a streamlined process for launching phishing simulations. It provides a customizable environment, allowing users to simulate real-world phishing scenarios efficiently. With its user-friendly interface, even those with limited technical skills can easily...
For the moment, I have nothing to suggest about Gophish; the application works very well and it offers many features. As you progress, you discover more and more options. I chose a rating of eight because there are always options to add and there are always upgrades that will be made.
I think that Gophish could be improved, but currently, all the functionalities it has and all the types of platforms that can be implemented are very interesting. For my part, I would not see any improvement. I would like to add nothing else about possible improvements, even if they are minor details or suggestions for the future.
I think Gophish could be improved with a user-level function, meaning if the person is strong or weak, we send more or fewer awareness emails, and rely on real attacks in order to be able to create a template by itself. I have covered everything regarding the necessary improvements or points that could make Gophish even more effective in my view.
I believe that Gophish can be improved by increasing the number of possible integrations. However, the main point would be to make Gophish modular in relation to the campaigns that are carried out in order to allow it to be used not only in pentests or phishing pentests but also in Red Team Operations. For that, there is a need to make it more targeted and to configure stealth features.
For Gophish, there is a lack of integration with MFA and cookie captures that are more advanced attack methods. I have recently had to loop in Gophish with Evil GINX, which helps to capture the MFA and the sessions as well, so I think it could be improved from that aspect.
The improvement I want to be made to Gophish is at the DNS level. When a user receives the link and clicks on it, I want to get feedback to confirm exactly whether the user clicked on the link or not. That is one point on which I want Gophish to be improved.