Gophish

An open-source phishing simulation toolkit for businesses and penetration testers to conduct security awareness training campaigns.

Default Credentials

• Username: admin
• Password: auto-generated on first run — check the container logs for the initial admin password

What You Can Do After Deployment

1. Visit your domain on port 3333 — log in to the admin console
2. Create sending profiles — configure SMTP settings for sending phishing emails
3. Build email templates — design realistic phishing emails with the built-in editor
4. Create landing pages — build credential capture pages to track user interactions
5. Launch campaigns — send simulated phishing emails to target groups
6. Track results — monitor email opens, link clicks, and credential submissions in real-time
7. Generate reports — export campaign results for management review

Key Features

• Web-based campaign management console
• Email template editor with HTML support
• Landing page builder for credential capture
• Real-time campaign tracking and analytics
• User and group management
• Campaign scheduling
• REST API for automation
• Embedded SQLite database (zero configuration)

License

MIT — GitHub