Phishing Club icon
Phishing Club icon

Phishing Club

Phishing Club is an open source, self hosted platform for phishing simulations and authorized red team phishing. Organizations install it on their own servers with a single command or through Docker, so every campaign and all the data it gathers stay in house.

Phishing Club screenshot 1

Cost / License

Platforms

  • Self-Hosted
  • Docker
1like
1comment
0articles

Features

Phishing Club News & Activities

Highlights All activities

Recent activities

Phishing Club information

  • Developed by

    DK flagPhishing Club
  • Licensing

    Open Source (AGPL-3.0) and Free product.
  • Pricing

    One time purchase ranging between $4000 and $8000, and / or subscription ranging between $339 and $794 per month.
  • Written in

  • Alternatives

    12 alternatives listed
  • Supported Languages

    • English

AlternativeTo Category

Security & Privacy

GitHub repository

  •  225 Stars
  •  30 Forks
  •  0 Open Issues
  •   Updated  
View on GitHub

Popular alternatives

View all

Our users have written 1 comments and reviews about Phishing Club, and it has gotten 1 likes

Phishing Club was added to AlternativeTo by hackeronni on and this page was last updated .

Comments and Reviews

   
jecoseeck
0

its best free opensource app for phishing training

Review by a new / low-activity user.

What is Phishing Club?

Phishing Club is an open source, self hosted platform for phishing simulations and authorized red team phishing. Organizations install it on their own servers with a single command or through Docker, so every campaign and all the data it gathers stay in house.

From the web console, operators build email and landing page lures, load targets from CSV or sync them over SCIM, group recipients, and schedule sends around working hours over SMTP or an OAuth capable API. As campaigns run, dashboards, per user event timelines, and automatically emailed PDF reports reveal who clicked, who reported the message, and who keeps falling for it. Multi tenancy lets service providers keep separate clients apart, and the admin area is protected by MFA and single sign on.

For offensive work it adds reverse proxy and remote browser phishing, session capture to bypass weak MFA, content and URL rewriting, page obfuscation, and JA4 and geo based access controls.

Official Links