Skip to main content

Phishing Assessment

Phishing Assessment

Phishing security assessment tools allow you to identify knowledge gaps, the employees who are most likely to fall for scams, and the areas of your organization that are most susceptible to attack. Sophistication in this product space varies greatly, and free/open source tools are few. In the commercial space, often a phishing simulator and computer-based security awareness training are bundled together, so the wayward employee can be immediately "schooled".

Additional Reading and Resources:

How to Run Effective Phishing Assessment and Training Campaigns Employees Don’t Hate - InfoSecurity Magazine

Anti-Phishing Working Group

Jordan Wright

Gophish is an open-source phishing toolkit meant to help pentesters and businesses conduct real-world phishing simulations. It is a phishing framework in the Go programming language, released as compiled binaries with no dependencies.

Lucy Phishing GmbH

The LUCY Social Engineering Suite and Malware Testing Suite (or CYBERSECURITY CRASH TEST DUMMY) facilitate multiple application areas. They can be used for: – People testing and education – Technology assessments – An inoffensive penetration test sho ...

LUCY
Brandon McCann

Phishing Frenzy is an Open Source Ruby on Rails application that is leveraged by penetration testers to manage email phishing campaigns. The goal of the project is to streamline the phishing process while still providing clients the best realistic phishi ...

Adam Compton

SPF (SpeedPhish Framework) is a python tool designed to allow for quick recon and deployment of simple social engineering phishing exercises. SPF includes many features that allow you to quickly configure and perform effective phishing attacks, including ...

For phishing, SET allows for sending spear-phishing emails as well as running mass mailer campaigns, as well as some more advanced options, such as flagging your message with high importance and adding list of target emails from a file. SET is Python base ...

InfoSec Institute

SecurityIQ combines a phishing simulator and computer-based security awareness training in one cloud-based service.

Wombat Security Technologies

ThreatSim attack simulation product provides a phishing-focused security awareness training program. The ThreatSim mock attack system allows you to deliver simulated phishing emails with embedded Teachable Moments, which display targeted "just-in-time tea ...

Duo Security

Duo Insight is a free phishing assessment tool by Duo Security that allows you to find vulnerable users and devices in minutes and start protecting them right away.

MicroSolved, Inc.

A free tool that provides a simple, safe and effective mechanism for security teams and administrators to run their own phishing tests inside their organization. Simply install the application on a server or workstation and create a url email/sms/etc. cam ...

Baseline Testing Baseline testing to assess the Phish-prone percentage through a simulated phishing attack.   Train Your Users A large library of security awareness training content; including interactive modules, videos, games, posters and ...

Kevin Mitnick Security Awareness Training

Simulate Email Threats Teach your users to identify and respond to potential security risks. Select from a selection of real-world threat templates, taken directly from Barracuda’s threat database, and expose your users to the latest email thre ...

Barracuda Security Awareness Training

The Phished security awareness training platform combines automated phishing simulations with interactive cybersecurity education and threat intelligence.   Fully Automated Phishing Simulations AI-driven phishing simulations are based on individua ...

Phished

PhishingBox's Phishing Simulator allows organisations to target any employee or group of employees with a simulated spear phishing attack to test their security awareness. The phishing simulator includes a library of templates which are designed to mimic ...

Phishing Simulator

Phishing Training Designed for People. Built for Enterprise. Cognitive automation enables individual learning paths that motivate people to recognize and report real attacks. 90% of breaches start with email. Focus your training where it's needed most. ...

Hoxhunt Phishing Training

Prepare every employee with phishing simulations and training Stop dreading the day a phishing attack slips past your cyber defenses. Get the peace of mind from knowing your employees are prepared if it happens. Choose from 1,000+ realistic phishing tem ...

Infosec IQ Phishing Simulator
King Phisher

King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to ru ...

King Phisher