Phishing AssessmentRSS

Phishing Assessment

Phishing security assessment tools allow you to identify knowledge gaps, the employees who are most likely to fall for scams, and the areas of your organization that are most susceptible to attack. Sophistication in this product space varies greatly, and free/open source tools are few. In the commercial space, often a phishing simulator and computer-based security awareness training are bundled together, so the wayward employee can be immediately "schooled".

Additional Reading and Resources:

How to Run Effective Phishing Assessment and Training Campaigns Employees Don’t Hate - InfoSecurity Magazine

Anti-Phishing Working Group

Jordan Wright
Open Source
Pricing Model

Gophish is an open-source phishing toolkit meant to help pentesters and businesses conduct real-world phishing simulations. It is a phishing framework in the Go programming language, released as compiled binaries with no dependencies.

Modified
Lucy Phishing GmbH
Commercial
Pricing Model

The LUCY Social Engineering Suite and Malware Testing Suite (or CYBERSECURITY CRASH TEST DUMMY) facilitate multiple application areas. They can be used for: – People testing and education – Technology assessments – An inoffensive penetration test sho ...

Modified
LUCY
Brandon McCann
Open Source
Pricing Model

Phishing Frenzy is an Open Source Ruby on Rails application that is leveraged by penetration testers to manage email phishing campaigns. The goal of the project is to streamline the phishing process while still providing clients the best realistic phishi ...

Modified
Adam Compton
Open Source
Pricing Model

SPF (SpeedPhish Framework) is a python tool designed to allow for quick recon and deployment of simple social engineering phishing exercises. SPF includes many features that allow you to quickly configure and perform effective phishing attacks, including ...

ModifiedNever
Open Source
Pricing Model

For phishing, SET allows for sending spear-phishing emails as well as running mass mailer campaigns, as well as some more advanced options, such as flagging your message with high importance and adding list of target emails from a file. SET is Python base ...

ModifiedNever
InfoSec Institute
Online Use Only
Pricing Model

SecurityIQ combines a phishing simulator and computer-based security awareness training in one cloud-based service.

ModifiedNever
Wombat Security Technologies
Service
Pricing Model

ThreatSim attack simulation product provides a phishing-focused security awareness training program. The ThreatSim mock attack system allows you to deliver simulated phishing emails with embedded Teachable Moments, which display targeted "just-in-time tea ...

ModifiedNever
Duo Security
Online Use Only
Pricing Model

Duo Insight is a free phishing assessment tool by Duo Security that allows you to find vulnerable users and devices in minutes and start protecting them right away.

ModifiedNever
MicroSolved, Inc.
Freeware
Pricing Model

A free tool that provides a simple, safe and effective mechanism for security teams and administrators to run their own phishing tests inside their organization. Simply install the application on a server or workstation and create a url email/sms/etc. cam ...

ModifiedNever
Commercial
Pricing Model

Baseline Testing Baseline testing to assess the Phish-prone percentage through a simulated phishing attack.   Train Your Users A large library of security awareness training content; including interactive modules, videos, games, posters and ...

Modified
Kevin Mitnick Security Awareness Training
Commercial
Pricing Model

Simulate Email Threats Teach your users to identify and respond to potential security risks. Select from a selection of real-world threat templates, taken directly from Barracuda’s threat database, and expose your users to the latest email thre ...

Modified
Barracuda Security Awareness Training
Commercial
Pricing Model

The Phished security awareness training platform combines automated phishing simulations with interactive cybersecurity education and threat intelligence.   Fully Automated Phishing Simulations AI-driven phishing simulations are based on individua ...

Modified
Phished
Commercial
Pricing Model

PhishingBox's Phishing Simulator allows organisations to target any employee or group of employees with a simulated spear phishing attack to test their security awareness. The phishing simulator includes a library of templates which are designed to mimic ...

Modified
Phishing Simulator
Commercial
Pricing Model

Phishing Training Designed for People. Built for Enterprise. Cognitive automation enables individual learning paths that motivate people to recognize and report real attacks. 90% of breaches start with email. Focus your training where it's needed most. ...

Modified
Hoxhunt Phishing Training
Commercial
Pricing Model

Prepare every employee with phishing simulations and training Stop dreading the day a phishing attack slips past your cyber defenses. Get the peace of mind from knowing your employees are prepared if it happens. Choose from 1,000+ realistic phishing tem ...

Modified
Infosec IQ Phishing Simulator
King Phisher
Commercial
Pricing Model

King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to ru ...

Modified
King Phisher