Sold by: HailBytes
Deployed on AWS
Free Trial
Enterprise phishing simulation platform. One-click AWS deployment with email integration, campaign management, and analytics.
4
Overview
Deploy Enterprise Phishing Simulation in Minutes
GoPhish Cloud is a fully-managed, enterprise-grade phishing simulation platform that helps organizations test and improve their security awareness posture through realistic phishing campaigns.
What You Get
- Complete phishing simulation platform pre-configured and ready to use
- AWS-integrated deployment with EC2, RDS MySQL (optional), and Amazon SES
- Unlimited phishing campaigns with scheduling and automation
- Advanced analytics dashboard with real-time metrics
- Email template library with customization tools
- Landing page designer for capturing credentials (training)
- REST API for automation and integrations
- Standard support included (3-5 day response) - upgrade available
Perfect For
- Security teams running regular awareness training campaigns
- IT departments testing employee security awareness
- Compliance teams meeting security training requirements
- MSPs delivering phishing simulation services to clients
- Organizations of 50-10,000+ employees
Key Features
Campaign Management
- Create unlimited phishing campaigns
- Schedule campaigns for optimal timing
- Clone and reuse successful templates
- Multi-campaign dashboard
- Historical tracking and trending
Email Capabilities
- HTML email template designer
- Dynamic personalization (name, position, department)
- File attachments support
- Automatic tracking pixels
- Import from existing emails
- Amazon SES integration for high deliverability
Analytics & Reporting
- Real-time campaign metrics
- User interaction tracking (opens, clicks, data submission)
- Detailed timeline views
- Exportable reports (PDF, CSV)
- Trend analysis across campaigns
- Risk scoring by department/user
Integration & Automation
- Complete REST API
- Webhook notifications
- LDAP/Active Directory sync
- SAML/SSO authentication
- CI/CD integration support
Pricing
- $0.24 per vCPU/hour - Simple, transparent pricing
- 2 vCPU minimum, 8GB memory - Right-sized for most organizations
- ~$350/month starting cost - Database, storage, and networking included
- 30-day free trial available - Test with no commitment
- Standard support included - Professional and Enterprise support available as add-ons
Deployment Details
Infrastructure Included
- Compute: EC2 instance (t3.medium or larger)
- Database: RDS MySQL (optional) (DB included in VM)
- Email: Amazon SES integration (separate SES costs apply)
- Storage: EBS volumes for data persistence
- Networking: VPC, security groups, load balancer optional
Setup Time
- 5-10 minutes automated CloudFormation deployment
- Pre-configured security groups and IAM roles
- Production-ready out of the box
- Fully managed infrastructure
Security & Compliance
- SOC 2 Type II compliant infrastructure
- Data encryption at rest and in transit
- Private VPC deployment
- Customizable security groups
- Audit logging enabled
- GDPR/CCPA compliant data handling
Why GoPhish Cloud?
vs. SaaS Phishing Platforms
- 50-70% cost savings vs. KnowBe4, Proofpoint, or Cofense
- Complete data ownership - all data stays in your AWS account
- No per-user licensing - unlimited users included
- Full customization - modify templates, workflows, branding
vs. Self-Hosted GoPhish
- Managed infrastructure - no server administration required
- Pre-configured integrations - SES, RDS, monitoring included
- Automatic updates - security patches and features
- Professional support - expert assistance available
- High availability options - multi-AZ deployments available
Getting Started
- Subscribe on AWS Marketplace (uses your AWS committed spend)
- Deploy using our CloudFormation template (5-10 minutes)
- Configure your first campaign using our template library
- Launch and monitor results in real-time
Support Resources
- Email: support@hailbytes.com
- Documentation: https://hailbytes.com/pages/documentation/
- Product Page: https://hailbytes.com/pages/gophish/
- Support Plans: https://hailbytes.com/pages/support-pricing/
Questions? Visit https://hailbytes.com or email sales@hailbytes.com
Technical Requirements
- AWS account with EC2, RDS, SES permissions
- Minimum: 2 vCPUs, 8GB RAM
- Recommended: 4-8 vCPUs for large organizations (500+ employees)
Highlights
- One-click AWS deployment
- Unlimited phishing campaigns with advanced analytics
- 30-day free trial with Standard support included
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
Ubuntu 22.04
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 30 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
m4.large Recommended | $0.48 |
t3.xlarge | $0.48 |
t3.large | $0.48 |
t3.medium | $0.48 |
t3.2xlarge | $0.48 |
Vendor refund policy
Contact us at david@hailbytes.com if you're unhappy with this product for any reason and we'll resolve your issue.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
HailBytes Security Awareness Training Platform 1.1652
This release marks the transition from "GoPhish Cloud" to the "HailBytes Security Awareness Training Platform" (HailBytes SAT), a fully supported, enterprise-ready commercial distribution.
Versioning has changed accordingly. The previous 0.x series followed the upstream open-source numbering. Going forward, HailBytes SAT uses the format 1.., where the major version is fixed at 1, the minor component reflects total commits in the product, and the patch component is the marketplace build number. The jump from 0.12.3 to 1.1165.53 reflects the cumulative engineering work since the rebrand, not skipped releases.
What's new since 0.12.3:
Editor and content
- Replaced CKEditor 4 with Quill.js v2 for a 90% smaller footprint, removing the unsafe-eval CSP requirement and providing cleaner paste handling
- Pre-built training template library for post-campaign education
- Follow-up group targeting and clicker-group export for remedial training workflows
Enterprise integrations
- Azure AD and Entra ID directory import for one-click target list creation
- SAML SSO fully configurable from the admin dashboard (parity with OIDC); supports Entra ID, Okta, OneLogin, PingIdentity
- Configurable per-campaign send-rate limiting for large campaigns
- Built-in MCP (Model Context Protocol) server with 14 tools for AI-assistant-driven campaign orchestration
Branding and UX
- Dark mode with system-preference detection
- White-label branding with custom logos, colors, and client-facing reports
- Redesigned campaign dashboard with event swimlane, repeat-clicker watchlist, training-vs-click scatter, and department leaderboard
Security
- AES-256-GCM encryption at rest for all PII (names, emails, submitted credentials); credentials are no longer stored in plaintext
- Hardened Content Security Policy with nonce-based script loading
- Comprehensive audit logging (IP, user agent, timestamp, affected resources)
- Strengthened CSRF protection across all form submissions
- Ubuntu 24.04 base image hardened to industry security benchmarks: SSH key-only auth, UFW firewall, unnecessary services disabled
Performance
- Lazy-loaded timeline events for campaigns with 1,000+ targets
- Go 1.24 backend, Bootstrap 5.3.2 frontend
- Optimized campaign-result queries (N+1 reductions)
Infrastructure
- Production-ready AWS Marketplace AMI with automated first-boot setup
- Native ARM64 and AMD64 builds
- Reproducible Packer-based image pipeline with automated smoke testing
Upgrade notes
- New deployments launch directly on 1.1165.53 with no action required
- Existing 0.12.x deployments: launch a new instance from this AMI and migrate your database (schema migrations run automatically on first start). Email templates and landing pages are preserved; only the editor UI changes
- If you maintain custom JavaScript integrations, verify they do not rely on eval() or inline scripts without nonces under the stricter CSP
Known issues
- First boot may take 2 to 3 minutes for services to initialize
- Self-signed SSL certificate warning on first access (expected; replace with a valid certificate)
- CSV imports of 50,000+ rows may take 30 to 60 seconds
Additional details
Usage instructions
HailBytes Security Awareness Training Platform: Getting Started
After launching the AMI:
- Wait 2 to 3 minutes for first-boot services to initialize.
- Open https://<public-ip>:3333/login in your browser. (Self-signed certificate warning is expected on first access. Replace with a valid certificate from Settings > TLS once you have a DNS name.)
- SSH into the instance to retrieve the initial admin password: ssh -i your-key.pem ubuntu@<public-ip> The one-time admin password is printed in the SSH login banner.
- Sign in to the admin UI with username "admin" and that password. You will be prompted to change your password immediately. Use a strong password and store it in a password manager.
Setting up your first campaign:
- Sending Profile: add your SMTP server (AWS SES recommended at email-smtp.<region>.amazonaws.com:587). Use the built-in warming guide to establish sender reputation.
- Email Template: author phishing emails in the Quill.js editor with variable substitution: {{.FirstName}}, {{.LastName}}, {{.Email}}, {{.Position}}, {{.URL}}, {{.TrackingURL}}.
- Landing Page: build credential-capture or awareness pages, or clone an existing site.
- Target Group: add recipients manually, import via CSV, or sync directly from Azure AD or Entra ID.
- Campaign: combine template, landing page, sending profile, and target group; schedule or send immediately. Use per-campaign send-rate limiting for large lists (1,000+ targets).
- Results: monitor opens, clicks, submissions, and reports in the real-time dashboard. Export clicker groups for follow-up training.
Network and ports:
- Admin UI: TCP 3333 (HTTPS), restrict to your admin IP range
- Phishing server: TCP 80 and 443, must be reachable by targets
- SMTP (outbound): TCP 25 and 587, to your SMTP relay (e.g. SES)
- SSH: TCP 22, key-based authentication only
SSO and enterprise integration:
- SAML and OIDC SSO are configurable from Settings > SSO. Supports Microsoft Entra ID, Okta, OneLogin, and PingIdentity.
- Azure AD and Entra ID directory import is available under Users and Groups > Import.
API and automation:
- REST API: https://<public-ip>:3333/api/ with bearer-token auth
- MCP server: https://<public-ip>:3333/api/mcp/ for Claude Desktop, Claude Code, Cursor, Windsurf, and other MCP-compatible clients.
Support:
- Documentation: https://hailbytes.com/docs
- Support hub: https://support.hailbytes.com
- Email: support@hailbytes.com
This product is a legitimate security tool for authorized phishing simulation and security-awareness training. Use only against recipients within organizations where you have explicit written authorization.
Resources
Vendor resources
Support
Vendor support
Support Resources
- Email: support@hailbytes.com
- Documentation: https://hailbytes.com/pages/documentation/
- Product Page: https://hailbytes.com/pages/gophish/
- Support Plans: https://hailbytes.com/pages/support-pricing/
Questions? Visit https://hailbytes.com or email sales@hailbytes.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Proofpoint
By NetSPI
Top
10
In eLearning, Application Stacks
Top
10
In Data Security and Governance
Top
10
In Assessments
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Campaign Management and Scheduling
Supports unlimited phishing campaigns with scheduling, automation, campaign cloning, multi-campaign dashboard, and historical tracking with trend analysis capabilities.
Email Template and Personalization
Includes HTML email template designer with dynamic personalization (name, position, department), file attachment support, automatic tracking pixels, and Amazon SES integration for email delivery.
Analytics and Reporting
Provides real-time campaign metrics with user interaction tracking (opens, clicks, data submission), detailed timeline views, exportable reports in PDF and CSV formats, and risk scoring by department or user.
Integration and Automation
Offers complete REST API, webhook notifications, LDAP/Active Directory synchronization, SAML/SSO authentication, and CI/CD integration support.
Security and Compliance
Implements SOC 2 Type II compliant infrastructure with data encryption at rest and in transit, private VPC deployment, customizable security groups, audit logging, and GDPR/CCPA compliant data handling.
AI-Driven Threat Detection
Utilizes artificial intelligence to detect and prevent advanced email attacks, phishing, credential theft, ransomware, business email compromise, and cloud account takeover threats.
Unified Cross-Channel Visibility
Provides centralized dashboard with holistic view of user interaction and threat telemetry across cloud, email, endpoint, and web channels in a cloud-native interface.
Automated Incident Response
Enables automated remediation and consistent, scalable incident response to sophisticated email attacks with reduced manual triage requirements.
Behavioral and Content Analysis
Correlates user activity, behavior patterns, and content analysis with threat intelligence and data movement to identify and prevent data loss and insider threats in real time.
Data Protection and Privacy Controls
Implements anonymization of user data, content snippet masking, and regional data residency management to protect user privacy while defending against data loss scenarios.
Penetration Testing as a Service
Delivers 50+ pentest types combining security professionals with AI and automation, streamlining workflows and accelerated remediation through proprietary testing frameworks.
Attack Surface Management
Provides continuous visibility into internal and external attack surfaces with contextualized intelligence to discover unknown assets, identify exposure gaps, and prioritize remediation based on real-world risk.
Red Team and Adversary Simulation
Simulates real-world adversaries by chaining vulnerabilities across identity, application, cloud, and infrastructure layers to demonstrate breach scenarios and measure detection effectiveness.
Specialized Security Domain Teams
Dedicated teams specializing in application, cloud, infrastructure, identity, and mainframe security assessments with real-world attacker simulation to prove exploitability and business impact.
AI-Accelerated Security Workflows
Implements AI-accelerated experience that reduces critical security workflows to two clicks or less, enabling faster transition from findings to fixes with real-time reporting and remediation guidance.
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
No security profile
-
-
-
-
-
No security profile
Standard contract
No
No
Customer reviews
Pentest27
Better than KnowBe4
Reviewed on Oct 27, 2021
Review from a verified AWS customer
This instance is my go-to method for performing phishing campaigns. It's easy to just spin up an instance and get started without dealing with the complications of other phishing simulators. I've been using Gophish for a few years now and couldn't be happier with the newest update and the product support from David.
Box
Great instance
Reviewed on Oct 14, 2021
Review from a verified AWS customer
So we've been using their instance for well over a year, great support! highly recommend for those that need something better than know b 4 and micorsoft security phishing with a million more options with their API support
Gophisher1.0
Do not recommend
Reviewed on Mar 03, 2021
Review from a verified AWS customer
The server runs well, but when you look under the hood, it's an expensive hourly license for a simple Docker installation. Supposedly the support is worth it, however I could not get anyone on the line.
Because docker proxy already occupies ports 80 and 443, it was difficult to add a certificate (e.g. with letsencrypt). Tried to call the support line quite a few times to resolve this but could never get someone the line.