Sign in
Sign in
or
Create a new account
Agent Mode
Categories
Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

GoPhish Cloud - Enterprise Phishing Simulation Platform

HailBytes

Reviews from AWS customer

3 AWS reviews

External reviews

1 review
from

External reviews are not included in the AWS star rating for the product.

    reviewer2808624

Targeted phishing drills have strengthened staff awareness and reduced risky email behavior

  • April 16, 2026
  • Review provided by PeerSpot

What is our primary use case?

I worked with Gophish for more than two years, mainly for internal phishing awareness campaigns and user security training. My main use case with Gophish is conducting internal phishing simulation exercises to measure employee awareness and improved response behavior.

For one of the clients, we used to push internal phishing simulation awareness training to more than 5,000 employees. We simulate phishing simulation tickets with Gophish, and we use it for simulated phishing campaigns and security awareness exercises, measuring the click rates, identifying the higher-risk departments, training the users on suspicious emails, and reporting campaign results to management.

In one real campaign, we conducted a targeted user test with a fake password expiry email template similar to common real-world phishing tactics. The campaign was internal and controlled; some users clicked the link while others reported it to the cybersecurity and SOC team. This gave us useful insights into which team required more awareness training, and it even indicated who is an insider risk for our organization. After follow-up training, the click rate was reduced noticeably with this campaign.

The feedback was more valuable than just giving awareness presentations. This is how we are using Gophish.

What is most valuable?

The best features Gophish offers, in my opinion, are easy campaign creation, quick phishing awareness exercise setup, good reporting, and custom templates. We can show how many people opened, clicked, reported, and interacted with the phishing email template. It is also open-source and very cost-effective, making it useful for budget-conscious organizations. It has custom templates that allow us to simulate realistic phishing scenarios and improve awareness, helping convert theory into measurable training.

What needs improvement?

Only two things I can tell you about room for improvement are the user interface and the template library. The user interface can be made more modern as it is still a traditional type of UI. The template library could benefit from more ready-made, modern templates and the opportunity for others to create some.

The user interface can be improved with a more modern design, and the template library can come up with different versions. It is a very strong awareness testing tool, especially because it is open-source, but enterprise reporting and the user interface can be improved. I chose nine out of ten because the user interface can be improved, and for that reason I am choosing nine. Also, enterprise reporting is a required feature, which leads to these two reasons for my score.

For how long have I used the solution?

I have more than three years of experience working in my current field.

What do I think about the stability of the solution?

Gophish is stable overall when it is hosted properly. It is next-level and a very good solution.

What do I think about the scalability of the solution?

Scalability is also good for small and medium environments, though larger enterprises may need more planning. Organizations should think carefully before choosing Gophish if they are in the enterprise space. It is good for small and medium environments, but larger enterprises may need more planning.

How are customer service and support?

I have never contacted customer support for Gophish, but the community-driven support due to it being open-source is good. Overall, it is adequate, but I have not spoken to any customer support from Gophish. I am also unsure about the rating since I have never interacted with them.

Which solution did I use previously and why did I switch?

We have not switched from another solution, but we were using KnowBe4 for one of our tools, as well as Cofense FishMe for some other client, and we are also using Microsoft Attack Simulation training from the Microsoft Defender Office 365 E5 license.

What was our ROI?

I have seen a return on investment as it reduces phishing risk, improves awareness without expensive platforms, delivers measurable training results, and lowers the likelihood of user-caused incidents. These are the best returns on investment I have noticed.

What's my experience with pricing, setup cost, and licensing?

Pricing, setup costs, and licensing for Gophish are taken care of by a very senior analyst, but I know that it is cost-effective. Since it is open-source, it is very cost-effective and minimal.

Which other solutions did I evaluate?

Before choosing Gophish, I evaluated other options including KnowBe4, Cofense FishMe, Microsoft Attack Simulation training from the E5 license, and also Proofpoint awareness tools.

What other advice do I have?

Gophish is one of the most practical tools for organizations wanting affordable phishing awareness testing. It helps to build a stronger human firewall. Gophish is a practical tool for organizations looking for end-user phishing awareness training on a minimal budget, and for advice, I will tell you that awareness is key. I gave this product a rating of nine out of ten.

    Pentest27

Better than KnowBe4

  • October 27, 2021
  • Review from a verified AWS customer

This instance is my go-to method for performing phishing campaigns. It's easy to just spin up an instance and get started without dealing with the complications of other phishing simulators. I've been using Gophish for a few years now and couldn't be happier with the newest update and the product support from David.

    Box

Great instance

  • October 14, 2021
  • Review from a verified AWS customer

So we've been using their instance for well over a year, great support! highly recommend for those that need something better than know b 4 and micorsoft security phishing with a million more options with their API support

    Gophisher1.0

Do not recommend

  • March 03, 2021
  • Review from a verified AWS customer

The server runs well, but when you look under the hood, it's an expensive hourly license for a simple Docker installation. Supposedly the support is worth it, however I could not get anyone on the line.

Because docker proxy already occupies ports 80 and 443, it was difficult to add a certificate (e.g. with letsencrypt). Tried to call the support line quite a few times to resolve this but could never get someone the line.

showing 1 - 4