Comparison with Gophish
The most common question about Phishing Club is, if it is a Gophish alternative and how it
compares with Gophish.
Here is a comparison table, it does not contain everything, but
it should be helpful.
| Feature | Phishing Club | Gophish | Comment |
|---|---|---|---|
| Campaigns | |||
| Save submitted data | ✓ | ✓ | |
| MITM/AITM Proxy and cookie capture | ✓ | ✗ | |
| Multiple pages | ✓ | ✗ | Phishing Club offers multiple pages to linked together |
| Custom identifiers | ✓ | ✗ | Phishing Club offers multiple identifiers and is not glued to the rid identifier |
| Auto campaign closing | ✓ | ✗ | Phishing Club offers automaticly closing a campaign at a specific time |
| Auto campaign anonymization | ✓ | ✗ | Phishing Club offers automaticly anonymizatoin of a campaign at a specific time |
| Test campaigns | ✓ | ✗ | Phishing Club offers test campaigns that do not count in analytics |
| Campaign Templates | ✓ | ✗ | Phishing Club uses campaign templates that can be reused in campaigns |
| IP & JA4 Filtering | ✓ | ✗ | Phishing Club has IP and JA4 fingerprint filtering with wildcard support for recipients and optional deny page. |
| Export events | ✓ | ✓ | |
| Export submitters | ✓ | ✗ | |
| Add reporters | ✓ | ✓* | In Gophish you click a button on a user that has reported an email. In Phishing Club you upload a CSV. |
| Scheduling / Delivery | |||
| Tracking pixel | ✓ | ✓ | |
| Calendar | ✓ | ✗ | |
| SMTP delivery | ✓ | ✓ | |
| API delivery | ✓ | ✗ | Phishing Club offers 3. party API delivery instead of emails |
| Time boxed delivery (start/stop time) | ✓ | ✓ | |
| Set distribution speed | ✓ | ✗ | Phishing lets you set how long between it must wait between each send |
| Delivery ordering | ✓ | ✗* | Gophish always sends in the same order |
| Delivery with daily slots | ✓ | ✗ | Phishing Club offers sending on specific weekdays and time slots like work hours |
| Self managed delivery | ✓ | ✗ | Phishing Club offers self managed delivery with the ability to copy both lure urls and rich copying the email before sendind it |
| Re-send | ✓ | ✗ | Phishing Club offers a re-send message that can be used multiple times |
| Analytics | |||
| Global analytics | ✓ | ✓ | |
| Campaign analytics | ✓ | ✓ | |
| Company analytics | ✓ | ✗ | |
| Recipient analytics | ✓ | ✗ | |
| Repeat offender analytics | ✓ | ✗ | |
| Trendlines | ✓ | ✗ | |
| Recipients and groups | |||
| Recipients | ✓ | ✗* | In Gophish recipients only exists as part of a group. |
| Groups | ✓ | ✓ | |
| Import from CSV | ✓ | ✓ | |
| Orphaned recipient managememt | ✓ | ✗ | Phishing has functionality to find and handle orphaned recipient while Gophish saves them in the database with no abillity to see or remove them |
| Editor | |||
| Editor | ✓ | ✓ | Gophish uses a WYSIWYG editor while Phishing uses Monoco (vscode like) editor |
| Load from file | ✓ | ✗ | |
| Syntax highlighting | ✓ | ✗ | |
| Auto complete | ✓ | ✗ | Phishing Club has auto complete for HTML and the Proxy YAML format |
| VIM mode | ✓ | ✗ | |
| Preview | ✓ | ✓* | Phishing Club has enhanced preview functionality such as support for variables and domains switching |
| Load from file | ✓ | ✗ | |
| Clone website | ✗ | ✓ | Gophish offers a 'Import site' feature that can clone simple static websites |
| Domains | |||
| Multiple domains | ✓ | ✗ | Phishing Club supports multiple domains with automatic TLS. Gophish supports a single domain |
| Domain MITM Proxying | ✓ | ✗ | Phishing Club supports proxying domains and replacing content on the fly |
| Website hosting | ✓ | ✗ | Phishing Club offers website hosting and 404 page, or redirection on the root of the domain |
| Custom TLS certificates | ✓ | ✓ | |
| Assets | |||
| Custom assets | ✓ | ✓ | Custom assets in Gophish must be served from the static/ folder while Phishing Club support from the / root folder. |
| Asset management | ✓ | ✗ | Phishing Club has asset management in the administration web UI, while Gophish requires assets manually transfered. |
| Asset variable parsing | ✓ | ✓ | Both allow you to use variables such as {{.FirstName}} in plaintext formats. |
| Administration | |||
| Multi-tenancy (multiple company handling) | ✓ | ✗ | |
| Dark mode | ✓ | ✗ | |
| Update notifications | ✓ | ✗ | Phishing Club has in app update notifications. |
| In app update | ✓ | ✗ | Phishing Club has in app update. |
| Backup | ✓* | ✗ | Phishing Club has quick backup feature but it is not a replacement for rubust backup strategy |
| SystemD service | ✓ | ✗ | Phishing Club has buildin systemd service support |
| Windows support | ✗ | ✓ | Phishing Club does not offically support Windows |
| SQLite Database | ✓ | ✓ | Phishing Club uses WAL mode for improved performance |
| MySQL Database | ✗ | ✓ | Gophish supports MySQL database |
| API and automation | |||
| Webhooks | ✓ | ✓ | |
| API | ✓* | ✓ | The Phishing Club API is undocumented at the moment |
| API Client | ✗ | ✓ | Gophish has python client available |
| Pagination | ✓ | ✗ | Gophish endpoints are not paginated, all pagination is done client side |
| Sorting | ✓ | ✗ | Gophish endpoints are not sorted, all sorting is done client side |
| Searching | ✓ | ✗ | Gophish endpoints do not supported searching, all searching is done client side |
| Security | |||
| Single Sign On | ✓ | ✗ | Phishing Club supports SSO with Microsoft Entra |
| Multi Factor Authentication | ✓ | ✗ | Phishing Club supports TOTP MFA |
| IP allow list | ✓ | ✗ | Phishing Club supports IP restriction on the administration server |
| Session cookie security | ✓ | ✓* | Phishing Club enforces strict same site cookies and IP bound sessions |
| Session overview | ✓ | ✗ | Phishing Club has a session overview with invalidation controls |