Frequently Asked Questions

What is Phishing Club?

Phishing Club is a free, open source phishing simulation platform designed for organizations, security teams, and red team professionals. Unlike cloud-based solutions, it runs entirely on your infrastructure, giving you complete control over sensitive data and scaling capabilities.

How can I get started?

Phishing Club is available as open source software, which means you can download and use it freely. Simply download the software from our website and follow the installation guide to get started.

What are the system requirements?

Minimum requirements include 1 CPU core (64-bit), 1 GB RAM, and a Linux distribution. We recommend 2 CPU cores and 2 GB RAM for better performance. For detailed requirements, visit our user guide.

What do I need to run phishing simulations?

To run effective phishing simulations, you need:

• A server to deploy and run campaigns from
• SMTP server (self-hosted or third-party) - dedicated IP recommended
• IT/Development team that can create and execute campaigns
• Domain name for hosting phishing pages

What delivery options are available?

Phishing Club supports multiple delivery methods:

• SMTP server integration
• API-based delivery for custom workflows
• Self-managed delivery for manual distribution
• Webhook integrations for automation

How is data stored and protected?

All data is stored locally on your infrastructure. We never have access to your data or usage statistics. The application uses SQLite database with WAL mode for campaign data, results, and configurations. Assets, attachments, and certificates are stored as files on disk.

OPSEC & External connectivity concerns?

The only outbound connection made by Phishing Club is to check for new releases on GitHub. This can be configured or disabled if needed for sensitive environments or air-gapped deployments.

Does it support SSO integration?

Yes, we support Microsoft Entra ID (Azure AD) tenant integration for seamless authentication and user management within your organization.

How does licensing work?

Phishing Club uses a dual licensing model:

• Open Source: Free and open source for most use cases
• Commercial License: Available for organizations that need commercial licensing terms

Commercial licenses are available with updates and support included.

Are there limits on campaigns or recipients?

No, we don't impose artificial limits. You're only limited by technical constraints such as your infrastructure capacity, LetsEncrypt rate limits, and similar technical factors. Scale as much as your infrastructure allows.

Is Phishing Club open source?

Yes, Phishing Club is available as open source software. This means you can use, modify, and distribute the software freely. For organizations that need commercial licensing terms, we also offer commercial licensing.

What support is available?

We provide email support for commercial license holders. Open source users can access community support through our documentation and user community.

Can I import existing templates?

Yes, our template variables are compatible with GoPhish, making migration straightforward. You can also import templates, pages, and assets using our import functionality.

Can security providers use Phishing Club for clients?

Absolutely! As an open source platform, security providers can deploy Phishing Club for unlimited clients without licensing fees. You maintain complete control over client data and can customize the platform to meet specific requirements.

What is the Phishing Template Workbench?

The Phishing Template Workbench is a developer-focused environment for creating, testing, and refining phishing simulation templates. It provides preview capabilities, variable substitution testing, responsive design testing, and asset management - all designed to streamline your template development workflow.

How does the Template Workbench help with development?

The workbench allows you to preview templates with realistic test data, see how variables like {{.FirstName}} and {{.Email}} are substituted, test responsive layouts across device sizes, and export templates ready for deployment in Phishing Club or GoPhish.

Do I need the Template Workbench to create templates?

No, the Template Workbench is optional but highly recommended for development efficiency. You can create templates manually, but the workbench significantly speeds up the development process with features like live preview, variable testing, and built-in example templates for inspiration.

Do you support non-profit organizations?

Yes! Non-profit organizations can use Phishing Club as open source software at no cost. Additionally, non-profit organizations working on causes we support may be eligible for complimentary commercial licensing and enhanced support.

If you represent a non-profit organization focused on education, healthcare, human rights, environmental protection, or other beneficial causes, we'd love to hear from you. Please reach out with details about your organization and mission.

How do I apply for enhanced non-profit support?

To apply for our non-profit commercial licensing program, please email us at [email protected] with:

• Your organization's name and mission statement
• Official non-profit documentation or registration
• Description of how you plan to use Phishing Club
• Contact information for a primary representative

We review each application individually and aim to respond within 5 business days. Approved organizations receive commercial licensing and dedicated support at no cost.