Introduction to Phishing Club

What is Phishing Club?

Welcome to the user guide for Phishing Club, a framework for phishing.

This software is most often used by:

  • Red Teams - For initial compromise
  • Organizations - For performing phishing simulation
  • MSSPs - For providing clients with phishing simulation

This guide is a work-in-progress, for now it covers Phishing Club works on the surface level.

If there is anything you can not find a answer to, then please join our chat.

Licensing

Phishing Club is available under a dual licensing model:

  • AGPL v3 License: Free and open source for organizations that can comply with AGPL requirements, which include making source code modifications available to users
  • Commercial License: Available for organizations that prefer proprietary usage without AGPL obligations

All features described in this guide are available in both licensing options. The choice between AGPL and commercial licensing depends on your organization's requirements regarding source code sharing and compliance obligations.

Key Features

Phishing Club provides security testing features:

  • Campaign Management - Create, schedule, and manage phishing campaigns with delivery options and scheduling
  • Recipient Management - Organize recipients into groups, track susceptibility patterns, and manage repeat offenders
  • Templates - Design reusable templates for emails and landing pages with personalization capabilities
  • Domain Management - Configure and manage multiple domains for hosting phishing pages with automatic TLS certificate management
  • Proxy Configurations - Advanced traffic interception and manipulation for realistic credential harvesting from legitimate websites
  • Email Configuration - Set up SMTP or API-based email delivery with sender reputation management
  • Analytics - Track campaign progress with statistics, visual timelines, and reporting dashboards
  • Webhook Integration - Integrate with other systems through webhook notifications for event processing
  • Multi-stage Phishing Flows - Create multi-page phishing scenarios that simulate real-world attack patterns

About This Guide

This guide is designed to help you use Phishing Club, covering installation and setup to campaign configuration and management.

The guide is organized into the following main sections:

  • Software Management - Installation, configuration, updates, and maintenance
  • Dashboard - Understanding the main dashboard interface and key metrics
  • Campaigns - Creating and managing phishing campaigns
  • Recipients - Managing target users, groups, and tracking susceptibility
  • Domains - Setting up and configuring domains for phishing operations
  • Proxies - Advanced traffic interception and credential harvesting configurations
  • Emails - Creating email templates and configuring delivery mechanisms
  • Administration - User management, permissions, and system settings

Getting Started

If you are new to phishing, want to learn and try it out it, we recommending setting up the development enviroment of Phishing Club, it has most things needed to get started. You can find the development setup here.

If you are familiar with Gophish, then skip straight to Quick start and install, then visit this guide if you are in doubt any new concepts like campaign templates, proxies or etc.

If you are looking to familiarize youself with Phishing Club, we recommend the following approach:

  1. System Requirements - Verify your environment meets prerequisites and technical requirements
  2. Installation - Complete the installation process on your server with security configurations
  3. Initial Setup - Configure your administrative account and complete post-installation setup
  4. Dashboard Overview - Familiarize yourself with the interface and navigation
  5. Creating Your First Campaign - Launch your first phishing campaign with step-by-step guidance