About Us

We turn an attacker's perspective into measurable employee training.

PhishGun is built by Haxoris, an offensive security team that breaks into systems for a living. We turn that attacker perspective into realistic simulations and practical employee training.

Talk to the teamVisit Haxoris
  • 01Built by offensive-security practitioners
  • 02Focused on measurable behaviour change
  • 03European data hosting and privacy-first design

Credentials

Built by ethical hackers

PhishGun is engineered by the offensive security experts at Haxoris, who help secure companies every day.

Offensive Security Certified ProfessionalOSCPCertified Information Systems Security ProfessionalCISSPCertified Ethical HackerCEHOffensive Security Web ExpertOSWECertified Red Team OperatorCRTOCertified Cloud Security ProfessionalCCSPAWS Certified Security - SpecialtyAWS SecurityeLearnSecurity Mobile Application Penetration TestereMAPT

Our mission

Awareness should be measurable, respectful, and actually useful

Most awareness tools are either heavy enterprise suites or generic content libraries. We built PhishGun for the security teams in between - the ones who need real behaviour change without the operational overhead.

  • Realistic simulations grounded in current attacker tradecraft.
  • Employee training that respects time and avoids public shaming.
  • Compliance-ready evidence for NIS2, ISO 27001, and DORA programs.
  • Lean tooling for security teams without a dedicated awareness admin.

Our vision

A world where every team can prove they are phish-resistant

We believe security awareness should be a continuous, measurable program - not an annual compliance checkbox. Our vision is to give every security team, regardless of size, the tools to build genuine resilience against phishing.

  • Continuous awareness programs, not annual compliance theatre.
  • Behaviour metrics that prove people can spot and report phishing.
  • Tools that scale from a 50-person team to a global enterprise.
  • Transparent reporting that earns trust with leadership and auditors.

How we work

The principles behind the product

These principles guide what we build, how we run simulations, and how we partner with the security teams using PhishGun.

Attacker realism

Scenarios reflect what we see in real engagements, not stale templates from a generic content library.

Privacy by design

Collect what is needed to measure behaviour. Keep program reporting focused, proportionate, and defensible.

Positive reinforcement

Reward reporting and teach missed indicators. No public shaming, no punitive workflows.

Operational safety

Controlled landing pages, clear admin visibility, and realistic but safe content for every campaign.

Get in touch

Want to talk to the team behind PhishGun?

Whether you are a security leader, MSP partner, or just curious about the project, we are happy to chat.