PhishGun product

The phishing simulation and employee training platform

Run simulations, train employees in the moment, collect employee reports, and prove behaviour change with focused dashboards and audit-friendly evidence.

Request AccessView pricing

Capabilities

Core modules

Each module is designed to work as part of one operating loop instead of a collection of disconnected awareness tasks.

Campaign studio

Build, schedule, and adapt phishing simulations for different regions, roles, and risk profiles.

Template library

Use scenarios inspired by real-world payroll, supplier, invoice, QR, credential, and collaboration-platform lures.

Employee training modules

Deliver short, contextual training that explains missed indicators and reinforces secure behaviour.

Phishing report button

Capture suspicious emails from employees and turn reporting into a measurable security habit.

Training and risk dashboard

Monitor click rate, training completion, report rate, repeat risk, team trends, and campaign impact over time.

Compliance evidence

Export clean summaries for awareness controls, management reviews, and audit conversations.

Simulation engine

Realistic campaigns without manual campaign busywork

Create scenarios that match employee context, then schedule them as a repeatable program instead of one-off tests.

  • Role-based and department-based campaign targeting.
  • Localized lures for different languages, teams, and business patterns.
  • Safe landing pages that explain what happened and why it matters.
PhishGun campaign performance view

Measurement

Readable training and risk metrics for security and leadership

PhishGun separates vanity completion numbers from the behaviours that reduce risk: spotting, reporting, training, and improving.

  • Click, report, training completion, and repeat-risk tracking.
  • Team-level views for targeted intervention and follow-up training.
  • Exportable evidence for compliance and management reporting.
PhishGun trend analytics view

Phishing content

A wide library of templates and advanced scenarios

Pick from a growing collection of public and locally prepared phishing templates - from everyday lures to advanced attacker tradecraft - so simulations stay realistic for every team.

  • Credential harvesting, credit card, invoice, and HR-themed lures.
  • Browser-in-the-browser, OAuth consent, and MFA-fatigue scenarios.
  • Advanced attacker tradecraft like ClickFix and conditional landing pages.
  • Localized template packs adapted to language, region, and industry.
PhishGun template library

Reporting

Audit-ready reports your stakeholders actually read

Turn campaign results into clean, branded reports for leadership, auditors, and partners - without spending hours assembling slides.

  • Branded PDF exports with campaign summaries and risk trends.
  • Compliance-ready evidence aligned with NIS2, ISO 27001, and DORA reviews.
  • Per-team and per-department breakdowns for management reporting.
PhishGun PDF report export

Use cases

One product, many program shapes

PhishGun adapts to the team running the program. Start as a focused phishing simulation and employee training tool and grow into a broader awareness rhythm as the program matures.

NIS2 and ISO 27001 readiness

Show recurring awareness activity, employee participation, and risk trend evidence for management reviews and audits.

SMB and mid-market security

Run a credible phishing simulation and employee training program without buying an oversized enterprise suite or adding a dedicated admin role.

Executive and finance risk

Target high-impact groups with realistic invoice, supplier, payroll, and credential-theft simulations.

Manufacturing and operations

Train mixed desk and frontline employees with concise, localized scenarios that do not rely on long courses.

Remote and hybrid workforce

Reinforce secure behaviour across distributed teams using email, collaboration, QR, and credential scenarios.

Compliance and governance teams

Produce participation, behaviour, and training evidence ready for board, audit, and regulator conversations.

Integrations

Works with the tools your teams already use

PhishGun is designed around common business stacks, with simple paths for identity, email, reporting, and ticketing workflows.

Microsoft 365 logo365
Google Workspace logo

Trust principles

Awareness programs should improve culture, not shame people

PhishGun is built by offensive-security practitioners who understand both realistic attacker behaviour and the trust needed to run awareness programs well.

Privacy by design

Collect the data needed to measure security behaviour while keeping program reporting focused and proportionate.

Positive reinforcement

Reward reporting and teach missed indicators without public shaming or punitive workflows.

Operational safety

Run simulations with controlled landing pages, clear admin visibility, and realistic but safe content.

Compliance support

Produce practical evidence of recurring awareness activity for governance and audit discussions.

Credentials

Built by ethical hackers

PhishGun is engineered by the offensive security experts at Haxoris, who help secure companies every day.

Offensive Security Certified ProfessionalOSCPCertified Information Systems Security ProfessionalCISSPCertified Ethical HackerCEHOffensive Security Web ExpertOSWECertified Red Team OperatorCRTOCertified Cloud Security ProfessionalCCSPAWS Certified Security - SpecialtyAWS SecurityeLearnSecurity Mobile Application Penetration TestereMAPT

Next step

See PhishGun mapped to your use case

Bring your current awareness process, compliance goals, and employee count. The demo will show how PhishGun maps to that reality.

Request AccessEmail info@phishgun.com