Default: admin / admin123 — change after first login

Security Dashboard

Platform overview — key metrics at a glance

Loading stats…
🕐 RECENT ACTIVITY
Loading…
📧 ACTIVE CAMPAIGNS
Loading…
📊 QUICK INSIGHTS
Loading…

Campaigns

Manage your phishing simulations

Loading…

Analytics & Risk Insights

Campaign performance, delivery funnels, risk scoring, and social engineering intelligence

📬 EMAIL DELIVERY FUNNEL
🎣 ATTACK VECTOR EFFECTIVENESS
Open / Click / Submit rate per campaign — identify which themes are most effective
📋 PER-CAMPAIGN BREAKDOWN
Loading…
📊 RISK SCORE DISTRIBUTION
Score formula: Opens×1 + Clicks×3 + Submissions×5 — shows population risk spread
⏱ TIME-TO-COMPROMISE
How quickly users click after email delivery — shorter = higher risk reflex behaviour
🏢 DEPARTMENT SUSCEPTIBILITY MATRIX
Heat-map by click rate — darker red = higher susceptibility. Hover for details.
🔁 REPEAT OFFENDERS
Users who repeatedly engage with phishing simulations — prioritise for targeted awareness training
Loading…
⚠️ RISKY USERS LEADERBOARD
Sorted by composite risk score. Users at the top should be prioritised for security awareness training.
Loading…
📖 RISK SCORE METHODOLOGY
+1
Email Opened
Tracking pixel loaded — indicates curiosity or low vigilance
+3
Link Clicked
Visited the phishing page — higher-risk behaviour, poor link judgement
+5
Credentials Submitted
Entered data on fake login page — highest severity, immediate training needed
−2
Reported as Phishing
User flagged the email — positive security awareness behaviour

New Campaign

Configure your phishing simulation

⚡ QUICK START FROM TEMPLATE
Campaign Details
Email Configuration
The realistic fake page shown when a target clicks the phishing link. Tracking URLs use the Public Base URL set in ⚙️ Settings.
Placeholders: {{name}} · {{phishing_link}} · {{phishing_link|Verify My Account}} (custom button text) · {{tracking_pixel}}
⏰ Schedule & Auto-Stop (Optional)
📌 Leave both fields blank to create a Draft — you can launch or schedule it manually from the campaign detail page.
Set a future date/time to auto-launch. Leave blank for manual launch.
Hours after launch to auto-complete. Leave blank to run indefinitely.

Campaign

Campaign Info
Delivery Funnel

Launch the campaign to see funnel data.

Targets (0)
Loading targets…

🛡️ Risk Engine

Three-signal employee risk scoring — Simulation · Gateway Telemetry · Breach Intelligence

Department Risk Heatmap
Employee Risk Scores

Settings

Infrastructure, email gateway, AI engine, and user management

🌐 INFRASTRUCTURE — PUBLIC SERVER URL
📌 This is the most important setting. Every tracking link inside phishing emails (open pixel, click tracker, fake login page) is built from this URL. Set it to your public ngrok / VPS address so external targets can reach them. Leave as http://localhost:8000 only for local testing on the same machine.
No trailing slash. Examples:
• Local testing → http://localhost:8000
• ngrok free → https://abc123.ngrok-free.app
• VPS → http://YOUR.SERVER.IP:8000
NGROK — FREE PUBLIC URL
1. Download ngrok.com
2. Run: ngrok http 8000
3. Copy the https://…ngrok-free.app URL
4. Paste it above & Save
VPS — STABLE OPTION ($5/mo)
DigitalOcean / Linode / Vultr
Upload PhishSim, run start.bat equivalent
Use http://YOUR.IP:8000
Best for multi-day campaigns
SCHEDULER STATUS
Checking…
📬 EMAIL GATEWAY (SMTP)
💡 PhishSim uses these credentials to send phishing emails to your campaign targets. Recommended free option: Brevo (brevo.com) — 300 emails/day, no credit card needed.
e.g. smtp-relay.brevo.com · smtp.mailjet.com · smtp.gmail.com
587 (TLS/STARTTLS) · 465 (SSL) · 25 (plain, often blocked)
Usually your account email address
For Brevo: use the SMTP key from Settings → SMTP & API
Shown as the sender name in the target's inbox
Must match your SMTP account's verified sender address
🚀 DON'T HAVE SMTP YET? FREE SETUP WITH BREVO
STEP 1 — CREATE ACCOUNT
Go to brevo.com → Sign up free
No credit card · 300 emails/day
STEP 2 — GET SMTP KEY
Inside Brevo:
Settings → SMTP & API
Copy the SMTP Key
STEP 3 — FILL THE FORM
Host: smtp-relay.brevo.com
Port: 587 · Username: login email
Password: SMTP Key from Step 2
STEP 4 — SAVE & TEST
Click Save then Test Connection
Green = ready to send campaigns
🤖 AI ENGINE — LLM CONFIGURATION
💡 Configure an AI language model to auto-generate phishing email templates from a short description. Choose from Anthropic Claude, OpenAI GPT, or Ollama (free, runs locally).
Ollama runs locally and is free. Anthropic and OpenAI require an API key.
Select provider first
Default: http://localhost:11434
STEP 1 — INSTALL OLLAMA
Go to ollama.com
Download & install for Windows/Mac/Linux
It runs as a local service on port 11434
STEP 2 — PULL A MODEL
Open terminal and run:
ollama pull llama3.2
or ollama pull mistral
STEP 3 — SAVE & TEST
Click Refresh Models to load installed models
Select a model, click Test Connection
Then use 🤖 Generate on Templates page
👥 USER ACCOUNTS
Loading users…
🔐 SSO / MFA — INTEGRATION GUIDE
OIDC / OAuth2 SSO
Google, Azure AD, Okta via OpenID Connect.
pip install authlib python-jose
Add /api/auth/oidc/* routes in auth.py
TOTP / MFA
TOTP 2FA (Google Authenticator compatible).
pip install pyotp qrcode
Add totp_secret to User model + setup endpoint.
SAML 2.0
Enterprise: Okta, ADFS, PingIdentity.
pip install python3-saml
Requires xmlsec1 system library.
🔍 CURRENT ARCHITECTURE STATUS
Checking…
🐳 PLATFORM-NEUTRAL DEPLOYMENT — DOCKER
Docker makes PhishSim run identically on Windows, macOS, Linux, any cloud provider (AWS, GCP, Azure, Hetzner, DigitalOcean), or on-premise. One docker compose up command starts everything.
📄 docker-compose.yml
services:
  phishsim:
    build: .
    ports: ["8000:8000"]
    volumes:
      - ./data:/app/data
    environment:
      - DB_URL=postgresql://...
    restart: unless-stopped

  db:
    image: postgres:16-alpine
    volumes:
      - pgdata:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: phishsim
      POSTGRES_USER: phishsim
      POSTGRES_PASSWORD: changeme

volumes:
  pgdata:
📄 Dockerfile
FROM python:3.12-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install -r requirements.txt
COPY backend/ .
EXPOSE 8000
CMD ["uvicorn", "main:app",
     "--host", "0.0.0.0",
     "--port", "8000",
     "--workers", "4"]
🚀 Deploy Steps
1. Install Docker & Docker Compose
2. Copy project to server
3. docker compose up -d
4. Configure Nginx reverse proxy
5. Get SSL via Let's Encrypt
6. Set base_url in Settings → Infrastructure
🗄️ DATABASE — SQLITE → POSTGRESQL FOR SCALE
Current: SQLite
✅ Zero setup — works out of the box
✅ Perfect for: 1 server, <500 targets/run
⚠️ Single writer — no horizontal scaling
⚠️ Not suitable for concurrent high-load campaigns
Recommended: PostgreSQL
✅ Handles thousands of concurrent requests
✅ Multiple app workers can share one DB
✅ Proper connection pooling
✅ Full-text search, JSONB for extra_data

Migration: Change database.py connection string:
postgresql+psycopg2://user:pass@db:5432/phishsim
Install: pip install psycopg2-binary
⚡ LOAD CAPACITY — ARCHITECTURE BY SCALE
ScaleTargetsSetupDatabaseWorkersCost/mo
Small 1 – 500 Single VPS (2 vCPU, 2 GB RAM) SQLite 2–4 uvicorn workers ~€4–8
Medium 500 – 5,000 VPS (4 vCPU, 8 GB RAM) + PostgreSQL PostgreSQL 4–8 workers + Gunicorn ~€15–30
Large 5,000 – 50,000 Docker Swarm / K8s, managed PostgreSQL Managed PG (RDS/Supabase) Horizontal (N app containers) ~€50–120
Enterprise 50,000+ K8s + async email workers (Celery/Redis) PG cluster + read replicas Auto-scaling pods ~€200+
📮 HIGH-VOLUME EMAIL SENDING — ASYNC WORKERS
CURRENT (SYNC)
Emails sent one-by-one inside the API request.
Suitable up to ~200 targets/campaign.
Times out for large campaigns.
RECOMMENDED: CELERY + REDIS
pip install celery redis
Move SMTP send to async tasks.
Scale workers independently.
Handles 50,000+ emails/hour.
NGINX REVERSE PROXY
Nginx in front of uvicorn handles SSL termination, static file serving, and rate limiting — protects from load spikes.
CONNECTION POOLING
Add pool_size=20, max_overflow=40 to SQLAlchemy engine in database.py for high-concurrency tracking.
☁️ RECOMMENDED CLOUD PROVIDERS — COST vs SCALE
🏆 Hetzner Cloud
€4–8/mo
Best price/performance ratio. EU data centres. CX11 (2 vCPU/2 GB) handles up to 1,000 targets/campaign.
DigitalOcean
$6–12/mo
Excellent docs, managed PostgreSQL add-on, one-click Docker. Good for 500–5,000 targets.
Linode / Akamai
$5–10/mo
Reliable, global datacenters, generous bandwidth. Similar to DigitalOcean at slightly better rates.
AWS / GCP / Azure
$15–50+/mo
Enterprise-grade. Use when compliance (SOC2, ISO27001) or internal corporate policy requires hyperscalers.
✅ CAMPAIGN APPROVAL WORKFLOW

When enabled, campaigns must be approved before launch. Approvers receive an email with one-click Approve/Reject links — no PhishSim login required.

Each approver receives an individual email with a unique one-click link.
📋 PENDING APPROVALS
Loading…
🔔 NOTIFICATION CHANNELS

Send structured alerts to Slack, Teams, generic webhooks, and/or email for key platform events.

Uses the SMTP server configured on the SMTP tab.
EVENT SUBSCRIPTIONS
🔏 TAMPER-PROOF AUDIT LOG

SHA-256 hash chain — every record links to the previous one. Any modification is immediately detectable.

Loading…
🌐 THREAT INTELLIGENCE FEED CONFIGURATION

Connect to open-source threat intelligence feeds. OpenPhish and URLhaus are free with no API key. AlienVault OTX and PhishTank require free registration.

Register free at otx.alienvault.com
Register free at phishtank.com
Optional. Enables GPT-4o-mini to generate novel phishing templates from live threat trends. ~$0.01/template.
📬 REPORT-PHISHING MAILBOX INTEGRATION

Automatically capture employee phishing reports from a dedicated mailbox (e.g. report-phishing@company.com). PhishSim polls the inbox every few minutes and fires a Reported event for any email matched to an active campaign. Supports standard IMAP and Microsoft Graph API (Exchange Online / M365).

IMAP Connection
For Gmail: use an App Password (Google Account → Security → App Passwords)
Polling Behaviour
Recent Poll Log
No polls yet.

🌐 Threat Intelligence

Live threat indicator feeds from OpenPhish, URLhaus, AlienVault OTX and more

Loading…
Loading…
🧠 AI-GENERATED TEMPLATES FROM THREAT TRENDS

Templates are generated based on current threat intelligence trends. Promote them to the Template Library to use in campaigns.

Loading…

🤖 Autonomy Engine

AI-driven campaign proposals, adaptive difficulty, auto-enrolment, and security leaderboard

📋 CAMPAIGN PROPOSALS

The autonomy engine monitors threat intel, risk levels, and schedule gaps to propose targeted campaigns. Review and accept or reject each proposal.

Loading…
🎓 TRAINING ENROLMENTS

Employees are automatically enrolled in targeted training modules when they click or submit in a simulation.

Loading…
🏆 SECURITY AWARENESS LEADERBOARD

Monthly leaderboard ranking employees by security awareness score. Lower risk + more reports = higher rank.

Loading…

Email Templates

Reusable phishing email templates — pick one to start a campaign instantly

Loading templates…

New Template

Template Details
Email Configuration
Placeholders: {{name}} · {{phishing_link}} · {{phishing_link|Verify My Account}} (custom button text) · {{tracking_pixel}}