wcrooker

wcrooker / PhishHook

Public

A modern GoPhish fork with improved tracking accuracy and smarter detection.

86
11
69% credibility
Found Feb 05, 2026 at 56 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Go
AI Summary

PhishHook is an enhanced open-source phishing simulation tool with evasion features to block security scanners while capturing real user interactions for authorized red team training.

How It Works

1
🔍 Discover PhishHook

You hear about a tool that lets security teams run realistic phishing tests that fool email scanners.

2
📥 Get it running

Download and launch it quickly on your computer or server with simple setup.

3
🛡️ Add smart defenses

Connect your website and turn on bot blockers that let real people through but stop automated checkers.

4
✉️ Build your test

Create convincing fake emails and login pages using easy templates.

5
👥 Choose your group

Pick people or teams to test from your contact lists.

6
🚀 Send the campaign

Hit launch and watch emails go out smoothly.

7
📊 See real reactions

Track opens, clicks, and logins only from actual humans, with clean reports free of bot noise.

Perfect training results

Review accurate data to improve your team's phishing defenses.

Sign up to see the full architecture

6 more

Sign Up Free

Star Growth

See how this repo grew from 56 to 86 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is PhishHook?

PhishHook is a Go-based fork of GoPhish, an open-source phishing framework for authorized red team simulations. It tackles noisy campaign metrics by filtering automated scanners like Microsoft Safe Links through Cloudflare Turnstile challenges, behavioral telemetry (mouse movement, time-on-page), and IP blocking, delivering cleaner tracking accuracy and detection of real user interactions. Automatic Let's Encrypt SSL and full API compatibility make it drop-in ready for production phishing servers.

Why is it gaining traction?

Unlike vanilla GoPhish, PhishHook adds layered evasion—header stripping, rate limiting, and JS-based human validation—that keeps bots from inflating opens/clicks, giving pentesters reliable data. Its modern config.json tweaks for Turnstile and behavioral rules, plus Docker/Ansible deploys, appeal to ops-heavy teams seeking smarter, low-false-positive tracking without rebuilding from scratch. The focus on professional red teaming, with a clean modern GitHub README, draws security devs tired of polluted results.

Who should use this?

Red team operators and pentest engineers running phishing awareness campaigns need accurate human-vs-bot distinction. Security consultants simulating enterprise attacks against EOP/Defender will value the Microsoft IP blocks and telemetry. Avoid if you're new to GoPhish or need broad community support—it's for experienced users customizing forks for high-stakes engagements.

Verdict

Solid enhancement for GoPhish users prioritizing evasion and precision, but with only 75 stars and a 0.699999988079071% credibility score, treat it as experimental—test thoroughly in isolated environments. Great for niche red teaming if docs and config examples fit your workflow.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.