GoPhish

1 review

The GoPhish Phishing Framework Certified by HailBytes makes building sophisticated phishing campaigns fast, easy, and affordable. With just a few clicks, you can load in your company's address book, import real emails or templates from our phishing database, import real landing pages or landing pages from our phishing database, and run your campaign to start seeing which of your users are phishing-prone in minutes and train them. Start with a free trial or choose from one of our plans starting at $1.37/hour.

HailBytes Attack Surface Management (ASM) Platform

0 reviews

HailBytes ASM is a self-hosted Attack Surface Management platform purpose-built for pen-test firms, MSSPs, and enterprise security teams that need continuous external reconnaissance without sending sensitive client data to a third-party SaaS. The platform orchestrates 30+ best-in-class open-source security tools, including Subfinder, Amass, Assetfinder, OneForAll, HTTPx, Nmap, Naabu, Nuclei, Dalfox, S3Scanner, FFUF, and Eyewitness, through a multi-phase reconnaissance pipeline. Every subdomain, IP, open port, technology, and finding is correlated in one PostgreSQL 16 database, with WebSocket-driven live scan progress and a severity-ranked triage queue. Key capabilities include multi-tenant project isolation with RBAC and 2FA (so one platform serves every client), scheduled scans with diffed findings, webhook alerts to Slack, Microsoft Teams, Discord, Telegram, and Lark, AI-powered analysis via OpenAI or fully air-gapped Ollama (with NVIDIA CUDA and AMD ROCm GPU acceleration), and a built-in MCP server exposing 16 tools so AI agents like Claude Desktop, Claude Code, Cursor, and Windsurf can run recon campaigns end-to-end. Enterprise features include SCIM 2.0 provisioning, SARIF export for GitHub Code Scanning, Jira, ServiceNow, and PagerDuty ticketing, STIX/TAXII threat-intel sharing, and compliance evidence for 12 frameworks including SOC 2, ISO 27001, HIPAA, and PCI DSS 4.0. HailBytes ASM deploys from the AWS or Azure Marketplace, including Azure Government and AWS GovCloud, on a hardened Ubuntu 24.04 image in under 30 minutes. Pricing starts at $0.24/vCPU/hour with a 30-day free trial. Your account, your data, no vendor lock-in.

HailBytes Security Awareness Training (SAT) Platform

0 reviews

HailBytes SAT is a self-hosted Security Awareness Training and phishing simulation platform built for IT and security teams that want continuous user testing without per-seat licensing or sending employee data to a third-party SaaS. The platform combines realistic phishing simulations with built-in post-click training modules and interactive quizzes, turning every simulated attack into a teachable moment. Organizations using continuous testing with targeted micro-training see successful phishing attacks drop by up to 45%. Key capabilities include unlimited campaigns with no per-user fees, AI-assisted phishing template generation, a full HTML template editor with merge variables like {{.FirstName}} and auto-injected tracking pixels, reusable credential-capture landing pages with version history, and post-click training redirects that send clickers straight into an awareness page with no third-party LMS required. Users and groups can be segmented by department, risk tier, or cohort via CSV import or manual editing. Enterprise features include role-based access control with admin, operator, and read-only roles, MFA/TOTP, SSO/OIDC and SAML authentication, custom branding, API tokens, and detailed audit logs with JSON, CSV, and Syslog export for direct SIEM integration. Any SMTP provider is supported, including AWS SES, SendGrid, Mailgun, or your own mail server, with pre-built sending profiles and an email-warming guide to maximize inbox delivery. HailBytes SAT deploys from the AWS or Azure Marketplace in under 30 minutes on a hardened image you control. Pricing starts at $0.24/vCPU/hour (roughly $4,200/year on the recommended 2 vCPU instance) with a 30-day free trial, typically 70 to 80% less than commercial alternatives like KnowBe4 or Proofpoint. Your account, your data, no vendor lock-in.