Run Phishing Simulations for $37/Month Instead of $30,000/Year
Published: (January 15, 2026 at 06:39 PM EST)
1 min read
Source: Dev.to
Source: Dev.to
Overview
Most enterprise phishing simulation tools charge $3‑5 per user per year.
For a 10,000‑person company, that’s $30,000‑$50,000 annually.
We run unlimited simulations on a $37/month Azure VM.
GoPhish is an open‑source phishing simulation framework that has been around for 10+ years, with over 10,000 installations, and is MIT licensed. I’ve been maintaining the core repository and handling issues since early 2018.
You can:
- Create realistic phishing campaigns
- Track who opens, clicks, and submits credentials
- Measure improvement over time
- Import thousands of targets via CSV
The problem? Vanilla GoPhish lacks enterprise basics: no MFA, no encryption at rest, no audit logging.
Features
| Feature | Why It Matters |
|---|---|
| MFA/TOTP | Your admin panel shouldn’t be a security hole |
| SSO (Google/Microsoft) | One‑click login for your team |
| AES‑256 encryption | Stored credentials aren’t plaintext anymore |
| Audit logging | SIEM export for compliance |
| White‑label branding | Your logo, not ours |
| One‑click deployment | Azure/AWS in ~5 minutes |
Setup
- Create an Ubuntu 24.04 VM from the GoPhish 0.14.2 public image on Azure (Standard_B2s = $37/month).
- Retrieve the auto‑generated admin password from the Azure Serial Console.
- Log in at
https://:3333.
The provided setup script configures:
systemdservices- TLS certificates
- Ubuntu hardening
Cost Comparison
| Solution | Approx. Annual Cost (10,000 users) |
|---|---|
| KnowBe4 | ~$30,000 |
| Proofpoint | ~$40,000 |
| Cloud‑hosted GoPhish | ~$3,600 |
| Self‑hosted GoPhish | ~$360 |
Same capabilities, a fraction of the cost, and your data stays on your infrastructure.
Links
- GitHub:
- Azure Marketplace: Search for “GoPhish” or “HailBytes”
Questions? Drop them in the comments.