Phishing Simulation That Shows Real Risk
40+ templates, automatic training enrollment for clickers, and full funnel metrics.
Manage Campaigns at a Glance
Create, launch, and track phishing campaigns from a single dashboard.
Phishing Simulation
Create campaigns, import targets, and track credential submission rates.
Q2 Security Awareness
ActiveMicrosoft 365 Password Reset
IT Dept - Slack Phish
ActiveSlack Workspace Invite
Q3 DocuSign Test
DraftDocuSign Signature Request
Everything You Need to Test Your Team
From template selection to credential capture to remediation training -- all in one platform.
40+ Branded Templates
Realistic phishing emails mimicking Slack, Microsoft 365, Google Workspace, Zoom, Dropbox, DocuSign, and more. 31 SVG brand logos embedded as MIME attachments so they display in every email client.
Full Funnel Analytics
Track every stage: emails sent, opened (tracking pixel), links clicked, pages loaded, and credentials submitted. Cross-campaign comparison tables and per-employee drill-downs.
Auto-Enroll in Training
Employees who fail phishing tests are automatically enrolled in Security Awareness, GDPR, or HIPAA training. Passwordless login, completion tracking, and downloadable certificates.
Funnel Analytics Across All Campaigns
Visualize exactly where employees fall in the phishing funnel -- from email delivery to credential submission.
Engagement Funnel
Campaign Comparison
| Campaign | Targets | Click Rate | Submit Rate |
|---|---|---|---|
| Q2 Security Awareness | 142 | 24% | 8.5% |
| IT Dept - Slack Phish | 28 | 32% | 10.7% |
| Finance - Invoice Scam | 85 | 18% | 4.7% |
Realistic Email Templates
Choose from 40+ professionally crafted templates across 6 categories -- or create your own with the HTML editor.
Microsoft 365 Password Reset
From: [email protected]
Subject: Action Required: Password Expiring
Slack Workspace Invite
From: [email protected]
Subject: You have a new workspace invitation
DocuSign Signature Request
From: [email protected]
Subject: Please review and sign this document
How It Works
Choose a template
Select from 40+ branded phishing templates across 6 categories -- password resets, shared documents, IT alerts, invoices, HR, and social -- or build your own with the HTML editor.
Import targets
Upload a CSV of employee emails or add them manually. Verify your sender domain via DNS TXT record, configure the target login page, and send a test email to yourself first.
Launch campaign
Send phishing emails with embedded tracking pixels and unique click tokens. Our reverse proxy serves the actual login pages and captures submitted credentials (hashed, never stored in plaintext).
Analyze and train
Review funnel analytics and per-employee results. Employees who clicked or submitted credentials are auto-enrolled in training. Track completion and generate compliance certificates.
Built for Security Teams
Every detail designed to make phishing simulations realistic, measurable, and actionable.
Domain Verification
Verify sender domains via DNS TXT record before launching campaigns. Metric Tower enforces domain ownership so phishing emails come from domains you control -- preventing abuse and improving deliverability.
Credential Capture Proxy
A Go-based reverse proxy serves realistic login page clones. Submitted credentials are hashed immediately -- never stored in plaintext. Track submission events without exposing actual passwords.
Template Categories
Templates are organized into Password Reset, Shared Document, IT Alert, Invoice/Finance, HR, and Social categories. Each includes realistic sender addresses, subject lines, and branded HTML with embedded SVG logos.
Custom Template Editor
Build your own phishing templates with the HTML editor. Use merge tags for personalization, preview rendered output in real-time, and test with a single click before going live.
Launch Phishing Simulations That Reveal Real Risk
Choose from 40+ SaaS-branded email templates, track who opens, clicks, and submits credentials with full funnel analytics, and auto-enroll employees who fail into training. Domain verification, a Go-based credential capture proxy, and no external tools required.