Local network phishing simulator — sender spoofing, campaigns, tracking, certificate generation. Local network only.

Compose Email

From Name

From Address

To (comma-separated, local network only)

Subject

Template

HTML Body

Preview

Plain Text Fallback

SMTP Settings

SMTP Host

SMTP Port

TLS

Reply-To

X-Mailer

TLS Cert CN

Create Campaign

Campaign Name Template Targets (one per line)

Import CSV

From Address

From Name

Subject

SMTP Host

SMTP Port

Campaigns

Templates

New Template Name

Select a template

Subject

HTML Body

Preview

Plain Text

Variables: {{name}} {{email}} {{company}} {{date}} {{link}} {{tracking_pixel}}

Landing Pages

Credential harvesting pages. When a target clicks a link and submits the form, credentials are captured and logged.

Built-in Templates

Page Name Redirect URL (after capture) HTML

Variables: {{campaign_id}} {{target_id}} {{email}}

Saved Pages

How to Use

Create a landing page above (or use a built-in template)
In your email template, set {{link}} to point to: /phishmail/lp/PAGE_ID?c=CAMPAIGN_ID&t=TARGET_ID&e=EMAIL
When targets submit the form, credentials appear in the Captures tab

Captured Credentials

Export CSV

Time	Page	Target	IP	Credentials	User Agent

DKIM Key Generation

Generate RSA keypairs for DKIM email signing. Adds the public key as a DNS TXT record automatically if the DNS service is running.

Domain

DKIM Keys

DNS Auto-Setup

Checking DNS service...

Auto-create the zone, MX, SPF, DKIM, and DMARC records for a spoofed domain using the AUTARCH DNS service.

Domain Mail Server Hostname SPF Allow

Authentication Records Checklist

MX — Mail exchange record pointing to your server

SPF — v=spf1 a mx ip4:YOUR_IP -all

DKIM — Public key TXT record at default._domainkey

DMARC — v=DMARC1; p=none; at _dmarc

PTR — Reverse DNS for your IP (requires ISP cooperation)

Content Evasion

Techniques to bypass email content filters and keyword scanners.

Technique Input Text Output

Header Evasion

Randomize email headers and generate spoofed Received chains.

Spoofed Received Chain

Generates fake Received headers to simulate legitimate mail routing.

From Domain Hops

Tips

Use homoglyphs to bypass keyword filters on "password", "urgent", "click"
Zero-width chars break pattern matching without affecting visual appearance
Randomize X-Mailer to avoid fingerprinting
Spoofed Received headers make emails look like they traversed real mail infrastructure
Use DKIM signing + SPF + DMARC to pass authentication checks
Generate certs matching the spoofed domain for STARTTLS

SMTP Relay Server

Status: Checking...

Bind Host

Port

Test SMTP Connection

Host

Port

Certificate Generator

Generate spoofed self-signed TLS certificates for STARTTLS.

Common Name (CN)

Organization (O)

Org Unit (OU)

Country (C)

Gone Fishing Mail Service

Compose Email

Create Campaign

Campaigns

Campaign Details

Templates

Select a template

Landing Pages

Saved Pages

How to Use

Captured Credentials

DKIM Key Generation

DKIM Keys

DNS Auto-Setup

Authentication Records Checklist

Content Evasion

Header Evasion

Spoofed Received Chain

Tips

SMTP Relay Server

Test SMTP Connection

Certificate Generator

Generated Certificates