
Flexphish is a flexible and modular phishing framework designed for security professionals, red teams, and researchers to simulate real-world phishing campaigns in controlled environments. It allows controlled testing of phishing scenarios by creating realistic login pages and capturing interactions for analysis, it provides a modern architecture with support for custom templates, campaign management, and traffic monitor, making it ideal for penetration testing, awareness training, and development of phishing simulations.

This guide explains how to download, install, and run Flexphish using pre-built binaries or from source.
You can download the latest stable release from GitHub:
https://github.com/P0cL4bs/flexphish/releases
Pre-built binaries are available for multiple platforms, including:
Each release includes compiled binaries and release notes describing changes, improvements, and fixes.
Follow the steps below to quickly get Flexphish running on Linux.
wget https://github.com/P0cL4bs/flexphish/releases/download/flexphish_vx.x.x_linux_amd64.zip
unzip flexphish_vx.x.x_linux_amd64.zip
cd flexphish
chmod +x flexphish
./flexphish
████
██████████████
█████▓▓▓▓▓▓█████
███▓▓▓▓▓▓░░▓▓███ ██████ ▄▄ ▄▄▄▄▄ ▄▄ ▄▄ ▄▄▄▄ ▄▄ ▄▄ ▄▄ ▄▄▄▄ ▄▄ ▄▄
███▓▓▓▓▓▓▓██▓▓▓███ ██▄▄ ██ ██▄▄ ▀█▄█▀ ██▄█▀ ██▄██ ██ ███▄▄ ██▄██
████▓▓▓██▓▓██▓▓▓████ ██ ██▄▄▄ ██▄▄▄ ██ ██ ██ ██ ██ ██ ▄▄██▀ ██ ██
███▓▓▓██▓▓██▓▓▓███ version 1.3.1
███▓▓▓████▓▓▓███ The ultimate Red Team toolkit for phishing operations.
█████▓▓▓▓▓▓█████
██████████████ [built for linux amd64]
████ by: @mh4x0f (PocL4bs Team - 10 Years Anniversary
)
[+] Campaign server running on http://0.0.0.0:8001
[+] API server starting on 0.0.0.0:8088
[+] Dashboard running on http://0.0.0.0:8000
Flexphish allows user management directly from the command line.
To create a new user:
./flexphish -create-user \
-email admin@example.com \
-password StrongPassword
After starting the server, you can access:
If you prefer to build Flexphish from source:
git clone https://github.com/P0cL4bs/flexphish.git
cd flexphish
go mod tidy
go build -o flexphish
make frontend
./flexphish
Full documentation is available in the docs/ directory:
docs/development.md - Local development setup
docs/nginx-cloudflare-setup.md - Production deployment
docs/templates.md - Template structure and behavior of phishing pages
Flexphish templates define the structure and behavior of phishing pages used in campaigns.
They are built using YAML configuration files combined with HTML pages and static assets, allowing the creation of highly realistic and customizable phishing flows.
A template flow is responsible for:
Templates are executed sequentially, step-by-step:
username → password → 2FA → redirect
Full documentation: docs/templates.md
If you encounter a bug, have a feature request, or need help, please open an issue on GitHub:
https://github.com/P0cL4bs/flexphish/issues
This project is licensed under the Apache License 2.0
This tool is intended for educational purposes and authorized security testing only.
The author is not responsible for any misuse or damage caused by this software.
Users are responsible for complying with applicable laws and regulations.
$ claude mcp add flexphish \
-- python -m otcore.mcp_server <graph>