MAIL
SNIPER
Phishing Simulations That Get Past Even Your Best Employees
The self-hosted red team platform with AI that generates unique pretexts for every target. No templates. No patterns. No detection.
Built by Red Teamers, for Red Teamers
We've spent years running phishing engagements for major enterprises. MailSniper is the platform we wished existed.
We're a small team of offensive security professionals who believe red team tooling shouldn't require a week of setup or a SaaS vendor with access to your campaign data.
Self-Hosted
Your Infrastructure
Data Privacy
Complete Control
AI-Powered
Smart Personalization
Scale Easily
Self-Hosted License
Why Choose Self-Hosted?
Take Control of Your Red Teaming Operations
The Old Way
- >Generic emails that feel robotic and impersonal
- >Your data stored on third-party servers you don't control
- >Limited customization and rigid templates
- >Expensive monthly fees that scale with your list
The MailSniper Way
AI-Powered, Self-Hosted, Unlimited Potential
- AI writes unique, personalized emails for each recipient
- Your data stays on your servers, always
- Full customization and powerful automation
- One-time license, unlimited campaigns
Built for Offensive Security Professionals
Designed for red teams who need professional-grade tools
Red Team Operators
Run phishing campaigns as part of adversary simulations. Capture credentials and session tokens without stitching together 5 tools.
Penetration Testers
Add social engineering to your engagements. Generate client-ready reports with engagement metrics.
Security Consultants
Offer phishing assessments as a service. White-label ready, self-hosted on client infrastructure if needed.
Internal Security Teams
Test your own employees without sending data to third-party vendors. Keep everything on-premises.
[WARNING] Not for: Security awareness training vendors, marketing teams, or anyone sending unsolicited emails. MailSniper is for authorized security testing only.
Everything You Need
Powerful features to create, send, and track simulation campaigns that get results
AI-Powered Pretexts
Generate unique emails for every target—no templates, no patterns, no risk of detection from repeated content.
- Auto-generate personalized pretexts
- Analyze target writing style
- Real-time campaign insights
Phishing Campaigns
Full campaign lifecycle management with engagement tracking and response monitoring.
- Track opens and clicks
- Monitor responses in real-time
- A/B test before sending
Email Lab
Intelligence From Captured Emails. Import .pst/.mbox archives from previous engagements or OSINT. AI analyzes communication patterns.
- Import email archives
- Chat with the archive
- Multi-language translation
Phishlet
Create phishlet pages and track visitor engagement with real-time activity monitoring.
- Build custom phishlet pages
- Monitor visitor activity
- Track conversions
Integrated Evilginx
Full session hijacking built into the platform. Capture credentials AND session tokens to bypass MFA. One dashboard, zero extra setup.
- Phishlet management built-in
- Unified dashboard
- Session token capture (MFA bypass)
SMTP Management
Full control over your email sending with easy setup, bulk import, and connection testing.
- Easy SMTP configuration
- Import accounts in bulk
- Test connections instantly
Target Lists
Organize and manage your targets efficiently with bulk import and smart segmentation.
- Bulk import contacts
- Organize by groups
- Smart segmentation
Phishlets & Pretexts
Create templates manually or let AI generate them based on your goals and audience.
- AI-powered template creation
- Clone and customize
- Dynamic personalization
Analytics Dashboard
Comprehensive analytics to measure campaign performance and recipient engagement.
- Campaign performance metrics
- Engagement tracking
- Export reports
Credential Harvesting
Capture and organize credentials from your campaigns and phishlet.
- Automatic credential capture
- OAuth support for Gmail & Azure AD
- Organize by campaign
Distributed Monitoring
Run CLIs on different servers in a master-slave model to monitor operations while protecting your main server IP.
- Master-slave architecture
- Real-time monitoring
- Protect main IP reputation
AI That Works For You
Stop wasting time writing generic pretexts. Let AI craft unique, believable emails for each target. Your pretexts will be so convincing, they'll think you wrote them personally.
Pretext Generation
AI writes unique pretexts for every target. No more copy-paste templates. Each email is tailored, contextual, and designed to bypass human skepticism.
Email Lab Chat
Upload target email archives and interrogate them with AI. Extract writing patterns, discover communication styles, and craft pretexts that match their tone perfectly.
Intelligent Search
Search email archives with natural language. Find the exact conversation you need in seconds. No more manual digging through thousands of emails.
Multi-Language Support
Run campaigns in any language. AI translates and localizes pretexts automatically. Supports offline email translation for sensitive information.
// Automate the Operation
Execute AI-powered campaigns that automatically generate unique pretexts for every target. Watch your success rates improve while you focus on what matters.
Scenario: Initial Access Engagement
[ The Brief ]
Client wants to test if employees will click links and enter credentials despite security awareness training.
1. Import targets
Upload employee list from OSINT or client-provided CSV
2. Generate pretexts
AI analyzes target names, roles, and company context to write unique emails. No two employees get the same message.
3. Configure phishlet
Select from pre-built templates (O365, Google, Okta) or build custom. Session tokens captured automatically.
4. Launch campaign
SMTP rotation prevents deliverability issues. Real-time dashboard shows opens, clicks, and credentials.
5. Export report
Client-ready PDF with timeline, statistics, and captured evidence.
Track Everything
Know Exactly How Your Campaigns Perform
Real-time analytics show you opens, clicks, and conversions. Make data-driven decisions to improve every campaign.
Email Opens
Track who opens your emails with pixel tracking and timestamp logging
- Real-time notifications
- Geographic location
- Device & browser info
Link Clicks
Monitor every click with unique tracking links and engagement metrics
- Click-through rates
- Individual link tracking
- Time-to-click analytics
Credentials
Capture and organize credentials from phishlets with session tokens
- Automated harvesting
- Session token capture
- Campaign attribution
Reports
Export detailed reports and visualize campaign performance over time
- CSV/JSON exports
- Performance dashboards
- Historical comparisons
Spoofing Check
Check if a domain is spoofable before launching your campaign. Know your target's defenses upfront.
A/B Testing
Split test different subject lines, content, and sender profiles to optimize your campaigns for maximum engagement.
Built for Scale
Deploy on your infrastructure with complete control. Handle thousands of emails per day with smart account rotation for optimal deliverability.
SMTP Management
Connect unlimited accounts, rotate senders automatically, and test connections in real-time.
Bulk Operations
Import accounts and contacts in bulk. Queue thousands of emails and let automation handle the rest.
Phishlet Pages
Host credential harvesting pages with our modified Evilginx for session token capture.
Distributed Monitoring
Master-slave model where CLIs run on distributed servers controlled by your main server to protect your main IP.
Self-Hosted License
Annual billing
Early Adopter Pricing
First 20 customers: $3,000/year (40% off)
ROI Math: One engagement saved from tool setup time pays for the annual license.
How MailSniper Compares
See how we stack up against other phishing simulation platforms
| Feature | MailSniper | GoPhish | King Phisher | Lucy Security | KnowBe4 |
|---|---|---|---|---|---|
| Self-Hosted Option | — | ||||
| AI Pretext Generation | — | — | — | — | |
| Integrated Evilginx (MFA Bypass) | — | — | — | — | |
| OAuth Phishing (Google & Azure) | — | — | — | — | |
| Session Token Capture | — | — | — | — | |
| Email Lab (Mailbox Analysis) | — | — | — | — | |
| SMTP Rotation & Automation | — | — | — | — | |
| Credential Harvesting | |||||
| Landing Page Builder | |||||
| Real-Time Analytics | |||||
| No Per-User Pricing | — | — | |||
| Red Team Focused | — | — |
Comparison based on publicly available information as of 2024. Features may vary by plan or version.
Frequently Asked Questions
Is this legal?
MailSniper is designed for authorized security testing. You should only use it when you have written permission from the organization you're testing. We include engagement letter templates and recommend documenting authorization for every campaign.
How is this different from GoPhish?
GoPhish is a great open-source tool for basic phishing campaigns. MailSniper adds: AI-powered pretext generation, integrated Evilginx for session capture, OAuth phishing support (Google & Azure AD), automated SMTP rotation, Email Lab for mailbox analysis, and a unified dashboard. Think of it as GoPhish + Evilginx + AI + OAuth + infrastructure automation in one package.
Why $5,000/year instead of monthly pricing?
Red team engagements are project-based. Monthly pricing penalizes you for tools you use intensively for 2 weeks then not at all for 2 months. Annual licensing means predictable costs and no per-seat restrictions.
What does 'modified Evilginx' mean?
We've extended Evilginx with additional phishlet management features, integrated session token storage, enhanced stealth capabilities to evade detection, and built-in protection mechanisms. Everything is unified into the MailSniper dashboard while the core session capture functionality works the same way.
Can I run this on client infrastructure?
Yes. You just need to run the CLI and you're done—no complex setup required.
Do you have SOC 2 / ISO 27001?
Not yet—we're an early-stage startup. However, the self-hosted architecture means your data never touches our infrastructure. We can provide architecture documentation for your security review.
What if I need help during an engagement?
Annual license includes priority support via email and Discord. We typically respond within a few hours during business days.
Is there a trial?
For hands-on training and evaluation, you'll need to use our infrastructure. Contact us to discuss a 30-day evaluation license and we'll set you up with access to test all features.
MailSniper is a platform for authorized offensive security testing. Use of this software for malicious purposes is strictly prohibited. Operators are responsible for ensuring they have appropriate authorization before launching any campaigns.