Technical Documentation
Enterprise-grade security awareness platform with multi-channel phishing simulation capabilities.
Create and manage sophisticated email phishing simulations with dynamic templates, pixel tracking, and real-time analytics.
Multi-provider SMS campaign support with Twilio, AWS SNS, and MessageBird integration for mobile security testing.
Credential capture pages with website cloning, form automation, and post-submission redirect capabilities.
Comprehensive reporting with per-target tracking, geo-location, event timeline, and PDF export functionality.
Role-based access control, AES-256 encryption, audit logging, and CSRF protection built into every layer.
Webhook support with HMAC-SHA256 signing for seamless SIEM/SOAR integration and automated workflows.
Layered architecture designed for scalability, maintainability, and security.
The platform follows separation of concerns with clear boundaries between layers. Dependency injection enables loosely coupled components. Event-driven design with asynchronous processing ensures scalability. Security is built into every layer from the ground up.
Modern, battle-tested technologies chosen for performance and security.
Native goroutines for concurrent campaign processing. Compiled binary with minimal memory footprint (<50MB). Single binary deployment without external dependencies. Strong typing with compile-time error catching.
SMS providers: Twilio, AWS SNS, MessageBird, SMPP protocol. Email: Any SMTP server with TLS support. Webhooks: Custom HTTP endpoints with HMAC signing. SIEM: Event forwarding for security monitoring.
func StartCampaign(campaign *Campaign) { // Create worker pool for concurrent sending workerPool := NewWorkerPool(10) for _, target := range campaign.Targets { workerPool.Submit(func() { SendEmail(target, campaign.Template) TrackEvent(target, "sent") }) } workerPool.Wait() }
21 specialized modules working together to deliver comprehensive functionality.
| Module | Description | Key Features |
|---|---|---|
campaign |
Email campaign management | Scheduling, tracking, results aggregation |
sms_campaign |
SMS/Smishing campaigns | Multi-provider, delivery tracking, replies |
template |
Email template engine | Variables, HTML/text, attachments |
sms_template |
SMS template system | GSM-7/Unicode, segment calculation |
page |
Landing page builder | Credential capture, website cloning |
group |
Target management | CSV import, segmentation, profiles |
smtp |
SMTP profile management | TLS, authentication, connection testing |
webhook |
Event notifications | HMAC-SHA256, custom endpoints |
user |
User & role management | RBAC, API keys, sessions |
license |
License management | Activation, validation, limits |
RESTful API with consistent patterns and comprehensive documentation.
// API Key Authentication (Header) Authorization: Bearer <api_key> // Session-based Authentication (Cookie) Cookie: session=<session_token>
Enterprise-grade security measures implemented at every layer.
Session-based auth with secure cookies. API key authentication for programmatic access. bcrypt password hashing.
Role-Based Access Control (RBAC) with granular permissions. Three levels: View, Modify, System.
AES-256-GCM for data at rest. TLS 1.2+ enforced for data in transit. PBKDF2 key derivation.
Token-based CSRF protection on all state-changing operations. SameSite cookie attributes.
Server-side validation. SQL injection prevention via parameterized queries. XSS protection.
Comprehensive logging of all user actions. IP tracking. Tamper-evident storage. Compliance reports.
Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block Content-Security-Policy: default-src 'self' Referrer-Policy: strict-origin-when-cross-origin
Flexible deployment models for various enterprise requirements.
Self-contained executable with embedded assets. No external dependencies. Simply download and run on any platform.
Official Docker image available. Docker Compose for multi-service deployments. Kubernetes-ready with Helm charts.
AWS, Azure, GCP compatible. Terraform modules available. Auto-scaling and load balancing support.
| Requirement | Minimum | Recommended |
|---|---|---|
| CPU | 1 vCPU | 2+ vCPUs |
| Memory | 512 MB RAM | 2 GB RAM |
| Storage | 1 GB | 10 GB SSD |
| OS | Linux, macOS, Windows | Ubuntu 22.04 LTS |
Memory footprint: <50MB | API response time: <100ms | Concurrent users: 1000+ | Email capacity: 10K/hour