Investigate Phishing Emails With Confidence

PhishTool is a forensic analysis platform that helps cybersecurity teams triage, dissect, and resolve reported phishing emails—quickly, accurately, and at scale.

Start InvestigatingCompare Plans
PhishTool Analysis Console Hero Image

Trusted by Analysts Around the World

Real comments from analysts using PhishTool in the field, from Community users to large-scale security teams.

"I am really feeling this @PhishTool!…"

"PhishTool and any.run are two of my daily drivers."

"Top Phishing Email Analysis Tool… 1: PhishTool"

"From Email to Intelligence: How I Investigated a Phishing Email Using PhishTool and Maltego"

"PhishTool is my favorite…"

"…Just completed the "Phishing Analysis Tools" room on TryHackMe!…"

Phishing Reports Waste Time, Until You Have the Right Tool

Analysis Screenshot

Phishing emails are one of the most reported threats—but still one of the hardest to investigate efficiently.

Analysts lose hours digging through headers, decoding links, and jumping between tools that weren’t built for the job. PhishTool changes that. It turns raw emails into structured, forensic investigations—fast. Every header, link, and attachment is parsed and presented for action, so your team can triage faster, respond smarter, and close cases with confidence.

How Does PhishTool Work?

PhishTool slots into your existing workflow—no disruption, no complex setup. Reported phishing emails land in the PhishTool console, where they’re automatically parsed, enriched, and presented for structured investigation. From inbox to insight in seconds.

Email Ingestion

Pull reported emails from anywhere - clients, reporter mailboxes, SIEMs, or API integrations

Forensic Console

Gives analysts a structured view to investigate each report in full context

Automated Parsing

Decodes headers, links, attachments, and metadata—no manual work

Outcome Reporting

Close cases cleanly with automated structured feedback and/or downstream integrations

Pricing

Community

A free forensic analysis tool for individual analysts to investigate reported phishing emails.

Free forever

£0/ month

No credit card required

Join for free
  • Number of users
    1
  • Number of analyses
    Limited

What's included:

  • Upload and analyse phishing emails
  • Full header and body parsing
  • Link and attachment inspection
  • Detection and analyst notes

Enterprise

A collaborative investigation platform for security teams to manage, triage, and resolve phishing reports at scale.

Starting at

£450/ month

Billed annually at £5,400

Generate a quote
  • Number of users
    custom
  • Number of analyses
    Unlimited

Everything in Professional, plus:

  • Multi-user team access
  • Team collaboration and visibility
  • API and mailbox integrations
  • Outlook add-in (report to PhishTool)
  • Automated reporter feedback
  • Custom alerting & webhooks
  • Single sign-on/SAML 2.0

Professional

A powerful single-user version for security professionals who need full investigative capabilities without team features.

Coming soon
Continue with Professional
  • Number of users
    1
  • Number of analyses
    300 / month

Everything in Community, plus:

  • Increased number of analyses
  • Submit emails via PhishTool API
  • Create alerts
  • In-tray system (open → closed queue)

Frequently Asked Questions

PhishTool is a forensic phishing email analysis platform. It helps analysts investigate reported emails by parsing, decoding, and presenting every component—headers, links, attachments, and metadata—in a structured console designed for real-world casework.

PhishTool isn’t for detection—it’s for investigation. We don’t replace your SEG or filtering—PhishTool picks up where they leave off: after a user reports something suspicious. It’s a purpose-built workspace for security teams to triage, investigate, and close phishing cases.

PhishTool is used by SOC teams, MSSPs, threat analysts, and anyone responsible for handling reported phishing emails. We support both individual analysts and enterprise-scale teams.

Yes. PhishTool Community is free to use for individual analysts. Teams and organisations can upgrade to PhishTool Enterprise for mailbox ingestion, API access, and collaborative investigation features.

Enterprise users can connect monitored mailboxes, use the PhishTool Report Button (PRB) for Outlook or send reported emails to PhishTool via API. Once ingested, each email is automatically parsed and presented for investigation in the console.

All data is processed and stored in secure cloud infrastructure based in the EU, subject to GDPR considertions. PhishTool Limited is located in the United Kingdom and registered with the Information Commissioner's Office.

Yes. PhishTool Enterprise includes multi-factor authentication, audit trails, structured resolution tracking, and role based user management—making it suitable for teams operating under NIST, ISO 27001, SOC 2, and similar standards.

Yes. Enterprise users can connect to PhishTool via the PhishTool API or leverage webhooks for outbound connections originating from events within your PhishTool Console, to feed downstream systems. Additional integrations are in development and can be requested by customers.

Cookies on PhishTool

We use necessary cookies to make PhishTool work. We'd also like to set analytics cookies that help us make improvements by measuring how you use PhishTool.