[matt4077]

So, how does this "educational tool to secure organisations against phishing" differ from a tool to make phishing easier?

Don't get me wrong: I'm all for people having the tools to protect themselves, and the ability to write/publish/use whatever software you want.

So this question isn't provocation, but a real interest if there are any decisions that may make such software's use easier for white hats vs. black.

Because as a first approximation, it strikes me as plausible that being free-as-in-beer is unfortunately more useful to the perpetrators of phishing (usually small groups or individuals) than the victims (large organisations, usually with significant resources or they wouldn't be interesting). It's a really interesting dynamic actually, one where the weapon and the protection just happen to be the same.

[bigtunacan]

I haven't used this particular tool, but in general there is a large number of free/open source "hacking" tools available and many can be used for good or ill.

Kali Linux is a prime example. It is a Linux distro prepackaged with some of the best hacking tools available.

While I'm sure some people use it maliciously it is in heavy use by security teams to discover vulnerabilities so they can be fixed.

[alpenbazi]

Like a knife is used for good or bad reasons..

[vectorEQ]

good and bad is an opinion.

[alpenbazi]

That is exactly the point. A thing itself is never good or bad. Its what we do with it. And even that is relative again. But lets not get too deep into philosophics here