This is a consulting offering at several low-end app sec firms (if you're a high-end appsec firm that does this stuff, sorry, I didn't know). It's one of those attractive "scales across every employee of the company" services consultants love. Happy to see it productized.
We're a mid-level appsec firm, how's that? :) The problem is that high, med, and low end attackers are using spear phishing to get a foothold inside many organizations. This is testing that everyone should be doing today. Read any recent mainstream media article about any breach and Cmd-F "phish".
Core Impact includes a module for doing phishing with client-side exploits. Probably more expensive than this, though. Metasploit will let you do similar things, but I don't know if it's packaged up nicely like Core Impact and the current post.