Skip to content

Train your people against the attacks that actually land.

Deepfake fraud, AI voice-clone vishing, phishing at machine scale. Hackiwi gives you the training, the phishing simulations, the one-click report button, and the exposure tooling to handle them. The training library is free for everyone, forever.

No credit card. No sales call. No account needed just to browse.

live — the anatomy of one attack, caught

incoming · mail + voice
from
subject
voice note · 0:11 · “Hi, it’s Danielle…”
Caught — reported in one click.
triaged: credential phishing · event logged · credentials never stored
AGPL-3.0
code licence
CC-BY-4.0
content licence
Always
self-hostable
HackersHub
built by

( 01 ) — Why now

The attacks changed.
Most training did not.

Awareness programmes still drill the 2015 phishing email. Meanwhile the risk moved somewhere else entirely, and it moved fast.

01

The lure got perfect

Generative models removed every tell people were trained to look for. No broken grammar, no odd formatting, no generic greeting. The old “spot the typo” training now teaches the wrong reflex.

02

The face got faked

A video call with a familiar colleague is no longer proof of anything. Voice clones need seconds of audio, and finance approvals are the target.

03

The cost went to zero

Targeted, researched, personalised attacks used to be reserved for high-value targets. Automation made them cheap enough to point at everyone.

You can't predict the next lure.
You can build the instinct.

The threat curve is not slowing down. Choose a figure to see what actually changed.

Global phishing volume

ChatGPT →’19’20’21’22’23’24’25

Malicious phishing emails detected worldwide, indexed to 2019.

SlashNext, 2023

( 02 ) — What we do

One platform, four jobs.

Teach people what the current attacks look like. Test whether it stuck. Give them a way to report. Show you what is exposed.

01 · Training library

Video and written modules, led by AI and modern threats.

  • Free for everyone, forever, no account to browse
  • Interactive knowledge checks with instant feedback
  • Assign paths and track completion in the app
Browse the library
Deepfake Video-Meeting Fraud✓ completed
AI Voice-Clone Fraudin progress
AI-Generated Phishing at Scaleassigned
LLM-Aided Social Engineeringassigned
Q3 finance lure — campaignsent to 240
opened 38%clicked 9%reported 0%

domain verified · audit log on · credentials never stored

02 · Phishing simulation

Realistic campaigns, sent only to domains you have verified.

  • Campaign builder with tracked opens, clicks, and reports
  • Hard safety gates and full audit logging
  • Submitted credentials are never stored, only the event

03 · Report and triage

A one-click report button that feeds a real triage queue.

  • Gmail and Outlook add-ins for employees
  • Auto-classification and reputation checks on arrival
  • Turns a reporting culture into an early warning system
“Payroll update required — action needed”
reported by 3 employees · 09:41
analysing…
“Invoice #4471 from Van Dijk BV”
reported by m.devries · 09:12
benign
“Voicemail: call me back re: transfer”
reported by j.bakker · 08:57
vishing
$ scan vandijk-logistics.nl
employee emails public · 47 found
lookalike vandijk-l0gistics.nl · registered 3d ago
SPF / DMARC · enforced
scanning…

04 · Exposure tooling

See what an attacker sees before they use it.

  • OSINT for the org and for individuals, scope-locked
  • Website scan, dependency CVE tracking, domain monitoring
  • Lookalike domain alerts on new registrations

( 03 ) — The open library

The whole library is public. No account, no paywall, no catch.

Learning how not to get scammed should never be a yearly subscription. So every module we make is open at /library — free to watch, free to share, free to reuse under CC-BY-4.0. The library never goes behind a signup door.

0
modules, all free
0
with video
0
categories
2
languages · EN / NL

( 04 ) — How we work

Open core, by hosting. Not by crippling.

The people most likely to be targeted are the least able to pay. So the training is free and the code is open. What we sell is the convenience of us running it for you at scale.

01

Everyone learns free

Point anyone at the open library. Staff, family, a supplier, a stranger. No licence check, no seat count, no expiry.

02

Teams add the platform

Create an org to assign paths, track completion, run simulations, and wire up the report button. Free up to 20 users.

03

Or host it yourself

Every line is AGPL-3.0. Clone it, run it on your own infrastructure, change what you like. Our hosting is a convenience, not a lock.

04

Scale pays for the mission

Organisations over 20 users pay for the premium tooling. That funds the library staying free for everyone below them.

( 05 ) — Pricing

The training is free. Forever. For everyone.

Only the premium tooling has a price, and only once you are big enough to have a budget for it.

Individuals and families

Free

The whole library, plus the premium tools, at no cost.

  • Every training module, forever
  • Website scan, domain monitoring, OSINT
  • No account needed to browse the library
Most teams start here

Organisations up to 20

Free

The full platform, free, up to twenty users.

  • Full library and every premium tool
  • Assign paths and track completion
  • Phishing simulation once your domain is verified

Organisations over 20

Paid tooling

The training stays free. Premium tooling is paid at scale.

  • The library is always free for everyone
  • Pay only for the premium admin tooling
  • Or self-host the whole thing for nothing
policy

The phishing simulator is limited to verified organisations only, for legal and abuse-prevention reasons. It is never offered to individuals or families. Everything in the library is open to all.

Start with the library. Add the platform when you need it.

Nothing to install, nothing to buy, nothing to cancel later.