Ever since the first version of SET (have to give Dave props since it is “his” conference) the open source community has embraced the need for phishing tools. Tools like: Phishing- Frenzy, Ice-hole, Phemail, Spf, SET, etc. are good and serve their purpose but are they the best bang for the buck? We will compare open source technologies to PHaaS technologies and make the case that for large (500+ emails - easy for a corporation to hit) PHaaS is the best option. Time permitting we will demonstrate how to use PHaaS to do the broad scan and opensource tools to do the exploitation. Note I do not have any ties with the vendor/solutions discussed in this talk, I am simply a user that likes the tools and the value add they bring to a phishing engagement.