Skip to content

0liverFlow/HookPhish

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

42 Commits

config

config

 
 

db

db

 
 

Dockerfile

Dockerfile

 
 

HookPhish.py

HookPhish.py

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

phish_detector.py

phish_detector.py

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

image

HookPhish

Python Version 1.1 License

Purpose

HookPhish is a Python script designed to aid in the detection of phishing websites. It performs various checks on suspected URLs to identify potential threats. The script incorporates multiple checks, namely:

  • Shortened URL Check
  • Tracking IP Domain Check
  • Redirection Check
  • Google Safe Browsing Database Check
  • Whois Lookup
  • Real-Time Screenshot

Moreover, it utilizes the APIs of virustotal.com, urlscan.io and abuseipdb to enhance its functionalities. Nevertheless, it's worth noting that you need to specify the corresponding api keys to use the API Key Integration feature.

Demonstration

asciicast

Installation & Usage

HookPhish is a cross platform script that works with python 3.x.

git clone https://github.com/0liverFlow/HookPhish
cd ./HookPhish
pip3 install -r requirements.txt

Then you can run it

python3.x HookPhish.py -u url [-f config.ini] [-v]

Important Notes

  1. You don't need administrator privileges to run this script.
  2. Though you can run this script without specifying virustotal.com, urlscan.io and abuseipdb's api keys, it is recommended to use them in order to obtain more specific information concerning the suspected URL. To get the API keys, you need to create an account. For that, you can simply generate a temporary email using tempmail.org and that's it.
  3. The APIs used by the script have a rate limiting.
API Rate Limits
Virustotal The Public API is limited to 500 requests per day and a rate of 4 requests per minute
Urlscan.io Unlisted Scans are limited to 1000 requests per day and 60 requests per minute
AbuseIPDB All free accounts have a rate limit of 1000 reports and checks per day

API Key Configuration

After downloading the repository and getting your API Keys, you need to configure the config.ini file before executing the script. Here is how to do that:

cd ./HookPhish
cd config

Then, you need to edit the config.ini file. Feel free to use your favorite text editor. As far as I'm concerned, I use Vim

vim config.ini
image

⚠️ Warning: Do not put the API key between double quotes, only copy and paste it!

After properly configuring the API keys, you should be able to get more information using the -f/--file option followed by the config.ini file.

python3.x HookPhish.py -u url -f config.ini -v

Latest Release Notes

  • Virustotal check was added. You only need to specify the API key to use it.
  • A Dockerfile was added in other to ease the deployment process of the tool.

Contribution

  1. If you noticed any bugs, thanks to report here
  2. For any interesting idea, thanks to ping me at 0liverFlow

About

HookPhish is a Python script designed to aid in the detection of phishing websites

Topics

url-redirection ip-tracker phishing-detection google-safe-browsing abuseipdb-api urlscan-io-api real-time-screenshot

Resources

Readme

License

MIT license
Activity

Stars

30 stars

Watchers

1 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages