Pufferphish

An automated dynamic analysis approach to extracting exfiltration URLs from phishing sites and documents.

REST API

Analyze a URL:

$ curl "http://localhost:1234/submit" -X POST -d "url=https://pub-20cffe933ea147e7911147f1c88f341b.r2.dev/index.html"

{
  "exfiltration": [
    {
      "body": "",
      "credential_types": [
        "username"
      ],
      "method": "GET",
      "url": "https://dashboard.example.com/web/site/go-back?usr=USERNAME&token=9704A-4FC48-AE885-98DCB-DCDF5-7F3FD-EF-16-81851-875"
    }
  ],
  "html": "...",
  "solver_html": "..."
}

Alternatively, you can analyze an HTML file:

$ curl "http://localhost:1234/submit" -X POST -F "[email protected]"

Credit

selenium_phishing_detector and their paper A New Heuristic Based Phishing Detection Approach Utilizing Selenium Web-driver for inspiration
FlareSolverr for getting past hCaptcha
selenium-wire for intercepting and manipulating requests
mitmproxy which selenium-wire is built on top of
undetected_chromedriver to avoid any chromedriver-specific anti-bot protection

Name		Name	Last commit message	Last commit date
Latest commit History 37 Commits
backend		backend
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
docker-compose.yml		docker-compose.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Pufferphish

REST API

Credit

About

Releases

Packages

Languages

License

DenizenB/pufferphish

Folders and files

Latest commit

History

Repository files navigation

Pufferphish

REST API

Credit

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages