-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathPhishing-checker.py
200 lines (164 loc) · 6.05 KB
/
Phishing-checker.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
# phishing-checker.py
# A script to identify potential phishing URLs using CLI or GUI environments.
import re
import os
import sys
import requests
from bs4 import BeautifulSoup
from selenium import webdriver
from selenium.webdriver.chrome.service import Service
from selenium.webdriver.chrome.options import Options
from tkinter import Tk, Label, Button, Entry, StringVar
TOR_PROXY = "socks5h://127.0.0.1:9050"
def configure_tor_session():
"""
Configure a TOR session for anonymous HTTP requests.
Returns:
requests.Session: A configured session object.
"""
session = requests.Session()
session.proxies = {
"http": TOR_PROXY,
"https": TOR_PROXY,
}
return session
def analyze_url_tor(url):
"""
Analyze a URL for malicious activity via a TOR connection.
Args:
url (str): The URL to analyze.
Returns:
dict: Analysis results including page behavior and reputation.
"""
session = configure_tor_session()
results = {
"url": url,
"safe": True,
"reason": "No malicious activity detected.",
}
try:
# Fetch the page content
response = session.get(url, timeout=10)
if response.status_code == 200:
# Check for suspicious keywords in content
soup = BeautifulSoup(response.content, "html.parser")
title = soup.title.string if soup.title else ""
if any(keyword in title.lower() for keyword in ["login", "verify", "auth", "secure"]):
results["safe"] = False
results["reason"] = "Suspicious keywords found in page title."
# Additional checks for redirection or malformed content
if "meta http-equiv='refresh'" in str(soup).lower():
results["safe"] = False
results["reason"] = "Page contains redirection behavior."
else:
results["safe"] = False
results["reason"] = f"HTTP error code: {response.status_code}"
except Exception as e:
results["safe"] = False
results["reason"] = f"Error during analysis: {str(e)}"
return results
def selenium_tor_analysis(url):
"""
Perform deeper analysis using Selenium over a TOR proxy.
Args:
url (str): The URL to analyze.
Returns:
str: Result of the analysis.
"""
try:
options = Options()
options.add_argument("--headless")
options.add_argument("--no-sandbox")
options.add_argument("--disable-dev-shm-usage")
options.add_argument("--proxy-server=socks5://127.0.0.1:9050") # Use TOR proxy
service = Service('/path/to/chromedriver') # Update with the path to your ChromeDriver
driver = webdriver.Chrome(service=service, options=options)
driver.get(url)
# Check for suspicious content or redirections
if "login" in driver.title.lower() or "auth" in driver.title.lower():
driver.quit()
return "THIS LINK IS NOT SAFE: Contains suspicious keywords in title."
driver.quit()
return "This link is safe."
except Exception as e:
return f"Error during Selenium analysis: {str(e)}"
def is_phishing_url(url):
"""
Checks if a URL contains potential phishing indicators.
Args:
url (str): The URL to analyze.
Returns:
bool: True if the URL is likely phishing, False otherwise.
"""
phishing_indicators = [
'login', 'secure', 'account', 'verify', 'webscr', 'update', 'auth', 'signin'
]
# Check for phishing indicators in the URL path or query parameters
if any(indicator in url.lower() for indicator in phishing_indicators):
return True
return False
def analyze_urls(urls):
"""
Analyze a list of URLs and print whether each one is safe or a potential phishing link.
Args:
urls (list): A list of URLs to analyze.
"""
for url in urls:
tor_results = analyze_url_tor(url)
if not tor_results["safe"]:
print(f"\033[91m{url} -> {tor_results['reason']}\033[0m") # Red color
else:
selenium_results = selenium_tor_analysis(url)
if "safe" in selenium_results.lower():
print(f"\033[92m{url} -> {selenium_results}\033[0m") # Green color
else:
print(f"\033[91m{url} -> {selenium_results}\033[0m") # Red color
def cli_mode():
"""
Command Line Interface mode with a bright yellow banner.
"""
os.system('clear' if os.name == 'posix' else 'cls')
print("\033[93m") # Bright yellow color
print("=" * 50)
print(" Phishing URL Checker (CLI Mode) ".center(50))
print("=" * 50)
print("\033[0m") # Reset color
urls = []
print("Enter URLs to analyze (type 'done' to finish):")
while True:
url = input("URL: ").strip()
if url.lower() == 'done':
break
urls.append(url)
analyze_urls(urls)
def gui_mode():
"""
Graphical User Interface mode using Tkinter.
"""
def analyze():
url = url_input.get()
if url:
tor_results = analyze_url_tor(url)
if not tor_results["safe"]:
result_label.config(text=tor_results['reason'], fg="red")
else:
selenium_results = selenium_tor_analysis(url)
if "safe" in selenium_results.lower():
result_label.config(text=selenium_results, fg="green")
else:
result_label.config(text=selenium_results, fg="red")
root = Tk()
root.title("Phishing URL Checker")
Label(root, text="Enter a URL to analyze:").pack(pady=5)
url_input = StringVar()
Entry(root, textvariable=url_input, width=50).pack(pady=5)
Button(root, text="Check", command=analyze).pack(pady=10)
result_label = Label(root, text="", font=("Arial", 12))
result_label.pack(pady=5)
Button(root, text="Exit", command=root.quit).pack(pady=10)
root.mainloop()
if __name__ == "__main__":
if len(sys.argv) > 1 and sys.argv[1] == '--gui':
gui_mode()
else:
cli_mode()