A machine learning-based web application designed to detect phishing websites by analyzing URL features. This project aims to enhance cybersecurity by identifying malicious URLs that mimic legitimate websites to steal sensitive user information.
- Overview
- Features
- Technologies Used
- Installation
- Usage
- Dataset
- Model Training
- CLI Usage
- Contributing
- License
- Contact
Phishing attacks are a prevalent cybersecurity threat, where attackers create fraudulent websites that appear legitimate to deceive users into providing sensitive information such as login credentials or financial details. The Phishing Web Detector leverages machine learning techniques to classify URLs as either phishing or legitimate based on extracted features, helping users avoid malicious websites.
This repository contains the source code for a web application, a CLI tool, and supporting scripts for feature extraction and model training.
- URL Analysis: Extracts 17 features from URLs, including address bar, domain, and HTML/JS-based characteristics.
- Machine Learning Models: Uses a Random Forest classifier for accurate phishing detection.
- Web Interface: Clean, responsive UI built with Flask and Tailwind CSS.
- CLI Tool: Command-line interface for single URL or batch file predictions.
- Real-Time Prediction: Immediate feedback via web or CLI.
- Extensible Design: Modular codebase for easy feature/model integration.
- Python: Core programming language.
- Scikit-learn: Machine learning model implementation.
- Flask: Web framework for the UI.
- Pandas & NumPy: Data manipulation and analysis.
- BeautifulSoup & tldextract: Feature extraction from URLs and HTML.
- Tailwind CSS: Styling for the web interface.
- Git: Version control.
-
Clone the Repository:
git clone https://github.com/nagasainanduri/phishingwebdetector.git cd phishingwebdetector -
Install Python Dependencies:
Ensure Python 3.6+ is installed. Install packages using:pip install -r requirements.txt
-
Download the Dataset:
Download phishing URLs from PhishTank and legitimate URLs from UNB CIC. Place them in thedata/directory asphishing_urls.csvandlegitimate_urls.csv. Preprocess with:python scripts/fetch_data.py
-
Train the Model:
python scripts/train_model.py
-
Run the Web Application:
python app.py
Visit http://localhost:5000.
- Navigate to http://localhost:5000.
- Enter a URL and click "Analyze URL".
- View the result (Phishing/Legitimate) and confidence score.
Send a POST request to /api/predict:
curl -X POST -H "Content-Type: application/json" -d '{"url":"http://example.com"}' http://localhost:5000/api/predictUse the CLI for single or batch URL predictions:
-
Single URL:
python cli.py --url http://example.com
-
Batch File (URLs in
urls.txt, one per line):python cli.py --file urls.txt
- Phishing URLs: From kaggele
- Legitimate URLs: From UNB CIC/Kaggele or similar sources.
Features Extracted (17 total):
- Address Bar: IP presence, URL length, HTTPS, dots, slashes, @ symbol, dash, query presence.
- Domain: Domain length, subdomain presence, TLD length, domain age, DNS record.
- HTML/JS: Number of anchors, external anchors, forms, pop-up presence, meta refresh tags.
Data is preprocessed into data/processed_data.csv.
The project uses a Random Forest classifier for binary classification:
- Feature Extraction: Handled by
scripts/feature_extraction.py. - Training: 80/20 train-test split, with accuracy, precision, and recall metrics.
- Serialization: Model saved as
models/phishing_detector.pkl.
To retrain, run:
python scripts/train_model.py- Fork the repository.
- Create a branch:
git checkout -b feature-branch
- Commit changes:
git commit -m "Add feature" - Push:
git push origin feature-branch
- Open a Pull Request.
Ensure code follows PEP 8 and includes tests.
Apache 2.0 License. See LICENSE for details.
Author: Nagasai Nanduri
GitHub Issues: Open an issue for bug reports or feature requests.
Disclaimer:
This tool is for educational and research purposes only. It is not foolproof and should not be the sole method for ensuring online safety. Verify URLs through trusted sources.
This tool is currently under development and may not work as intended.