Phishy is an innovative cybersecurity education platform that revolutionizes phishing awareness training through multi-perspective learning. Built with Laravel 11, it provides a comprehensive ecosystem where users experience cybersecurity from three critical viewpoints: Attacker, Victim, and Defender.
-
Attacker Mode: Learn social engineering tactics and email crafting techniques
-
Victim Mode: Experience realistic phishing scenarios in a safe environment
-
Defender Mode: Develop threat detection and email analysis skills
-
Role-Based Access Control (RBAC) with Spatie Laravel Permission
-
Password Strength Tracking with real-time compliance monitoring
-
Comprehensive Admin Dashboard with user management capabilities
-
Dark/Light Mode Support for enhanced user experience
-
Probability-based victim responses with realistic scoring algorithms
-
Event-driven architecture for seamless simulation flow
-
Real-time feedback on phishing campaign effectiveness
π Professional Admin Interface:
-
User management with password security auditing
-
Real-time statistics and compliance tracking
-
Role assignment and permission management
-
Responsive design with Bootstrap 5.3
- Login Page:
- Sign up Page:
![[Screenshot_2025-06-22_13-01-22.png]]
- User Dashboard:
- Admin Dashboard:
- Attacker Mode:
- Victim Mode:
- Defender Mode:
π Installation:
-
Prerequisites:
-
PHP 8.4+
-
Composer 2.x
-
Node.js 18+ & NPM
-
MySQL 8.0+ or PostgreSQL 13+
-
Laravel 11.x
Quick Setup:
- Clone the repository
git clone https://github.com/yourusername/phishy.git
cd phishy
Install dependenciescomposer install
npm install
Environment configurationcp .env.example .env
php artisan key:generate
Database setup# Configure your database in .env file
php artisan migrate
php artisan db:seedInstall Spatie Permission
php artisan vendor:publish --provider="Spatie\Permission\PermissionServiceProvider"
php artisan migrate
Build assetsnpm run build
# or for development
npm run dev
Start the applicationphp artisan serve
Visit http://localhost:8000 to access Phishy!ποΈ Architecture:
- Core Components
Phishy/
βββ π Attacker Module # Social engineering simulation
β βββ Email crafting interface
β βββ Bot simulation system
β βββ Probability-based scoring
βββ π€ Victim Module # Phishing experience training
β βββ Realistic email inbox
β βββ Fake login pages
β βββ Educational feedback
βββ π‘οΈ Defender Module # Threat detection & analysis
β βββ Email pattern recognition
β βββ Suspicious content scanner
β βββ Security analysis tools
βββ π Admin Dashboard # User & security management
β βββ User management system
β βββ Password compliance tracking
β βββ Real-time statistics
βββ π RBAC System # Role-based access control
βββ User roles (admin/user)
βββ Permission management
βββ Secure authentication
Component Technology:
- Backend : Laravel 11 with PHP 8.4+
- Frontend : Bootstrap 5.3 with responsive design
- Database : MySQL with Eloquent ORM
- Authentication : Laravel Breeze with custom enhancements
- Permissions : Spatie Laravel Permission
- Assets : Vite for modern asset compilation
- UI Framework : Bootstrap 5.3 with custom SCSS
- Icons : Font Awesome 6.0
- For Students/Trainees -Register with a strong password (enforced by our security system)
-
Choose a learning perspective:
-
Start with Victim Mode to understand vulnerabilities
-
Try Attacker Mode to learn social engineering tactics
-
Use Defender Mode to develop detection skills
-
Progress through scenarios and receive immediate feedback
-
-
For Administrators
-
Access admin dashboard at /admin/dashboard
-
Monitor user activity and password compliance
-
Manage user roles and permissions
-
Track learning progress across all modules
-
- Learning Outcomes:
β Understand common phishing tactics and social engineering techniques
β Recognize suspicious emails and malicious content patterns
β Develop critical thinking skills for cybersecurity threats
β Experience the full attack lifecycle from multiple perspectives
β Build defensive mindset and threat awareness
- Target Audience: π’ Corporate employees needing cybersecurity awareness training
π Students learning about information security
π» IT professionals developing security skills
ποΈ Organizations implementing security education programs
- Key Features Implementation
- Password Strength Tracking
// Real-time password compliance monitoring
protected function create(array $data)
{
$passwordStrength = $this->evaluatePasswordStrength($data['password']);
$user = User::create([
'name' => $data['name'],
'email' => $data['email'],
'password' => Hash::make($data['password']),
'password_meets_requirements' => $passwordStrength['meets_requirements'],
'password_strength_details' => json_encode($passwordStrength['details']),
]);
$user->assignRole('user');
return $user;
}
Event-Driven Bot Simulation
php
// Probability-based victim simulation
public function simulateVictim(Request $request)
{
$event = new BotLaunched($request->input('message'), $request->input('subject'));
event($event);
$result = $event->result; // Realistic success/failure scoring
$status = $result['success']
? "β
Success! Victim bot fell for it (Score: {$result['score']})"
: "β Fail! Victim bot ignored the email (Score: {$result['score']})";
return back()->with('status', $status);
}
Advanced Threat Detection
php
// Pattern-based email analysis
$suspiciousPatterns = [
'/http[s]?:\/\/[^\s]+/i', // Links detection
'/(verify|confirm|reset).{0,20}(account|password)/i', // Phishing intent
'/login/i', // Login keywords
'/urgent|suspended|locked/i', // Social engineering tactics
'/credential|username|password/i', // Credential harvesting
];
foreach($suspiciousPatterns as $pattern) {
if(preg_match($pattern, $email->body)) {
$alerts[] = [
'id' => $email->id,
'from' => $email->sender,
'subject' => $email->subject,
'reason' => 'Suspicious content detected: ' . $pattern,
];
}
}Users Table Enhancement
sql
ALTER TABLE users ADUser: Create via registration with strong password requirementsD COLUMN password_meets_requirements BOOLEAN DEFAULT FALSE;
ALTER TABLE users ADD COLUMN password_strength_details JSON;
Emails Table
sql
CREATE TABLE emails (
id BIGINT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
sender VARCHAR(255) NOT NULL,
subject VARCHAR(255) NOT NULL,
body TEXT NOT NULL,
created_at TIMESTAMP NULL DEFAULT NULL,
updated_at TIMESTAMP NULL DEFAULT NULL
);
-
Fork the repository
-
Create a feature branch (git checkout -b feature/amazing-feature)
-
Commit your changes (git commit -m 'Add amazing feature')
-
Push to the branch (git push origin feature/amazing-feature)
-
Open a Pull Request
-
Multiplayer Mode - Real-time competitive phishing simulations
-
Advanced Analytics - Detailed learning progress tracking with charts
-
API Integration - RESTful API for external integrations
-
Mobile App - Native mobile application for training
-
AI-Powered Scenarios - Dynamic phishing content generation
-
Certification System - Formal cybersecurity awareness certificates
-
Multi-language Support - Internationalization for global use
-
Advanced Reporting - Detailed security posture reports
This project demonstrates:
β¨ Innovative educational approach to cybersecurity training
π» Professional software development with Laravel best practices
π¨ User experience design with responsive, accessible interfaces
π Security-first mindset with comprehensive protection measures
-
π Strong password enforcement with real-time validation
-
π₯ Role-based access control using Spatie Permission
-
πͺ Session management with secure cookie handling
-
π‘οΈ CSRF protection on all forms
πΎ Caching strategies for improved performance
This project is licensed under the MIT License - see the LICENSE file for details.
-
Laravel Community for the excellent framework and documentation
-
Spatie for the robust permission management package
-
Bootstrap Team for the responsive UI framework
-
CTF Community for inspiration and security best practices
-
Cybersecurity Community for educational methodologies
Made with β€οΈ for cybersecurity education