Phishing detection tool through the use of several APIs checking against the most trusted databases, while additionally having a self-made phish checker and most importantly, completely free of charge APIs.
- Tested on:
-------------------
| OS | ? |
|---------|--------
| Linux | ✅ |
|-------- |--------
| Windows | ✅ |
|-------- |--------
| MacOS | ✅ |
--------------------
If you haven't completed the requirements, take a look at the requirements section or https://nrelm.com/nophish for more informations.
-
When it comes to a malicious website / phishing page, sometimes they're made persuasive enough to trick you. But just in case, it doesn't hurt to check as cyber safety should be your primary concern when browsing online.
-
As you can see on the screenshots below, using NoPhish to scan a malicious website, we may receive different outputs from different services who's verdicts can be either malicious or not, however if one of the verdicts are deemed malicious, there is a chance that someone has already reported the website, therefore making it potentially malicious! See screenshots below:
-
The IP reputation scanner uses the
AbuseIPDBAPI to check for a specific ip address against their database. Example usage:
-
The Manual is simple, it contains basic informations as to where you can get the APIs from & place to visit if you're face potential issues.
NoPhish Requires:
Python 3.x+ (At least python 3.x +) Make sure python is added to path onwindows, usually it comes pre-installed on linux distirbutions.
Visit https://www.nrelm.com/nophish for full details.
Required APIs:
-
Google Safe Browsing API : https://developers.google.com/safe-browsing/v4/get-started
-
Rapid API (Exerra):https://rapidapi.com/Exerra/api/exerra-phishing-check/
-
IpQualityScore API: https://www.ipqualityscore.com/documentation/proxy-detection-api/overview
-
AbuseIPDB API: https://www.abuseipdb.com/api.html
-
Url.io API: https://urlscan.io/docs/api/
-
VirusTotal API: https://www.virustotal.com/
- Sign up for an account & get your free API key. Then nagivate to
UrlCheck.py: You can now deploy!
- Firstly, either download the .zip file manually and extract it, or simply:
git clone https://github.com/sytaxus/NoPhish.git
-
Secondly, make sure you're inside the project's directory, so:
cd NoPhish -
Now, install the required libraries using :
pip install -r requirements.txt -
Now replace the required
APIsby going toUrlCheck.py:
-
Then navigate to:
-
Now replace your API keys and finally deploy!
-
Finally, you can deploy using:
python NoPhish.pyorpython3 Nophish.pydepending on your system.
-
Is there a difference between using domain names or a full url using http / https?
It doesn't matter. You can scan using domain-only or full URL. -
Are all of the APIs free?
Yes, all of the APIs are completely free of use by the time of NoPhish's release. -
Is the project going to be supported?
Yes, i'll keep updating it for now. -
What is the
cmdsnrchecker?It's a built in checker made to check for the website's age, certificate etc...