This repository contains a technical study of credential-harvesting attack vectors and the implementation of a logic-based defense system. The project is divided into two modules: a high-fidelity phishing simulation and a standalone URL analysis engine.
This module demonstrates the mechanisms used in social engineering to capture sensitive user data.
- Architecture: Developed using the Python Flask micro-framework.
- User Interface: A custom-styled login portal designed with modern CSS to replicate a legitimate corporate authentication environment.
- Logic Flow: The application captures POST requests, logs credential patterns to a local file, and redirects the user to an alert-driven awareness page.
A standalone Python utility designed to programmatically evaluate the security risk of a given URL.
- Security Checks: Validates HTTPS encryption status and analyzes subdomain frequency.
- Heuristic Analysis: Scans for high-risk keywords used to create a false sense of urgency or legitimacy.
- Install dependencies: Use the command
pip install -r requirements.txt. - Run the simulation: Execute
python app.pyand navigate tohttp://127.0.0.1:5000/. - Execute the detector: Execute
python phishing_detector.pyand input a URL for analysis.
Phishing_Project/
├── static/
│ └── style.css
├── templates/
│ ├── login.html
│ └── warning.html
├── .gitignore
├── app.py
├── phishing_detector.py
├── README.md
└── requirements.txt
This project is for authorized security research and educational purposes only. Unauthorized use against real-world targets is strictly prohibited.