/HookPhish

HookPhish is a Python script designed to aid in the detection of phishing websites

Primary LanguagePythonMIT LicenseMIT

image

HookPhish

Python Version 1.1 License

Purpose

HookPhish is a Python script designed to aid in the detection of phishing websites. It performs various checks on suspected URLs to identify potential threats. The script incorporates multiple checks, namely:

  • Shortened URL Check
  • Tracking IP Domain Check
  • Redirection Check
  • Google Safe Browsing Database Check
  • Whois Lookup
  • Real-Time Screenshot

Moreover, it utilizes the APIs of virustotal.com, urlscan.io and abuseipdb to enhance its functionalities. Nevertheless, it's worth noting that you need to specify the corresponding api keys to use the API Key Integration feature.

Demonstration

asciicast

Installation & Usage

HookPhish is a cross platform script that works with python 3.x.

git clone https://github.com/0liverFlow/HookPhish
cd ./HookPhish
pip3 install -r requirements.txt

Then you can run it

python3.x HookPhish.py -u url [-f config.ini] [-v]

Important Notes

  1. You don't need administrator privileges to run this script.
  2. Though you can run this script without specifying virustotal.com, urlscan.io and abuseipdb's api keys, it is recommended to use them in order to obtain more specific information concerning the suspected URL. To get the API keys, you need to create an account. For that, you can simply generate a temporary email using tempmail.org and that's it.
  3. The APIs used by the script have a rate limiting.
API Rate Limits
Virustotal The Public API is limited to 500 requests per day and a rate of 4 requests per minute
Urlscan.io Unlisted Scans are limited to 1000 requests per day and 60 requests per minute
AbuseIPDB All free accounts have a rate limit of 1000 reports and checks per day

API Key Configuration

After downloading the repository and getting your API Keys, you need to configure the config.ini file before executing the script. Here is how to do that:

cd ./HookPhish
cd config

Then, you need to edit the config.ini file. Feel free to use your favorite text editor. As far as I'm concerned, I use Vim

vim config.ini
image

⚠️ Warning: Do not put the API key between double quotes, only copy and paste it!

After properly configuring the API keys, you should be able to get more information using the -f/--file option followed by the config.ini file.

python3.x HookPhish.py -u url -f config.ini -v

Latest Release Notes

  • Virustotal check was added. You only need to specify the API key to use it.
  • A Dockerfile was added in other to ease the deployment process of the tool.

Contribution

  1. If you noticed any bugs, thanks to report here
  2. For any interesting idea, thanks to ping me at 0liverFlow