A comprehensive Python application that detects potentially dangerous phishing URLs through multiple security checks. Available in both terminal and GUI versions.
- Real-time Online Database Updates: Fetches latest phishing domains from PhishTank and OpenPhish
- Built-in Phishing Database: Contains a curated list of known phishing domains (20+ domains)
- URL Parsing: Accurately extracts and validates domain information
- Multi-layer Security Checks:
- Real-time online phishing database checking
- Known phishing domain detection
- Suspicious character analysis (@ symbols, consecutive dots/dashes)
- HTTPS verification
- Domain reputation checking
- Risk Assessment: Categorizes threats as SAFE, LOW, MEDIUM, or HIGH risk
- User-Friendly Interface: Available in both command-line and GUI versions
- Offline Fallback: Works without internet connection using local database
- Error Handling: Gracefully handles malformed URLs and network errors
- Cross-Platform: Works on Windows, macOS, and Linux
- Flake8 Compliant: Code follows PEP 8 standards and best practices
No additional packages required! This application uses only Python standard libraries.
- Download/Clone this project to your computer
- Find the folder on your computer
- Double-click the
Start_GUI.batfile - Type any URL in the text box (e.g.,
google.com) - Click "Check URL" or press Enter
- Read the results - green = safe, red = dangerous!
# Terminal version with online database updates
python phishing_detector.py
# GUI version
python phishing_detector_gui.py
# Run all tests
python test_phishing_detector.py
# Check code quality
flake8 *.pySafe URL Test:
Input: https://www.google.com
Result: β
SAFE (Green)
Details: Using HTTPS, legitimate domain, no suspicious features
Dangerous URL Test:
Input: paypal-security.com
Result: β DANGEROUS (Red)
Details: Known phishing domain, avoid this site!
- Python 3.6 or higher
- Standard Python libraries:
urllib.parse,re,tkinter
git clone https://github.com/yourusername/python-phishing-url-detector.git
cd python-phishing-url-detectorThree ways to instantly start the application:
- Double-click
Start_GUI.bat- Instantly opens the graphical interface β‘ - Double-click
phishing_detector_gui.py- Direct GUI launch (if Python is associated) - Double-click
phishing_detector.py- Terminal version with interactive mode
If Python files don't open automatically:
- Right-click β Run as Administrator β
setup_python_association.bat - This will associate
.pyfiles with Python for easy double-clicking
# Run terminal version
run.bat run-terminal
# Run GUI version
run.bat run-gui
# Run tests
run.bat test
# Show help
run.bat help# Run terminal version
make run-terminal
# or
python phishing_detector.py
# Run GUI version
make run-gui
# or
python phishing_detector_gui.py
# Run tests
make test
# Show help
make helpRun the command-line version:
python phishing_detector.pyFeatures:
- Interactive URL input with online/offline mode selection
- Real-time phishing database updates from PhishTank and OpenPhish
- Detailed analysis reports with risk assessment
- Special commands:
update- Force database updatestats- Show database statisticsq,quit,exit- Exit application
- Continuous operation until user exits
- Automatic database refresh (every hour when online)
π±οΈ Easy Start: Double-click Start_GUI.bat file
Or run manually:
python phishing_detector_gui.pyFeatures:
- One-click launch with Start_GUI.bat file
- User-friendly graphical interface with modern design
- Real-time URL analysis with instant results
- Color-coded results:
- π’ Green = Safe/Low risk
- π‘ Orange = Medium risk warnings
- π΄ Red = High risk/Dangerous
- Detailed analysis reports with security recommendations
- Enter key support - Type URL and press Enter
- Clear and About functionality
- Resizable window with professional layout
- Copy-paste friendly URL input
The application can fetch the latest phishing domains from trusted sources:
- PhishTank API: Access to 26,000+ verified phishing URLs
- OpenPhish Feed: Community-maintained phishing database
- Automatic Updates: Database refreshes every hour when online mode is enabled
- Fallback Mode: Works offline using local database if internet is unavailable
# Enable online features (recommended)
π Enable online phishing database updates? (y/N): y
# Disable online features (offline mode)
π Enable online phishing database updates? (y/N): nupdate- Force immediate database updatestats- Show database statistics and last update time
- Real-time Online Database Check: Fetches latest phishing domains from:
- PhishTank API (26,000+ domains)
- OpenPhish feed (updated regularly)
- Known Phishing Domain Check: Compares against local database of known phishing sites
- Suspicious Character Detection: Identifies potentially malicious characters:
@symbols (often used to hide real domains)- Consecutive dots
..(directory traversal attempts) - Multiple dashes
--or underscores__(domain spoofing)
- HTTPS Verification: Ensures the connection uses secure encryption
- URL Validation: Checks for proper URL format and structure
- Domain Reputation Check: Verifies if domain resolves and is active
- HIGH Risk: Known phishing domain in online databases + other suspicious features
- MEDIUM Risk: Some suspicious characteristics detected
- LOW Risk: Minor issues found (e.g., no HTTPS)
- SAFE: No suspicious features detected, passes all checks
π Checking: https://www.google.com
Result: β
SAFE
Risk Level: SAFE
Domain: www.google.com
Scheme: HTTPS
Details:
1. β
Domain is active and resolves
2. β
Using secure HTTPS connection
3. β
No suspicious features detected
π Checking: http://[email protected]
Result: β SUSPICIOUS/DANGEROUS
Risk Level: HIGH
Domain: malicious-site.com
Scheme: HTTP
Details:
1. β οΈ 'malicious-site.com' found in updated phishing database
2. β οΈ Suspicious character '@' found
3. β οΈ Not using secure HTTPS connection
π‘ Recommendation: DO NOT VISIT - This appears to be a phishing site
π Phishing Detector Statistics
----------------------------------------
Total phishing domains: 27,060
Online checking: Enabled
Last update: 2025-07-29 14:30:15
Time since update: 0:15:23
Suspicious characters checked: ['@', '..', '--', '__']
----------------------------------------
π Python Phishing URL Detector/
βββ π±οΈ Start_GUI.bat # β CLICK THIS! Opens GUI instantly
βββ π phishing_detector.py # Terminal version with online features
βββ πΌοΈ phishing_detector_gui.py # GUI version (user-friendly)
βββ π§ͺ test_phishing_detector.py # Comprehensive test suite
βββ βοΈ setup_python_association.bat # Python file association setup
βββ π¨ create_icon.ps1 # Icon generator script
βββ π README.md # This documentation
βββ π¦ requirements.txt # Python dependencies (none needed!)
βββ π§ setup.py # Package setup
βββ π pyproject.toml # Modern Python packaging
βββ ποΈ Makefile # Unix build commands
βββ πͺ run.bat # Windows batch commands
βββ β
.flake8 # Code quality configuration
βββ π FLAKE8_COMPLIANCE.md # Code quality report
Start_GUI.bat- The easiest way to launch the applicationphishing_detector_gui.py- Graphical interfacephishing_detector.py- Terminal interface with advanced features
PhishingDetector: Main detection class with online capabilitiesupdate_phishing_database(): Real-time database updates_fetch_from_source(): Online data fetching from APIshandle_special_commands(): Command processing (update, stats)setup_detector(): Initialize detector with user preferencesprocess_url_analysis(): URL analysis and result displayprint_banner(): Application headermain(): Application entry point (modular design)
PhishingDetector: Core detection logic (same as terminal)PhishingDetectorGUI: Tkinter-based interface- Color-coded results and detailed reporting
- About dialog and help functionality
Edit the known_phishing_domains set in the PhishingDetector class:
self.known_phishing_domains = {
'paypal-security.com',
'amazon-security.org',
'your-new-domain.com', # Add new domains here
# ... more domains
}Update the suspicious_characters list:
self.suspicious_characters = ['@', '..', '--', '__', 'new-char']Modify the risk calculation in the analyze_url() method:
if risk_factors >= 3:
risk_level = 'HIGH'
elif risk_factors >= 1:
risk_level = 'MEDIUM'
else:
risk_level = 'LOW'Problem: "Python files won't open when I double-click"
- Solution: Right-click
setup_python_association.batβ Run as Administrator - This will associate Python files with the Python interpreter
Problem: "Start_GUI.bat doesn't work"
- Solution: Make sure Python is installed and in your PATH
- Test: Open Command Prompt β Type
python --version - If not found, reinstall Python and check "Add Python to PATH"
Problem: "GUI window appears but crashes"
- Solution: Your Python installation may be missing tkinter
- Fix: Reinstall Python with "tcl/tk and IDLE" option checked
Problem: "Online features don't work"
- Solution: Check your internet connection
- The app works offline too, just with limited phishing database
Problem: "False positives in detection"
- Solution: This tool is conservative for safety
- Always verify suspicious results manually
- Report issues on GitHub for database improvements
- Windows 7/10/11 (primary support)
- macOS/Linux (should work but untested with .bat files)
- Python 3.6+ (with tkinter for GUI)
- Internet connection (optional, for online database updates)
This tool provides guidance but should not be the only line of defense:
- Always verify suspicious URLs through official channels
- Never enter credentials on suspicious websites
- Keep browsers updated with latest security patches
- Use additional security tools like antivirus and firewalls
- Be cautious with shortened URLs and email links
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
- Expand the phishing domain database
- Add more sophisticated detection algorithms
- Implement machine learning-based detection
- Add support for checking multiple URLs at once
- Create a web-based version
This project is licensed under the MIT License - see the LICENSE file for details.
This tool is for educational and security awareness purposes. While it implements several detection methods, it may not catch all phishing attempts. Users should always exercise caution when visiting unfamiliar websites and never enter sensitive information on suspicious sites.
- β Real-time online phishing database integration
- β Advanced modular code structure
- β Flake8 compliance and code quality
- β One-click GUI launcher (Start_GUI.bat)
- β User-friendly installation process
- β Comprehensive documentation with examples
- β³ Machine learning-based URL analysis
- β³ Browser extension version
- β³ Batch URL processing (check multiple URLs)
- β³ Integration with VirusTotal API
- β³ Email scanning capabilities
- β³ Custom blacklist/whitelist management
- β³ REST API version for developers
- β³ Docker containerization
- β³ Mobile app version
If you encounter any issues or have questions:
- Check the existing issues in the repository
- Create a new issue with detailed description
- Include error messages and system information
- Provide steps to reproduce the problem
- Python Software Foundation for the excellent standard library
- Security community for phishing research and awareness
- Contributors and users who help improve this tool
1. π Open project folder
2. π±οΈ Double-click "Start_GUI.bat"
3. β‘ GUI window opens automatically
4. π Type: google.com
5. π Click "Check URL" or press Enter
6. β
Result: SAFE (green text)
7. π Try: paypal-security.com
8. β Result: DANGEROUS (red text)
1. π±οΈ Double-click "phishing_detector.py"
2. π Choose: y (enable online) or n (offline)
3. π Enter URL: google.com
4. β
See detailed analysis
5. π‘ Special commands: 'update', 'stats', 'q'
Remember: Stay vigilant online and always verify suspicious URLs through official channels!