HookPhish is a Python script designed to aid in the detection of phishing websites. It performs various checks on suspected URLs to identify potential threats. The script incorporates multiple checks, namely:
- Shortened URL Check
- Tracking IP Domain Check
- Redirection Check
- Google Safe Browsing Database Check
- Whois Lookup
- Real-Time Screenshot
Moreover, it utilizes the APIs of virustotal.com, urlscan.io and abuseipdb to enhance its functionalities. Nevertheless, it's worth noting that you need to specify the corresponding api keys to use the API Key Integration feature.
HookPhish is a cross platform script that works with python 3.x.
git clone https://github.com/0liverFlow/HookPhish
cd ./HookPhish
pip3 install -r requirements.txt
Then you can run it
python3.x HookPhish.py -u url [-f config.ini] [-v]
- You don't need administrator privileges to run this script.
- Though you can run this script without specifying virustotal.com, urlscan.io and abuseipdb's api keys, it is recommended to use them in order to obtain more specific information concerning the suspected URL. To get the API keys, you need to create an account. For that, you can simply generate a temporary email using tempmail.org and that's it.
- The APIs used by the script have a rate limiting.
API | Rate Limits |
Virustotal | The Public API is limited to 500 requests per day and a rate of 4 requests per minute |
Urlscan.io | Unlisted Scans are limited to 1000 requests per day and 60 requests per minute |
AbuseIPDB | All free accounts have a rate limit of 1000 reports and checks per day |
After downloading the repository and getting your API Keys, you need to configure the config.ini file before executing the script. Here is how to do that:
cd ./HookPhish
cd config
Then, you need to edit the config.ini file. Feel free to use your favorite text editor. As far as I'm concerned, I use Vim
vim config.ini
After properly configuring the API keys, you should be able to get more information using the -f/--file option followed by the config.ini file.
python3.x HookPhish.py -u url -f config.ini -v
- Virustotal check was added. You only need to specify the API key to use it.
- A Dockerfile was added in other to ease the deployment process of the tool.
- If you noticed any bugs, thanks to report here
- For any interesting idea, thanks to ping me at 0liverFlow