🛡️ AntiPhish - Advanced Phishing Detection Platform

A comprehensive AI-powered web application designed to detect phishing websites and messages, featuring real-time security analysis, intelligent chatbot assistance, and user-friendly interfaces.

🌟 Features

🔍 Core Security Features

• URL Security Scanner - AI-powered analysis of URLs for phishing, malware, and security threats
• Text Analysis - Detection of phishing indicators in emails, messages, and text content
• QR Code Scanner - Scan QR codes directly from your camera to check URLs
• Domain Age Checker - Verify domain registration age and legitimacy
• Google Safe Browsing Integration - Leverage Google's threat intelligence database
• AI-Powered Analysis - GPT-4o-mini with LangChain for detailed security assessments

🤖 Intelligent Features

• Security AI Chatbot - RAG-powered assistant for security guidance and best practices
• Scan History - Automatic tracking of all security checks (session-based, no registration required)
• User Profile - View scan statistics and history without authentication
• Risk Level Visualization - Clear categorization (Safe, Suspicious, Phishing)

🔒 Security & Protection

• SSRF Protection - Prevents server-side request forgery attacks
• Rate Limiting - Redis-based request throttling
• JWT Authentication - Secure token-based auth (optional feature)
• Input Validation - Comprehensive security checks on all inputs

🏗️ Architecture

Tech Stack

Backend:

• Framework: FastAPI (Python 3.11+)
• AI/ML: LangChain, OpenAI GPT-4o-mini, LightGBM
• Database: PostgreSQL 16 with SQLAlchemy 2.0
• Cache: Redis 7
• Storage: MinIO (S3-compatible)
• Migration: Alembic

Frontend:

• Framework: Next.js 14 (App Router, React Server Components)
• Language: TypeScript
• Styling: TailwindCSS
• UI Components: shadcn/ui
• State Management: TanStack Query
• Forms: React Hook Form + Zod validation
• QR Scanner: html5-qrcode

Infrastructure:

• Containerization: Docker & Docker Compose
• Reverse Proxy: Nginx (production)
• CI/CD: GitHub Actions (planned)

🚀 Quick Start

Prerequisites

• Docker & Docker Compose
• Git
• OpenAI API Key (for AI features)
• Google Safe Browsing API Key (optional, for enhanced security)

Installation

1. Clone the repository

git clone https://github.com/abylsliam44/antiphising.git
cd antiphising

2. Configure environment variables

# Backend environment
cp backend/.env.example backend/.env

# Edit backend/.env and add:
# - OPENAI_API_KEY=your_openai_api_key
# - GOOGLE_SAFE_BROWSING_API_KEY=your_google_api_key (optional)
# - DATABASE_URL=postgresql+psycopg://postgres:postgres@db:5432/phishing
# - REDIS_URL=redis://redis:6379/0

3. Start the application

docker-compose up -d

4. Apply database migrations

docker-compose exec api python -m alembic upgrade head

5. Access the application

• Frontend: http://localhost:3005
• Backend API: http://localhost:8005
• API Documentation: http://localhost:8005/docs

Development Setup

Backend:

cd backend
python -m venv venv
source venv/bin/activate  # or `venv\Scripts\activate` on Windows
pip install -r requirements.txt
uvicorn app.main:app --reload --port 8000

Frontend:

cd frontend
npm install
npm run dev

📖 Usage

URL Security Check

1. Navigate to http://localhost:3005/scan-url
2. Enter a URL or scan a QR code
3. View detailed security analysis including:
   • Risk score (0-100)
   • AI-powered threat assessment
   • Domain age and registration info
   • Content and URL structure analysis
   • Recommendations

View Scan History

1. Navigate to http://localhost:3005/profile
2. View all your previous scans
3. Check statistics (total scans, safe/suspicious/phishing counts)
4. Click on any scan to view detailed results

AI Security Assistant

1. Navigate to http://localhost:3005/chat
2. Ask questions about cybersecurity, phishing, or safe browsing
3. Get instant AI-powered responses with source citations

🗄️ Database

Connection Details (Development)

• Host: localhost:5545
• Database: phishing
• Username: postgres
• Password: postgres

Tables

• users - User accounts (for future authentication)
• scan_results - All security scan results with session tracking

Migrations

# Create a new migration
docker-compose exec api python -m alembic revision --autogenerate -m "description"

# Apply migrations
docker-compose exec api python -m alembic upgrade head

# Rollback migration
docker-compose exec api python -m alembic downgrade -1

🔌 API Endpoints

Health & Status

• GET /health - API health check
• GET /db-health - Database connection status

Security Scanning

• POST /api/scan - Scan URL or text for threats

  {
    "url": "https://example.com"  // or "text": "message content"
  }

Chat

• POST /api/chat - Interact with AI security assistant

  {
    "message": "How can I identify phishing emails?"
  }

History

• GET /api/history?page=1&page_size=20 - Get scan history
• GET /api/history/stats - Get scan statistics

Authentication (Optional)

• POST /api/auth/register - Register new user
• POST /api/auth/login - Login and get JWT token

🎨 UI/UX Design

Design Principles

• Minimalistic & Modern - Clean interface with soft shadows and rounded corners
• Risk-Level Colors - Green (safe), Yellow/Orange (suspicious), Red (phishing)
• Responsive Design - Mobile-first approach, works on all screen sizes
• Accessibility - WCAG compliant with keyboard navigation and ARIA roles
• Animations - Smooth transitions and micro-interactions
• Dark Mode - Built-in theme toggle (planned)

Key Components

• Risk Gauge - Visual representation of threat level
• Detailed Analysis Cards - AI insights, domain info, content analysis
• Interactive Chat - Conversational AI interface with source citations
• History Dashboard - Comprehensive view of all security checks

🔐 Security Features

SSRF Protection

• Blocks requests to private IP ranges (RFC1918)
• Prevents access to link-local addresses (169.254.0.0/16)
• Blocks cloud metadata endpoints
• Denies localhost and internal network access

Input Validation

• URL format validation
• SQL injection prevention
• XSS protection
• CSRF tokens (for authenticated requests)

Rate Limiting

• Redis-based rate limiting
• Configurable limits per endpoint
• IP-based throttling

📊 Monitoring & Logging

• Application Logs - Structured logging with log levels
• Database Queries - SQLAlchemy query logging
• API Metrics - Request/response times, error rates
• Health Checks - Automated health monitoring

🧪 Testing

# Backend tests
cd backend
pytest

# Frontend tests
cd frontend
npm test

# E2E tests
npm run test:e2e

📦 Deployment

Production with Docker Compose

docker-compose -f docker-compose.prod.yml up -d

Environment Variables (Production)

• Set DEBUG=False
• Use strong SECRET_KEY
• Configure CORS for production domains
• Enable HTTPS/SSL certificates
• Set up backup strategies for PostgreSQL

🤝 Contributing

Contributions are welcome! Please follow these steps:

1. Fork the repository
2. Create a feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request

📝 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙏 Acknowledgments

• OpenAI - GPT-4o-mini API for AI-powered analysis
• Google - Safe Browsing API for threat intelligence
• FastAPI - Modern Python web framework
• Next.js - React framework for production
• shadcn/ui - Beautiful UI components
• LangChain - Framework for LLM applications

📧 Contact

• GitHub: @abylsliam44
• Project Link: https://github.com/abylsliam44/antiphising

🗺️ Roadmap

• Multi-language support (EN, RU, KZ)
• Email integration for automatic phishing detection
• Browser extension
• Mobile application
• Advanced ML models for text analysis
• Screenshot capture and visual analysis
• Domain reputation scoring
• Integration with threat intelligence feeds
• User authentication and accounts
• Export reports (PDF, JSON, CSV)
• Webhook notifications
• API rate limiting per user
• Advanced analytics dashboard

---

⚠️ Disclaimer: This tool is designed to assist in identifying potential security threats but should not be the sole basis for security decisions. Always exercise caution when dealing with suspicious URLs or messages.

Made with ❤️ for a safer internet