Project

phisher

0.0
No commit activity in last 3 years
No release in over 3 years
Simple and extensible phishing detection gem
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

~> 1.0
~> 2.0.1
~> 3.12
 Project Readme

phisher

Simple and extensible phishing detection gem.

Usage

To install phisher gem:

gem install phisher

Checking urls for phishing

To check if a url is phishy simply call

phisher.verify("www.google.com")

verify will return a number from 0 to 1 indicating how safe is a url where 0 is completely safe and 1 is completely unsafe

Black and White lists

Phisher comes built in with black and white list phishing detection.

# You can use * wildcards
blacklist = ['foo.org/*', 'bar.com', 'baz.nz/*']
whitelist = ['google.com/*', 'facebook.com/*']

phisher = Phisher.new blacklist: blacklist, whitelist: whitelist

phisher.verify('google.com/whatever') # => 0
phisher.verify('foo.org/whatever') # => 1

Improving Phisher

Black/White lists are great but they do have drawbacks, namely they are not easily extensible. To improve Phisher's phishing detection capabilities you can add several custom algorithms to your Phisher instance as follows

# A list of fishing detection algorithms. Check the lib/algos folder for
# a list of all supported algorithms.
algos = [ SearchEngineAlgo.new 0.5, TwitterAlgo.new 0.5 ]
phisher = Phisher.new algos: algos

Phishing Algorithms

Phisher is extensible in the sense that you can supply an arbitrary number of phishing detection algorithms to customize your Phisher. Algorithms are supplied to a Phisher via the constructor's algos parameter. You must pass an array of Algo subclasses, and the weight of each Algo must add 1.

# You pass an array of algos.
array_of_algos = [SomeAlgo.new 0.5, SomeOtherAlgo.new 0.3, OtherAlgo.new 0.2]
Phisher.new algos: array_of_algos

An Algo is simply a class that takes a url as parameter and returns a number between 0 and 1 indicating the probability that the given url is phishy.

Available Algos

This is a short description of some implemented algos. Check the /lib/algos folder for an updated list of available Algos.

  • TwitterAlgo The twitter phishing detection algorithm is based on the assumption that reputable Twitter users and reputable tweets will not contain phishy urls. The algorithm works as follows:

    1. Let u be the url that will be classified
    2. serach for u in the twitter API.
    3. Obtain a list of tweets and for each tweet obtain the user that composed that tweet.
    4. Calculate some 'reputation' indicators (e.g. the average number of followers)
    5. Classify the tweet given the calculated reputation.
  • DuckDuckGoAlgo Will search for a url in the duck duck go search engine and use the search results to build a simple ML model. The model will be used to classify the url.

Implementing your own Algo

Implementing an algo is easy, you just need to subclass Algo and implement the risk(url) method. See Algo class's documentation for a detailed explanation.

Important

  • This gem does not come with training data, you must train the models yourself.
  • This gem is still in early ALPHA. Do not use for production. API might change without notice.

Contributing to phisher

  • Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet.
  • Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it.
  • Fork the project.
  • Start a feature/bugfix branch.
  • Commit and push until you are happy with your contribution.
  • Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
  • Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.

Copyright

Copyright (c) 2014 fhur. See LICENSE.txt for further details.