Cybersecurity awareness through automation.
PhishGuard CLI is a phishing detection and risk analysis tool built on Kali Linux using Python.
It analyzes a given URL and identifies common phishing indicators such as SSL issues, IP-based URLs, domain legitimacy, and basic domain metadata.
This project demonstrates how phishing detection logic can be automated using system-level security tools available in Kali Linux.
- SSL certificate validation (real-time handshake check)
- Detection of IP-based URLs
- WHOIS domain registration verification
- Domain age extraction from WHOIS data
- Registrar detection
- URL pattern-based anomaly scoring
- Suspicious TLD flagging
- Subdomain abuse detection
- Numeric trick detection (e.g., g00gle-style spoofing)
- Weighted modular risk scoring engine
- Structured CLI output (Ultra Edition mode)
- URL length analysis
- Special character density check
- Suspicious TLD identification
- Deep subdomain structure analysis
- Registrar extraction from WHOIS metadata
- SSL validation scoring
- Domain age-based trust modeling
- Transparent risk breakdown summary
The tool provides a final verdict:
- LOW RISK
- MEDIUM RISK
- HIGH RISK
Example scan:
⚡ PHISHGUARD CLI - ULTRA EDITION ⚡
Choose an option:
- Scan a website
- Phishing Awareness Demo
- Phishing Kit (Lab / Research)
Ctrl+C to Exit
Choice ➜ 1
Enter Target URL ➜ https://google.com
Scanning...
| Parameter | Result |
|---|---|
| SSL Secure | ✔ Yes |
| Using IP | No |
| WHOIS Registered | Yes |
| Domain Age | 28 years |
| Registrar | MarkMonitor Inc. |
| URL Pattern Score | 0 |
| SSL Risk Score | 0 |
| WHOIS Risk Score | 0 |
| Structure Score | 0 |
| Numeric Trick Score | 0 |
FINAL VERDICT ➜ LOW RISK
Output may vary depending on domain configuration, SSL status, and scoring parameters.
- Depending on configuration and enhancements, the tool may also display:
- Detailed risk breakdown table
- Weighted score contribution per module
- Pattern anomaly reasoning
- Awareness simulation output (Demo Mode)
- Python 3
- WHOIS (system tool)
- Socket library
- SSL module
- Subprocess automation
- Modular scanner architecture
rich(enhanced CLI visuals)- Colored terminal output
- Extended scoring modules
Clone the repository:
git clone https://github.com/Anamika0x/phishguard-cli.git
cd phishguard-cli
Install required dependency (Linux-based systems):
sudo apt install whois
If additional Python modules are required:
pip install -r requirements.txt
Run the tool:
python3 main.py
Enter a URL when prompted.
Example:
Enter URL: https://google.com
The tool will scan the URL and display a calculated risk verdict along with intermediate detection signals.
- Parses the input URL
- Extracts and normalizes the domain
- Performs SSL handshake validation
- Checks for raw IP usage
- Executes WHOIS lookup via system tool
- Extracts domain age & registrar
- Applies URL pattern heuristics
- Detects numeric substitution tricks
- Analyzes subdomain structure
- Calculates weighted risk score
- Displays structured verdict
The risk score increases if:
- SSL verification fails
- The URL uses a raw IP address
- WHOIS data is missing or domain is unregistered
- Domain age is extremely new
- Suspicious URL patterns are detected
- Excessive subdomains are present
- Numeric character spoofing is detected
Contributions are welcome.
You can contribute by:
- Improving detection heuristics
- Enhancing risk transparency
- Refactoring scanner modules
- Improving CLI UX
- Adding new security analysis techniques
Please open an issue before submitting major changes.
This tool is developed strictly for educational and cybersecurity awareness purposes only.
Do not use this project for malicious activities.
The maintainers are not responsible for misuse of this software.