Phishing attacks evolve. So do we

Security analysis that
goes beyond a single
phishing verdict.

AI Phishing Detector brings together URL scanning, batch triage, attack classification, zero-day structural analysis, campaign clustering, visual brand detection, reporting workflows, Hook assistant guidance, extension protection, and learning tools in one project. Crazy right.

Open the Platform Read the Docs Explore Features
37+
Model features used in URL scoring and explanation.
99.2
Reported project accuracy from saved evaluation metrics.
2000
Held-out samples referenced by the evaluation artifacts.
Platform Coverage
Single URL Scan Evidence + verdict
Batch Checker 100 URLs per run
Advanced Research Heatmap · Zero-day · Clustering
Hook Assistant Inline guidance + guardian alerts
Browser Extension Live DOM protection
Learning Mode Simulation + awareness
Recommended Entry Point

Pick the workflow based on what you have: one link, a suspicious email, a large URL list, or a page that already looks visually wrong.

Start with the URL Scanner Best for a single suspicious link that needs a fast answer and an investigation path.
What's inside

Core Product Areas

🔗
Scan URL

Single-link scanning with base verdict, confidence, attack type, evidence, and an investigation drawer for deeper review.

Open scanner
📦
Batch Checker

Bulk review for pasted lists or text files, including drilldown, export, and per-row investigation.

Open batch checker
📧
Email Analyzer

Header and content review for authentication failures, sender mismatch, social engineering, and phishing clues.

Open email analyzer
💬
Scam Detector

Message-focused analysis for SMS, chat, and social-engineering text where the link may be embedded in the message itself.

Open scam detector
🗺️
Risk Heatmap

Feature-level visualization that shows why a link looks safe, suspicious, or dangerous.

Open heatmap
🛡️
Zero-Day Detection

Structural heuristics that help catch novel phishing URLs before blacklist-style systems know about them.

Open zero-day
🧬
Campaign Clustering

Correlates suspicious URLs to reveal coordinated infrastructure, repeat kits, and campaign-level patterns.

Open clustering
👁️
Visual Detect

Brand and page-structure matching for phishing pages that look wrong even when the URL alone is not enough.

Open visual detect
🚩
Auto Report

Drafted and confirmation-based reporting workflow for forwarding confirmed phishing URLs to reporting targets.

Open auto report
🔑
Breach Check

Password exposure checking with privacy-preserving k-anonymity handling and strength guidance.

Open breach check
🧩
Coming Soon
Browser Extension

Companion extension for live DOM scanning, form interception, and immediate protection in the browsing workflow.

Open extension page
🪝
Hook Assistant

Embedded assistant and guardian layer that can analyze URLs inline, detect user intent, surface page-risk alerts, and move users into the right workflow.

Read Hook docs
🧪
Simulate Attack and Learning

Awareness training and red-flag learning through interactive simulations that connect detections to user education.

Open learning mode
How the project fits together
Detection layer Scanner, batch checker, email analyzer, and scam detector provide the first answer.
Research layer Heatmap, clustering, zero-day, and visual checks deepen the investigation only when needed.
Protection layer Hook guidance, the browser extension, and manual reporting flow help move from analysis to action.
Learning layer Simulation and awareness features help users understand how attacks are built.
Recommended paths
If you have one suspicious link, start with Scan URL.
If you have many URLs, start with Batch Checker.
If the page looks suspicious visually, follow with Visual Detect.
If you need infrastructure context, move to Campaign Clustering.
If the link is brand new, add Zero-Day Detection.
If the issue is user awareness, use Simulate Attack and Learning.
Architecture

Enterprise-Grade Defense

The "Consensus Engine"
ML Model (30%) 37 statistical features (entropy, digit ratios) providing a fast, structural signal.
LLM Reasoning (50%) Using Groq (Llama 3.3) to analyze typosquatting and brand impersonation like a human forensics expert.
Heuristics (20%) Rule-based intelligence for immediate red flags. This tiered approach catches "Zero Day" attacks.
Feature Engineering & Security
No "Keyword Crutches" Uses Shannon Entropy and Structural Focus (path depth, TLD reputation) rather than simple keyword matching.
The "Hook" AI Assistant Intent detection and proactive "Guardian" mode turn a floating chat widget into a command center.
Enterprise-Grade Security Hardened Flask (CSRF, Rate limiting), JWT Identity Management, and strict Extension Security.
Project recommendations

Use the public website to understand the system first, then enter through the workflow that matches your problem. For project readers, the best sequence is Features, Docs, About, Terms, and Privacy. For active use, the best sequence is Scanner, Investigation, Advanced Checks, then Reporting only after confirmation.

View all features Read how it works Project background Terms Privacy