Skip to content

Detect Phishing Websites with the power of Artificial Intelligence (AI)

Notifications You must be signed in to change notification settings

Team-ByteWise/wiseshield-ai

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

84 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

WiseShield Ai

Description

WiseShield AI is a comprehensive security solution designed to safeguard users from phishing attacks. The project integrates a Flask API server powered by Machine Learning, a Chrome extension, and a website developed using React and Tailwind CSS. The Chrome extension detects sensitive fields such as Username and Password on websites and sends the site's URL and content to the backend server. The backend server, using a pre-trained model, checks if the site is legitimate or not by comparing it with known legitimate sites. If the site is identified as fake, the extension warns the user and redirects them to the legitimate site.

Installation

Automated Installation (for direct testing)

  1. Clone the repository using the following command:

    git clone https://github.com/Team-ByteWise/wiseshield-ai.git
  2. Navigate to the project directory:

    cd wiseshield-ai
  3. Run the following command to run automated install:

    For Windows (Powershell):

    Set-ExecutionPolicy Bypass -Scope Process -Force; .\run.ps1

    For Linux:

    chmod +x run.sh
    ./run.sh

The script will install the required dependencies and start the backend server, frontend website, serve some phishing websites for test and open a chrome window with the extension pre installed with phishing sites and their legitimate versions for testing.

Manual Installation

Backend (Flask Server)

  1. Navigate to the backend directory:

    cd backend
  2. Create a Python Virtual Environment:

    python -m venv venv
  3. Activate the Virtual Environment:

    For Windows (Poweshell):

    .\venv\Scripts\activate.ps1

    For Linux:

    source venv/bin/activate
  4. Install the required dependencies:

    pip install -r requirements.txt
  5. Start the Flask server:

    python main.py

Frontend (Website)

  1. Navigate to the frontend directory:

    cd frontend
  2. Install the required dependencies:

    npm install
  3. Start the development server:

    npm run dev

Phishing Websites (FOR TESTING PURPOSES ONLY)

  1. Navigate to the evilginx directory:

    cd evilginx
  2. Download evilginx:

    For Windows (Powershell):

    Invoke-WebRequest -Uri "https://github.com/kgretzky/evilginx2/releases/download/v3.3.0/evilginx-v3.3.0-windows-64bit.zip" -OutFile "evilginx.zip"

    For Linux:

    wget https://github.com/kgretzky/evilginx2/releases/download/v3.3.0/evilginx-v3.3.0-linux-64bit.zip -O evilginx.zip
  3. Extract the downloaded file:

    For Windows (Powershell):

    Expand-Archive -Path "evilginx.zip" -DestinationPath "." -Force

    For Linux:

    unzip evilginx.zip
  4. Start the evilginx server:

    For Windows (Powershell):

    .\evilginx.exe -developer -c .

    For Linux:

    ./evilginx -developer -c .

Chrome Extension

  1. Navigate to the extension directory:

    cd extension
  2. Install the required dependencies:

    npm install
  3. Build the extension:

    npm run build
  4. Load the extension in Chrome:

    • Open Chrome and navigate to chrome://extensions/
    • Enable Developer Mode
    • Click on Load unpacked and select the build directory inside the extension directory

Now you can visit the following phishing sites to test the extension:

Usage

  1. Install all the required components using the automated or manual installation steps.
  2. Visit the phishing sites mentioned above to test the extension.
  3. As soon as you visit the phishing sites, the extension will detect it and redirect you to a warning page.
  4. You can click on the Go to the real site button on the warning page to redirect to the legitimate site.

Disclaimer

This project is for educational purposes only. The phishing sites are hosted locally and are not accessible to the public. The phishing sites are only for testing the extension and backend server. The phishing sites are not intended to be used for malicious purposes.

Third Party Resources Used

Third Party Libraries Used

Frontend

Backend

Chrome Extension