Rahul1613/AI-POWERED-PHISHING-DETECTION-ENGINE-ENTERPRISE-ACTIVE

GitHub: Rahul1613/AI-POWERED-PHISHING-DETECTION-ENGINE-ENTERPRISE-ACTIVE

Stars: 1 | Forks: 0

# 🛡️ PhishGuard AI — AI-Powered Phishing Detection & Threat Intelligence Platform

![PhishGuard AI Banner](https://img.shields.io/badge/PhishGuard-AI-00f5ff?style=for-the-badge&labelColor=040810&color=00f5ff) ![React](https://img.shields.io/badge/React-19-61DAFB?style=for-the-badge&logo=react&logoColor=white&labelColor=040810) ![Node.js](https://img.shields.io/badge/Node.js-20+-339933?style=for-the-badge&logo=node.js&logoColor=white&labelColor=040810) ![Python](https://img.shields.io/badge/Python-3.9+-3776AB?style=for-the-badge&logo=python&logoColor=white&labelColor=040810) ![scikit-learn](https://img.shields.io/badge/scikit--learn-RF-F7931E?style=for-the-badge&logo=scikit-learn&logoColor=white&labelColor=040810) ![License](https://img.shields.io/badge/License-MIT-bf00ff?style=for-the-badge&labelColor=040810) **An industry-level, enterprise-grade cybersecurity web application combining Machine Learning classification, email header verification, and Threat Intelligence telemetry to analyze and mitigate phishing vectors.** [Technical Interview Guide](INTERVIEW_PREP.md) · [Report Threat IOC](#) · [Request Feature](#)

## 📸 Features Overview | Feature Module | Technical Focus | Tech Stack | |---|---|---| | 🌐 **URL Phishing Checker** | Lexical feature auditing, brand typosquatting checks, unicode homoglyph analysis | Regex, RDAP whois, ML Model | | 📧 **Email Threat Analyzer** | SMTP header audits (SPF/DKIM/DMARC alignments), NLP body urgency profiling | Express-validator, NLP rules | | 🗃️ **Threat Reputation Lookup** | Real-time IP, domain and hash checks against global feeds | VirusTotal, AbuseIPDB, PhishTank | | 🤖 **AI CyberGuard Assistant** | Context-aware incident analysis reports and remediation playbooks | Ollama + Qwen 2.5 | | 📊 **SOC Operations Center** | scrolling SIEM console logs, Recharts charts, geolocated threat maps | Zustand, Recharts | | 🧩 **Browser Extension Mock** | Manifest V3 background script tab updates interception concept | Chrome Extension APIs | ## 🏗️ Architecture Blueprint project-root/ ├── Dockerfile # Multi-stage production container setup ├── README.md # Core project documentation ├── INTERVIEW_PREP.md # SOC & AI Security interview guides ├── package.json # Project run control using concurrently │ ├── backend/ # Express.js REST API Server │ └── src/ │ ├── app.js # Route mounting and security configuration │ ├── controllers/ # Threat logic routing controllers │ │ ├── urlController.js │ │ ├── emailController.js │ │ ├── threatController.js │ │ ├── aiController.js │ │ └── analyticsController.js │ ├── routes/ # Express endpoint definitions │ ├── middleware/ # Helmet headers, rate limiters, logging │ ├── models/ # Mongoose threat history schema (Analysis.js) │ ├── services/ # Core computation algorithms │ │ ├── mlService.js # Child process wrapper + JS heuristics fallback │ │ ├── whoisService.js # RDAP domain age querying │ │ ├── threatIntelService.js # VirusTotal & AbuseIPDB client wrappers │ │ └── ollamaService.js # Local LLM interaction service │ └── ml/ # Machine Learning pipeline folder │ ├── train.py # Synthetic URL training script │ ├── predict.py # URL lexical inference parser │ ├── phishing_model.pkl # Trained Random Forest model parameters │ └── scaler.pkl # Standardized feature scaling coefficients │ └── frontend/ # Vite + React Client Dashboard └── src/ ├── components/ # Reusable visualization widgets │ ├── AIAssistant.jsx # Context-aware IR chatbot │ ├── BrowserExtensionConcept.jsx # Manifest V3 browser extension mockup │ └── MatrixBackground.jsx ├── pages/ # Route view handlers │ ├── Home.jsx # Typosquatting sandbox search homepage │ ├── UrlChecker.jsx # URL Risk Gauge deep scanning report │ ├── EmailAnalyzer.jsx # Email SPF/DKIM validation & NLP profile │ ├── ThreatIntel.jsx # Manual reputational search & IOC scrolling feed │ ├── Dashboard.jsx # SIEM scrolling logs & geolocation threat maps │ ├── About.jsx # Technology stack and MITRE ATT&CK mapping │ └── NotFound.jsx ├── store/ # Zustand persisted state manager (useStore.js) └── utils/ # Risk color configurations (helpers.js) ## 🚀 Quick Start Guide ### Prerequisites - **Node.js**: v20 or higher - **Python**: v3.9 or higher (for ML inference/training) - **Ollama**: Local install for Qwen2.5 execution (optional) ### Option A: Local Dev Setup #### 1. Setup Backend Dependencies & Train Model cd backend # Create Python virtual environment and install ML requirements python3 -m venv venv source venv/bin/activate pip install scikit-learn numpy joblib # Train the Random Forest Classifier python3 src/ml/train.py # Install Node backend libraries & start server npm install npm run dev # API starts on http://localhost:5001 #### 2. Setup Frontend Client cd ../frontend npm install npm run dev # Web application opens on http://localhost:5173 #### 3. (Optional) Run Local AI Model # Pull and serve model locally ollama pull qwen2.5 ollama serve ### Option B: Docker Ingestion (Unified Runner) To run the entire stack (Node, Python ML, trained classifiers, and served client dist) in a production sandbox: docker build -t phishguard-ai . docker run -p 5001:5001 --env-file=backend/.env phishguard-ai ## 📡 Core API Specifications | Method | Endpoint | Description | Payload Schema | |---|---|---|---| | `POST` | `/api/url/scan` | Submits URL for deep ML and Intel scans | `{"url": "http://paypal-verify-login.xyz"}` | | `POST` | `/api/email/analyze` | Checks headers and content NLP triggers | `{"headers": "...", "body": "...", "attachments": []}` | | `POST` | `/api/threat/lookup` | Manual VirusTotal/AbuseIPDB reputation query | `{"target": "185.220.101.44", "type": "ip"}` | | `GET` | `/api/threat/feed` | List global IOC scrolling feed indicators | — | | `GET` | `/api/analytics/stats` | Aggregates logs for Dashboard visual charts | — | | `POST` | `/api/ai/chat` | AI incident response chat advisor | `{"message": "...", "context": "..."}` | ## 🔒 Implemented Security Protections - **Failsafe ML Fallback**: If Python is missing from the environment, the server switches to a native **Node.js Heuristics Classifier** that mimics the Random Forest decision tree parameters. - **OWASP HTTP Controls (helmet.js)**: Configures strict Content Security Policy directives, forces HSTS over SSL, blocks clickjacking frame options, and blocks MIME sniffing. - **IP Rate Limiting**: express-rate-limit bounds scanner requests to 100 per 15 minutes per IP to prevent service exhaustion. - **Payload Security**: Limits input JSON body payloads to `10kb` to prevent buffer overflow/denial of service. ## 🎓 Resume & Portfolio Highlights Copy and paste these bullet points to highlight your cybersecurity and software engineering achievements: - **End-to-End Security Architecture**: Built a full-stack AI-Powered Phishing Detection platform (PhishGuard AI) utilizing React, Node.js Express, Python, and MongoDB Atlas. - **Machine Learning Classification**: Trained a Scikit-Learn Random Forest Classifier on URL lexical features (subdomain depth, TLD reputation, digit ratios), reaching high classification accuracy. - **Failsafe System Design**: Engineered a hybrid backend system incorporating child process spawning for Python ML scripts and a native Javascript heuristic fallback classifier, achieving 100% service availability. - **Threat Intelligence Integrations**: Interfaced API endpoints with VirusTotal, AbuseIPDB, PhishTank, and RDAP domain registration records to aggregate multi-source threat telemetry. - **Generative AI Workflows**: Constructed prompt engineering frameworks connecting local Ollama + Qwen LLM servers to automate context-aware incident report generation. - **Modern SOC Visualization**: Designed a dynamic security operation center panel featuring Framer Motion, Recharts charts, geolocated SVG maps, and scrolling SIEM console alerts.

标签：自定义脚本