Presented at BlackHat USA 2024 Arsenal
First of all, clone the repo :)
The quicker way, as (almost) always, is to run a Docker.
You can use the one I uploaded to Docker Hub to quickly start:
docker run -it -p 8080:8080 --name looksphishy guardio/looksphishy_imageYou can also build your own Docker image by running (or if the above image is not accessible):
docker-compose upNow browse to http://localhost:8080, and you should have the server up.
Moreover, this Docker image can be easily deployed to a cloud service, App Service (Azure), or Elastic Beanstalk (AWS). Enjoy :)
To run the UI, just:
streamlit run app.pyFor the CLI, you can run the following command:
python app.pyOn Mac, Chromedriver can be installed with:
brew install chromedriverLooksPhishy is brand-oriented. If you want to block any phishing imitating Facebook, for example, you need to do two things:
- Add some screenshots of the login pages/landing pages of Facebook in the folder
static/brands/Facebook. - Compute the embedding of those images with the script
src/prepare_embedding.py.
That's it! You can now block any phishing imitating Facebook. Repeat step 1 for any brand and then just run step 2 once.
There are three kinds of models.
They are stored under src/models/embedding. Some are open-source, and some require a paid subscription. The goal of the model is to take an image and convert it into a vector (embedding). This vector is then compared with the brand store to see if it resembles one of the images.
You can add your own model by following these steps:
- Inherit from
src/models/embedding/embedding.py. - Give your model a name in the class with the
nameattribute. - Add it into
src/models/embedding/__init__.pyfollowing the format of the other models.
This automatically creates a new model in the UI as well!
These models are used to get the category of the phishing website. They are stored under src/models/llm.
You can follow the same steps as for the embedding model to add your own model (just adapt it to the llm folder).
To get started with Llama3 LLM, follow these steps:
- Visit the Ollama GitHub repository.
- Download the Ollama package.
- Run the following command to download Llama3:
ollama run llama3.
Sometimes, getting the different logos of the website can be useful. They are stored under src/models/logo_detection.
You can follow the same steps as for the embedding model to add your own model (just adapt it to the logo_detection folder).
This code is maintained. You are welcome to ask any questions directly on GitHub. We will try to answer as quickly as possible.
We also invite you to contribute to this open source project. Add your models, improve the UI, or fix bugs. It can be done via a pull request. More details on how to create a pull request here. Please provide basic tests with your code.
Adding tests protects your code but also explains them to others. Make sure the project has at least 70% coverage. To check the coverage, pip install these two packages:
pip install coverage
pip install coverage-badgeand run from the main directory:
coverage run -m pytest
coverage report -m --omit="*/test*" # optional - to see the coverage without including tests
coverage-badge -o test/coverage.svg -f # this will create the coverage badge loaded in the READMEAuthor: Jordan Garzon and Omer Yanovich
from Guardio
____________
--)-----------|____________|
,' ,'
-)------======== ,' ____ ,'
`. `. ,' ,'__ ,'
`. `. ,' ,'
`. `._,'_______,'__
[._ _| ^-- || |
____,...-----|__________ll_|\
,.,..-------""""" "----' ||
.-"" |=========================== ______________ |
"-...l_______________________ | |' || |_]
[`-.|__________ll_| Enjoy
,' ,' `. `.
,' ,' `. ____`.
-)---------======== `. `.____`.
`. `.
`.________`.
--)-------------|___________|