Spaces:
Sleeping
Sleeping
File size: 9,228 Bytes
dfd0230 df926fc dfd0230 f87482a dfd0230 df926fc dfd0230 f2a063d dfd0230 df926fc c1fba65 df926fc c1fba65 df926fc c1fba65 df926fc c1fba65 dfd0230 20d2b9d dfd0230 20d2b9d dfd0230 10401d2 dfd0230 20d2b9d dfd0230 20d2b9d dfd0230 915113d dfd0230 915113d dfd0230 915113d dfd0230 915113d dfd0230 915113d dfd0230 88159e7 dfd0230 7a5154e c1fba65 dfd0230 c1fba65 dfd0230 10401d2 20d2b9d c1fba65 20d2b9d df926fc 20d2b9d 7a5154e 20d2b9d f87482a 20d2b9d 10401d2 20d2b9d dfd0230 7a5154e c1fba65 ec8384e cdec7de 20d2b9d cdec7de df926fc ec8384e 20d2b9d ec8384e 20d2b9d ec8384e 20d2b9d ec8384e cdec7de 7a5154e | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 | import numpy as np
import pandas as pd
import re
import gradio as gr
import requests
import json
import xgboost as xgb
import joblib
from urllib.parse import urlparse
import base64
feature_names = joblib.load('feature_names.joblib')
non_numeric_columns = joblib.load('non_numeric_columns.joblib')
scaler = joblib.load('scaler.joblib')
label_encoders = {}
for col in non_numeric_columns:
try:
le = joblib.load(f'le_{col}.joblib')
label_encoders[col] = le
except:
pass
# Load XGBoost model
model = xgb.Booster()
model.load_model('xgboost_best_model.json')
# API
GOOGLE_API_KEY = "AIzaSyCmXigpl6t7MZyvq8Rv37XW_lZVCi0oMSM"
PHISHTANK_USER_AGENT = "phishtank/PHISH"
VIRUSTOTAL_API_KEY = "7c38bbc8b0f461b25b38d1cda16404fc8c3997c6b569a257707505759da7a996"
VIRUSTOTAL_BASE_URL = "https://www.virustotal.com/api/v3/"
vt_headers = {
"x-apikey": VIRUSTOTAL_API_KEY,
"Accept": "application/json"
}
def check_url_virustotal(target_url):
try:
url_id = base64.urlsafe_b64encode(target_url.encode()).decode().strip("=")
url = f"{VIRUSTOTAL_BASE_URL}urls/{url_id}"
response = requests.get(url, headers=vt_headers, timeout=10)
if response.status_code == 200:
data = response.json()
malicious_count = 0
phishing_keywords = ["phishing", "malicious"]
for vendor, result_data in data['data']['attributes']['last_analysis_results'].items():
if result_data['result'] and any(keyword in result_data['result'].lower() for keyword in phishing_keywords):
malicious_count += 1
if malicious_count >= 5:
return "Phishing"
else:
return "Legitimate"
else:
return "Legitimate"
except:
return "Legitimate"
def check_url_phishtank(url):
endpoint = "https://checkurl.phishtank.com/checkurl/"
payload = {"url": url, "format": "json"}
headers = {"User-Agent": PHISHTANK_USER_AGENT}
try:
response = requests.post(endpoint, data=payload, headers=headers, timeout=5)
response.raise_for_status()
data = response.json()
if data.get('results', {}).get('in_database', False) and data.get('results', {}).get('verified', False):
return "Phishing"
return "Legitimate"
except Exception as e:
return "Legitimate"
def check_url_safebrowsing(url):
endpoint = f"https://safebrowsing.googleapis.com/v4/threatMatches:find?key={GOOGLE_API_KEY}"
payload = {
"client": {"clientId": "PhishShield", "clientVersion": "1.0"},
"threatInfo": {
"threatTypes": ["MALWARE", "SOCIAL_ENGINEERING", "UNWANTED_SOFTWARE"],
"platformTypes": ["ANY_PLATFORM"],
"threatEntryTypes": ["URL"],
"threatEntries": [{"url": url}]
}
}
try:
response = requests.post(endpoint, json=payload, timeout=5)
response.raise_for_status()
data = response.json()
if "matches" in data:
return "Phishing"
return "Legitimate"
except Exception as e:
return "Legitimate"
def extract_features(url):
parsed = urlparse(url)
hostname = parsed.hostname if parsed.hostname else ''
path = parsed.path if parsed.path else ''
entropy = 0.0
if len(url) > 0:
for c in set(url):
p = url.count(c) / len(url)
entropy -= p * np.log2(p) if p > 0 else 0
features = {
"length_url": len(url),
"length_hostname": len(hostname),
"ip": 1 if any(char.isdigit() for char in hostname) else 0,
"nb_dots": url.count('.'),
"nb_hyphens": url.count('-'),
"nb_at": url.count('@'),
"nb_qm": url.count('?'),
"nb_and": url.count('&'),
"nb_or": url.count('|'),
"nb_eq": url.count('='),
"nb_underscore": url.count('_'),
"nb_tilde": url.count('~'),
"nb_percent": url.count('%'),
"nb_slash": url.count('/'),
"nb_star": url.count('*'),
"nb_colon": url.count(':'),
"nb_comma": url.count(','),
"nb_semicolumn": url.count(';'),
"nb_dollar": url.count('$'),
"nb_space": url.count(' '),
"nb_www": 1 if "www" in url else 0,
"nb_com": 1 if ".com" in url else 0,
"nb_dslash": url.count('//'),
"http_in_path": 1 if "http" in path else 0,
"https_token": 1 if "https" in url else 0,
"ratio_digits_url": sum(c.isdigit() for c in url) / len(url) if len(url) > 0 else 0,
"ratio_digits_host": sum(c.isdigit() for c in hostname) / len(hostname) if hostname else 0,
"punycode": 1 if re.search(r'xn--', url, re.IGNORECASE) else 0,
"port": parsed.port if parsed.port else 0,
"tld_in_path": 1 if any(tld in path for tld in ['.com', '.net', '.org', '.gov', '.edu']) else 0,
"tld_in_subdomain": 1 if any(tld in hostname for tld in ['.com', '.net', '.org', '.gov', '.edu']) else 0,
"abnormal_subdomain": 1 if len(hostname.split('.')) > 3 else 0,
"nb_subdomains": len(hostname.split('.')) - 1,
"prefix_suffix": 1 if url.startswith("www") else 0,
"shortening_service": 1 if any(short in url for short in ['bit.ly', 'goo.gl', 'tinyurl.com']) else 0,
"path_extension": 1 if any(ext in path for ext in ['.exe', '.zip', '.rar', '.tar', '.pdf']) else 0,
"length_words_raw": len(url.split()),
"char_repeat": len(set(url)),
"shortest_words_raw": min(len(word) for word in url.split()) if url.split() else 0,
"longest_words_raw": max(len(word) for word in url.split()) if url.split() else 0,
"shortest_word_host": min(len(word) for word in hostname.split('.')) if hostname else 0,
"longest_word_host": max(len(word) for word in hostname.split('.')) if hostname else 0,
"shortest_word_path": min(len(word) for word in path.split('/')) if path else 0,
"longest_word_path": max(len(word) for word in path.split('/')) if path else 0,
"avg_words_raw": np.mean([len(word) for word in url.split()]) if url.split() else 0,
"avg_word_host": np.mean([len(word) for word in hostname.split('.')]) if hostname else 0,
"avg_word_path": np.mean([len(word) for word in path.split('/')]) if path else 0,
"phish_hints": 1 if any(kw in url.lower() for kw in ['login', 'secure', 'verify', 'account']) else 0,
"domain_in_brand": 1 if 'apple' in hostname.lower() else 0,
"brand_in_subdomain": 1 if 'apple' in (hostname.split('.')[0] if hostname else '') else 0,
"brand_in_path": 1 if 'apple' in path.lower() else 0,
"suspicious_tld": 1 if hostname.endswith(('.xyz', '.top', '.club', '.gq', '.cf', '.tk')) else 0,
"entropy": entropy
}
return features
def predict_with_model(url):
try:
features = extract_features(url)
input_data = pd.DataFrame([features], columns=feature_names)
for col in non_numeric_columns:
if col in input_data.columns and col in label_encoders:
try:
input_data[col] = label_encoders[col].transform(input_data[col].astype(str))
except ValueError:
input_data[col] = len(label_encoders[col].classes_)
input_scaled = scaler.transform(input_data)
dmatrix = xgb.DMatrix(input_scaled)
phish_prob = model.predict(dmatrix)[0]
if phish_prob >= 0.95:
return "Phishing"
else:
return "Legitimate"
except Exception as e:
return "Legitimate"
def predict_url(url):
try:
if not url.startswith(("http://", "https://")):
url = "https://" + url
# Check VirusTotal
vt_result = check_url_virustotal(url)
if vt_result == "Phishing":
return "Phishing"
# Check PhishTank
pt_result = check_url_phis极
if pt_result == "Phishing":
return "Phishing"
# Check Google Safe Browsing
gsb_result = check_url_safebrowsing(url)
if gsb_result == "Phishing":
return "Phishing"
# If all three services return "Legitimate", return "Legitimate" without running the model
if vt_result == "Legitimate" and pt_result == "Legitimate" and gsb_result == "Legitimate":
return "Legitimate"
ml_result = predict_with_model(url)
return ml_result
except Exception as e:
return "Legitimate"
# Gradio Interface
interface = gr.Interface(
fn=predict_url,
inputs=gr.Textbox(label="Enter URL", placeholder="https://example.com"),
outputs=gr.Textbox(label="Result"),
title="Phishing URL Detector",
description="Check if a URL is phishing or legitimate",
examples=[
["https://www.apple.com"],
["https://login-facebook-secure.xyz/login.php"],
["https://bit.ly/suspicious-download"]
]
)
interface.launch(server_name="0.0.0.0", server_port=7860) |