PhishyScan Anti-Phishing API

PhishyScan is an Anti-Phishing “Detective”

View Setup Instructions

PhishyScan was made with one intention: to easily detect phishing scams. PhishyScan’s technology was created to rid the frustrations that users have had as they’ve been scammed on the Internet. After listening to countless stories and analyzing how people were tricked, PhishyScan was created.

What is Phishing?

From Wikipedia: "Phishing is a form of social engineering and scam where attackers deceive people into revealing sensitive information[1] or installing malware such as ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim.[2] As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of computer crime.[3]" -- Phishing - Wikipedia

How does PhishyScan Work?

PhishyScan's API uses three levels of detection for scanning phishing data.

Once JSON data is posted to the /Scan endpoint, if there are no service or network issues, one of the following three results should be returned in a JSON request's '“result” property:

  • passed - this indicates that no phishing was detected by the API.
  • warn - this indicates the API detected some suspicious data in the post, via analysis.
  • failed - either the user’s email was reported as phishing or the user has submitted actual links reported for phishing within the message.

PhishyScan Isn't Just for Emails

While PhishyScan is great at detecting email phishing scams, it is also for:
  • Social network phishing posts and comments.
  • General website phishing scams.
  • Instant message phishing scams.

PhishyScan API is Now on RapidAPI.com as a Public Preview:

Official RapidAPI Page: https://rapidapi.com/yottanext-yottanext-default/api/phishyscan-api

To get started, you'll need to register for a RapidAPI key: Sign Up | API Hub - Free Public & Open Rest APIs | Rapid (rapidapi.com)
Once registered with RapidAPI.com, please refer to the official Readme on usage instructions: How To Use the API with Free API Key | RapidAPI (the readme also includes a section at the end to use a Linux shell to test the API out, easily.)

Please note: this is currently a preview release of our technology. While PhishyScan uses modern security practices, the API should only be used for testing purposes, with non-sensitive data submissions at this time. No personal information (such as the contents of confidential emails) should be submitted to the API scanning server during this preview.

Official PhishyScan Scanning Clients

PhishyScan’s official, open-source command-line phishing scanner email client, PhishyScanConsole is now on our official GitHub repo (current version: 0.3.0 Alpha Prerelease)

  1. Grab a key for free on our RapidAPI.com page (we currently allow up to 150 scans per day on our free plan). Link: PhishyScan API API Documentation (yottanext-yottanext-default) | RapidAPI
  2. After downloading "phishyscan-console-v0.3.0-alpha" and extracting it, fill in the "config.ini" file with valid data for an IMAP email server and set the RapidAPI.com key (the RapidAPI key is obtained from the link above).
  3. Run "PhishyScanConsole.exe" from the terminal to start scanning an email folder on a server.

There are also a number of options, within the terminal (some of these will override the defaults in "config.ini" on an as-use basis.)

  • An official thunderbird client for PhishyScan is planned in the near fututre.

Published by on November 18, 2023