Skip to main content

Prerequisites

Before you begin, make sure you have:
  • Node.js 20+ installed on your machine
  • An Upstash account with a Redis database (upstash.com)
  • A Google Safe Browsing API key from the Google Cloud Console

Setup

1

Clone the repository

git clone https://github.com/joey727/Phisherman.git
cd Phisherman
2

Install dependencies

npm install
3

Configure environment variables

Create a .env file in the project root and add the following variables:
.env
UPSTASH_REDIS_REST_URL=https://your-upstash-endpoint.upstash.io
UPSTASH_REDIS_REST_TOKEN=your_upstash_token
GOOGLE_SAFE_API_KEY=your_google_safe_browsing_key
VariableDescription
UPSTASH_REDIS_REST_URLThe REST URL for your Upstash Redis database
UPSTASH_REDIS_REST_TOKENThe authentication token for your Upstash Redis database
GOOGLE_SAFE_API_KEYYour Google Safe Browsing API key
You can find UPSTASH_REDIS_REST_URL and UPSTASH_REDIS_REST_TOKEN on your database page in the Upstash Console.
4

Start the server

npm run dev
The server listens on port 4000 by default. To use a different port, set the PORT environment variable (e.g., PORT=8080).
5

Make your first check

With the server running, send a POST request to /api/check with the URL you want to analyze:
curl -X POST http://localhost:4000/api/check \
  -H "Content-Type: application/json" \
  -d '{"url": "http://example.com"}'
You should receive a response like this:
{
  "url": "http://example.com",
  "score": 10,
  "verdict": "safe",
  "reasons": ["URL is not HTTPS"],
  "executionTimeMs": {
    "heuristics": 52,
    "openphish": 8,
    "google_safe_browsing": 145,
    "urlhaus": 6,
    "phishtank": 9,
    "phishstats": 11
  }
}
FieldTypeDescription
urlstringThe URL that was analyzed
scorenumberRisk score from 0 to 100
verdictstring"safe", "suspicious", or "phishing"
reasonsstring[]List of reasons that contributed to the score
executionTimeMsobjectTime taken by each checker in milliseconds

Build docs developers (and LLMs) love

Get started for freeTalk to us