PhishGuard — URL Threat Analyzer

README

🛡️ PhishGuard

A real-time, client-side URL threat analyzer that detects phishing, typosquatting, and suspicious links using 11 heuristic checks — with zero APIs, zero server calls, and zero data leaving your browser.

No API Required 100% Client-Side Vanilla JS v2.0 MIT License

📌 About

PhishGuard analyzes URLs using a weighted heuristic scoring engine. Each URL is passed through 11 security checks — from HTTPS verification to brand impersonation detection. The total score (0–100) determines the verdict: Likely Safe, Suspicious, or Phishing Risk.

No external calls are ever made. Everything runs locally in the browser, making it instant and completely private.

📁 File Structure

PhishGuard/ └── index.html ← Entire app (HTML + CSS + JS, self-contained)

Single-file architecture. No build step, no dependencies, no package.json. Drop it anywhere and open it.

⚡ Features

11-Point Heuristics

Covers structure, patterns, keywords, and known abuse vectors.

Risk Score 0–100

Weighted scoring system with animated SVG ring indicator.

Brand Impersonation

Detects typosquat variants of PayPal, Google, Amazon, and more.

Legit Domain Bonus

Known good domains get a −30 score reduction to cut false positives.

Zero Dependencies

Pure HTML/CSS/JS. No npm, no frameworks, no external scripts.

Fully Offline

Works without internet (after font load). Your URLs go nowhere.

🔍 Security Checks (11 Heuristics)

#	Check	Severity	Weight
1	HTTPS Protocol	HIGH	20 pts
2	IP Address in URL	HIGH	25 pts
3	URL Length (>75 chars)	MED	10 pts
4	@ Symbol in URL	HIGH	15 pts
5	Subdomain Depth (>2)	MED	15 pts
6	Suspicious Keywords	MED	15 pts
7	Hyphens in Domain (≥2)	LOW	10 pts
8	Suspicious TLD	MED	15 pts
9	Brand Impersonation	HIGH	25 pts
10	Redirect Indicators	MED	10 pts
11	Known Legit Domain Bonus	LOW	−30 pts

📊 Verdict System

Score	Verdict	Meaning
0 – 25	LIKELY SAFE	Low risk — URL appears legitimate
26 – 55	SUSPICIOUS	Some red flags — proceed with caution
56 – 100	PHISHING RISK	High confidence threat — do not visit

🚀 How to Use

Paste a URL in the Analyzer tab

Type or paste any URL into the input field. Use the example chips to try built-in test cases.

Click Analyze or press Enter

PhishGuard runs all 11 checks instantly — no network requests, no waiting.

Read the risk score and verdict

The animated ring shows your 0–100 score. The verdict card gives the final judgment.

Review detailed check results

Each of the 11 checks shows PASS / HIGH / MED with a plain-English explanation.

🧱 Tech Stack

HTML5 CSS3 Vanilla JavaScript Share Tech Mono Syne (Google Fonts) No frameworks No APIs

🌐 Deployment

PhishGuard is a single index.html file. Deploy it anywhere static hosting is supported:

# GitHub Pages (already live) https://anamv007.github.io/PhishGuard/ # Or run locally — just open the file open index.html

⚠️ Limitations

PhishGuard uses heuristic analysis only — it cannot query DNS, check SSL certificates, WHOIS data, or live threat feeds. A "Likely Safe" verdict is not a guarantee. Always verify suspicious links through multiple sources before visiting.

👤 Author

Built by Anam — BCA student, aspiring Cloud Security Engineer, and self-taught ethical hacker.
// GitHub: github.com/anamv007