Inspiration
Phishr was inspired by the recent rise in phishing attacks experienced by members of the hack team. False emails from people impersonating legitimate services such as PayPal and Amazon have even tripped some of us up, leading to financial losses, or even worse.
What it does
Phishr sends out emails pretending to be legitimate web services to user-specified targets, and asks the user to sign in or download files, presumably from a legitimate party. These emails, however, are filled with several false flags and hopeful giveaways that the sender is not who they say they are, in hopes the user will properly report the email to their organisation's IT or Network Security team. Should the user click on or download any files provided by Phishr, they are redirected to a harmless page explaining the false flags they should have seen, what could happen if they had legitimately fallen for a phishing attack, and what they can do to protect themselves in the future.
How I built it
Phishr was build on the Electron framework, using nodemailer, for the email portion. The application UI is written in simple HTML and CSS, and the back-end heavy-lifting part of the application is written in Node.js.
Challenges I ran into
The team ran into several challenges developing this project, especially considering none of us had ever used Electron before, and some of us hadn't even used Node.js! We quickly picked up on the nuances of the languages, and were able to quickly throw together a small interactive demo of what our software could theoretically do at version 1.0.
Accomplishments that I'm proud of
The team as a whole, and myself especially, are proud of our learning of Node.js, and I'm especially even more proud of how quickly I picked up on Electron. I feel more confident and more strong in my grasp of languages after this hack, and I can say with confidence I'd happily continue working on this project into the future.
What I learned
I learned the ins and outs of Electron, and got infinitely more familiar with Node.js. and got more confident with working with versioning systems - specifically, Git.
What's next for Phishr
In the next days for Phishr, I'd personally love to fully implement all its functionality, including the dynamic phish generation module. A lot of planned features were stripped due to limitations of the software and time constraints, and it may be worth exploring implementing Phishr as a stand-alone website, instead of a desktop application, as we move closer to version 1.0, and implementing call-home features into the 'Gotcha!' pages, so Administrators and IT Security teams can be alerted when their staff fall for these harmless phishes.
Log in or sign up for Devpost to join the conversation.