Phishnet

Phishnet is a small, modular URL proxy framework focused on detecting and blocking phishing and other unsafe URLs. It also contains several ready to use frontends and filters.

Comment

Inspiration

Phishing remains one of the most persistent and costly cybersecurity threats today. Attackers constantly evolve their tactics, making it harder for individuals and companies to defend themselves. We wanted to build a lightweight, developer-friendly framework that makes experimenting with phishing detection strategies easy — something modular enough to plug into different contexts, from command-line tools to browser extensions. That led us to create Phishnet as a flexible phishing detection proxy, and later expand it into GuardWhale, a server backend to integrate with real-world clients like a Chrome extension.

What it does

Phishnet is a Go-based modular URL proxy framework that detects and blocks unsafe links, with filters that can be chained together. Filters can be regex-based, use third-party APIs (like Google Safe Browsing or PhishTank), or even call generative AI for classification. GuardWhale builds on top of Phishnet, exposing its detection pipeline via HTTP and gRPC APIs, making it easy to integrate phishing detection into external systems — in our case, a custom Chrome extension that actively checks URLs as users browse.

How we built it

  • Core framework (Phishnet): We designed a filter-oriented architecture inspired by Envoy’s modular system. Each filter implements a simple interface (Configure, Run) and can be registered and chained.
  • Detection strategies: We implemented regex matching, Google Safe Browsing lookups, PhishTank dataset checks, and a generative AI-based filter.
  • Runtime & DSL: Built a small runtime (fishnet/) with a parser for configuring filter chains.
  • UI: Added a minimal UI to visualize results locally.
  • GuardWhale: Wrapped Phishnet inside an HTTP & gRPC server to act as a backend. This powers our Chrome extension, letting it query GuardWhale for phishing checks in real time.

Challenges we ran into

  • Handling API rate limits and credential management for external services like Google Safe Browsing.
  • Keeping performance lightweight while loading datasets like PhishTank.
  • Designing a flexible filter API without overengineering it.
  • Building GuardWhale’s server layer so it integrates smoothly with the Chrome extension.

Accomplishments that we're proud of

  • Creating a plug-and-play phishing detection framework in Go that’s both modular and hackable.
  • Successfully integrating multiple detection strategies (regex, API, dataset, generative model).
  • Expanding the project into GuardWhale, a networked backend that bridges Phishnet with a live Chrome extension.
  • Building everything in a short timeframe, while keeping the system clean and extensible.

What we learned

  • How to design modular frameworks where different detection methods can be easily tested and swapped.
  • The tradeoffs between rule-based detection (fast but brittle) and AI-powered classification (flexible but costly).
  • The importance of usability — developers and users are more likely to adopt tools if they’re easy to configure and extend.
  • How to connect local detection logic with real-world applications through gRPC and browser extensions.

What's next for Phishnet

  • More filters: Add ML-based classifiers, DNS-based reputation checks, and heuristic analysis filters.
  • Better datasets: Automate updates from PhishTank and other open threat feeds.
  • Deployment: Package GuardWhale for containerized deployment (Docker/Kubernetes) so teams can run it at scale.
  • Browser integration: Improve the Chrome extension UI and expand support to Firefox.
  • Testing & reliability: Add test coverage, CI/CD pipelines, and benchmarks.
  • Community filters: Encourage developers to contribute their own detection strategies to the Phishnet ecosystem.
Share this project:

Updates