PHISH-Detector: An Intelligent Phishing Email Detection System Based on Machine Learning

A Flask application that combines text analysis, OCR screenshot recognition, and machine learning models to help users identify phishing email threats, providing risk scores and safe/phishing classification predictions.

• Original Author/Maintainer: Sangramp09
• Source Platform: GitHub
• Original Project Name: PHISH-Detector
• Original Link: https://github.com/Sangramp09/PHISH-Detector
• Release Date: 2026-06-01

---

Phishing attacks are among the most common and destructive threats in the field of cybersecurity. Attackers send fraudulent emails by impersonating trusted entities, inducing users to leak sensitive information, download malware, or perform dangerous operations. According to statistics, over 90% of cyberattacks start with phishing emails, and ordinary users often find it difficult to identify carefully designed phishing content with the naked eye.

Traditional email security solutions mainly rely on rule engines and blacklists, which struggle to cope with evolving attack methods. With the development of AI technology, machine learning-based detection systems can learn the deep features of phishing emails and identify threat patterns that are hard to detect with traditional methods. PHISH-Detector is exactly such an open-source project for practical applications.

---

PHISH-Detector (also known as MailGuard AI) is a web application developed based on the Python Flask framework, focusing on intelligent detection of phishing emails. The system integrates multiple technical methods: text content analysis, screenshot OCR recognition, and machine learning models built with Scikit-Learn, ultimately outputting risk scores and safe/phishing classification prediction results.

The core goal of the project is to provide a lightweight, easy-to-deploy phishing detection tool that can serve as both a personal security protection layer and a supplementary component for enterprise security infrastructure.

---

The uniqueness of PHISH-Detector lies in its support for two input methods:

Text Analysis: Users can directly paste email content, and the system will extract text features (such as keywords, URL patterns, language style, etc.) for analysis.

Screenshot OCR Scanning: For scenarios where text cannot be directly copied (e.g., mobile email clients), users can upload email screenshots. The system extracts text content via the Tesseract OCR engine before performing detection. This design greatly expands the applicable scenarios of the tool.

The system backend uses Scikit-Learn to build classification models. Although the project documentation does not detail the specific model architecture, typical phishing detection systems usually:

• Feature Engineering: Extract URL features (domain age, SSL certificate status), text features (urgency vocabulary, spelling error rate), structural features (HTML tag distribution, link density), etc.
• Model Training: Train binary classification models (such as Random Forest, SVM, or Gradient Boosting Trees) using labeled phishing/normal email datasets.
• Risk Scoring: Output probability values as risk scores to assist users in judging the threat level.

The Flask-based web interface provides an intuitive operation experience. Users can select the input method on the homepage, and after submission, the system will display detection results including:

• Safe/phishing classification prediction
• Risk score (quantifies the threat level)
• Detection details (helps users understand the basis for judgment)

---

The technology stack adopted by the project reflects a pragmatic choice:

Component	Technology	Role
Backend Framework	Python Flask	Web services and API routing
Machine Learning	Scikit-Learn	Feature extraction and classification models
OCR Engine	Tesseract	Screenshot text recognition
Frontend	HTML/CSS	User interface

This lightweight architecture allows the project to be easily deployed in local environments or small servers without complex dependency management.

---