Skip to content

WhoDAT is an InfoSec Analyzer for Nerds using VirusTotal, Google Safe Browsing, URLScan, Hybrid-Analysis, and OpenAI. Scan URLs, emails, headers, and attachments for malicious activity!

Notifications You must be signed in to change notification settings

calinux-py/WhoDAT

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

69 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Banner Image

WhoDAT Logo WhoDAT - InfoSec Analyzer for Nerds

WhoDAT is a GUI-based cybersecurity tool for nerds.

Analyze emails, URLs, headers, IPs, and attachments for threats--using free APIs like VirusTotal, Google Safe Browsing, URLScan, and Hybrid Analysis.

Windows Python OpenAI VirusTotal Hybrid Analysis Google Safe Browsing URLScan

WhoDAT

Download the portable executable version here!

Features

🌐 Domain Analyzer

Analyze URLs, email addresses, and IP addresses to reveal their threat level:

  • Website Analysis: Search if a website is a known malicious site and take a secure screenshot using URLScan.io.
  • Email Analysis: Verifies if email domains are free, disposable, or associated with suspicious activity.
  • URL Analysis: Scans URLs to detect malware, phishing attempts, and suspicious redirects.
  • IP Address Analysis: Checks if an IP address has been associated with previous malicious activity.
  • WHOIS Data: Retrieves WHOIS information for domains to confirm registration dates, geographical origins, and other key details.
  • DMARC Analysis: Check if an email has been potentially spoofed.

📨 Header Analyzer

Uncover security issues hidden in email headers:

  • IP Address Analysis: Extracts originating IPs and determines their geographic and ISP origins. IP addresses from outside the US are flagged (I'm American - edit the code to change noob).
  • SPF, DKIM, and DMARC: Validates authentication records to detect spoofing attempts.
  • Intermediary Hop Analysis: Identifies intermediate servers through header inspection.

🔍 Sentiment Analyzer

Detect phishing and other sus language in email content:

  • Content Analysis: Scans for urgency cues, suspicious language, and embedded links.
  • OpenAI Integration: Uses AI to provide a classification score and risk assessment based on content indicators.

📎 Attachment Analyzer

Ensure attachments are safe before opening:

  • File Scanning: Uploads files to VirusTotal and Hybrid Analysis to see if malicious or sus.
  • Real-Time Reports: Displays detailed findings from VirusTotal and Hybrid Analysis, including detection by antivirus engines and potential threat levels.

Getting Started

Prerequisites

Ensure you have Python 3.6+ installed. Install dependencies via:

pip install -r requirements.txt

API Keys

API Keys are NOT required but will limit the usefulness considerably. They are free. Don't be lazy. You can skip the OpenAI API if you don't want AI analysis.

WhoDAT uses API keys from several services. All are FREE (except openai but its like a penny). Add your keys in config/config.ini under the relevant sections:

NOTE: config/config.ini MUST be in the same directory as whodat.py/whodat.exe.

WhoDAT(Python)/
├── whodat.py
├── utils.py
├── gui.py
├── analysis.py
├── api.py
├── config.py
└── config/
    └── config.ini

WhoDAT(Portable Executable)/
├── whodat.exe
└── config/
    └── config.ini

Usage

Download the Python script or download the portable executable version.

Start the .exe or run whodat.py using Python.

python whodat.py

Select Analysis Type: Choose a tab for the type of analysis you want to perform:

  1. Domain Analyzer: Enter email or URL for analysis.
  2. Header Analyzer: Paste email headers for validation.
  3. Sentiment Analyzer: Paste email content to assess phishing risk.
  4. Attachment Analyzer: Upload files for malware analysis. Interpret Results: Results are presented with color-coded risk indicators, making it easy to assess threat levels at a glance.

File Overview

File Description

  • config.py Manages API keys and retrieves credentials from a configuration file.
  • gui.py Implements the PyQt5-based GUI, providing a structured interface for each analysis type.
  • utils.py Utility functions for URL defanging, email obfuscation, and data formatting.
  • whodat.py Main application entry point, initializing the GUI.
  • analysis.py Core analysis logic, with background threads handling various tasks such as WHOIS checks, header parsing.
  • api.py Manages API requests to external services (VirusTotal, URLScan, Safe Browsing, OpenAI) and processes responses.

WhoDAT