WhoDAT is a GUI-based cybersecurity tool for nerds.
Analyze emails, URLs, headers, IPs, and attachments for threats--using free APIs like VirusTotal, Google Safe Browsing, URLScan, and Hybrid Analysis.
Download the portable executable version here!
Analyze URLs, email addresses, and IP addresses to reveal their threat level:
- Website Analysis: Search if a website is a known malicious site and take a secure screenshot using URLScan.io.
- Email Analysis: Verifies if email domains are free, disposable, or associated with suspicious activity.
- URL Analysis: Scans URLs to detect malware, phishing attempts, and suspicious redirects.
- IP Address Analysis: Checks if an IP address has been associated with previous malicious activity.
- WHOIS Data: Retrieves WHOIS information for domains to confirm registration dates, geographical origins, and other key details.
Uncover security issues hidden in email headers:
- IP Address Analysis: Extracts originating IPs and determines their geographic and ISP origins. IP addresses from outside the US are flagged (I'm American - edit the code to change noob).
- SPF, DKIM, and DMARC: Validates authentication records to detect spoofing attempts.
- Intermediary Hop Analysis: Identifies intermediate servers through header inspection.
Detect phishing and other sus language in email content:
- Content Analysis: Scans for urgency cues, suspicious language, and embedded links.
- OpenAI Integration: Uses AI to provide a classification score and risk assessment based on content indicators.
Ensure attachments are safe before opening:
- File Scanning: Uploads files to VirusTotal and Hybrid Analysis to see if malicious or sus.
- Real-Time Reports: Displays detailed findings from VirusTotal and Hybrid Analysis, including detection by antivirus engines and potential threat levels.
Ensure you have Python 3.6+ installed. Install dependencies via:
pip install -r requirements.txtAPI Keys are NOT required but will limit the usefulness considerably. They are free. Don't be lazy. You can skip the OpenAI API if you don't want AI analysis.
WhoDAT requires API keys from several services. All are FREE (except openai but its like a penny). Add your keys in config/config.ini under the relevant sections:
NOTE: config/config.ini MUST be in the same directory as whodat.py/whodat.exe.
WhoDAT(Python)/
├── whodat.py
├── utils.py
├── gui.py
├── analysis.py
├── api.py
├── config.py
└── config/
└── config.ini
WhoDAT(Portable Executable)/
├── whodat.exe
└── config/
└── config.ini
Run the Application: Start WhoDAT from the command line with:
python whodat.pySelect Analysis Type: Choose a tab for the type of analysis you want to perform:
- Domain Analyzer: Enter email or URL for analysis.
- Header Analyzer: Paste email headers for validation.
- Sentiment Analyzer: Paste email content to assess phishing risk.
- Attachment Analyzer: Upload files for malware analysis. Interpret Results: Results are presented with color-coded risk indicators, making it easy to assess threat levels at a glance.
- config.py Manages API keys and retrieves credentials from a configuration file.
- gui.py Implements the PyQt5-based GUI, providing a structured interface for each analysis type.
- utils.py Utility functions for URL defanging, email obfuscation, and data formatting.
- whodat.py Main application entry point, initializing the GUI.
- analysis.py Core analysis logic, with background threads handling various tasks such as WHOIS checks, header parsing.
- api.py Manages API requests to external services (VirusTotal, URLScan, Safe Browsing, OpenAI) and processes responses.