emalderson/thephish
An automated phishing email analysis tool that extracts observables, integrates with TheHive/Cortex/MISP, and calculates verdicts.
What is emalderson/thephish?
ThePhish is an automated phishing email analysis tool that processes suspicious emails forwarded by users. It extracts observables like URLs and domains, analyzes them using integrated security platforms (TheHive, Cortex, MISP), and provides a verdict to help security teams respond quickly. It automates the tedious parts of phishing investigation, reducing manual effort.
Security analysts, SOC teams, and IT security professionals who need to process and analyze phishing emails at scale. It's ideal for organizations using or willing to deploy TheHive, Cortex, and MISP in their security operations.
Developers choose ThePhish because it provides a complete, open-source automation pipeline for phishing analysis, integrates seamlessly with popular security tools, and offers a user-friendly web interface. It reduces analysis time and ensures consistent processes compared to manual methods.
Overview
ThePhish: an automated phishing email analysis tool
Use Cases
Best For
- Automating the triage and analysis of phishing emails reported by employees
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
