NotTheVibe Lite

Inspiration

In today's digital landscape, AI-generated phishing websites are becoming increasingly sophisticated and difficult to detect. Traditional security tools often miss subtle patterns that indicate malicious intent. We were inspired to create NotTheVibe Lite after witnessing the rise of AI-generated scam sites that can fool even experienced users with their realistic appearance and convincing content.

What it does

• NotTheVibe Lite is a comprehensive security analysis tool that detects suspicious AI-generated scam/phishing websites through advanced pattern recognition and behavioral analysis. The tool performs deep analysis of websites including:
• Domain Analysis: WHOIS lookups, TLS certificate age, Wayback Machine history
• Content Analysis: Suspicious keyword detection, meta tag analysis, heading structure
• Form Analysis: Password form detection, action mismatch identification, suspicious patterns
• Link Analysis: External link tracking, suspicious link text patterns
• Behavioral Analysis: Popup/redirect detection, iframe analysis
• Resource Analysis: External host counting, CDN detection
• The tool generates comprehensive risk scores (0.0-1.0) and creates interactive HTML reports with visualizations, charts, and detailed breakdowns.

How we built it

Tech Stack: Node.js 18+ - Runtime environment Puppeteer - Headless Chrome automation for screenshots and DOM analysis Cheerio - Server-side jQuery for DOM parsing and content analysis Express.js - REST API server for integration Chart.js - Interactive data visualization WHOIS-JSON - Domain registration data lookup

Architecture: Core Scanner (scan.js) - CLI tool that performs comprehensive website analysis API Server (server.js) - REST API for integration with other tools Visualizer (visualizer.js) - Generates interactive HTML reports with charts Scoring Engine - Multi-factor risk assessment algorithm

Key Features: Full-page screenshot capture Real-time risk assessment with LOW/MEDIUM/HIGH categorization Interactive HTML reports with responsive design Comprehensive JSON output with 50+ data points REST API for Chrome extension integration Graceful error handling and fallback mechanisms

Challenges we ran into

• TLS Certificate Analysis: Many modern websites use CDNs and reverse proxies, making direct TLS certificate analysis challenging. We solved this by implementing fallback mechanisms and focusing on certificate age rather than exact hostname matching.
• Anti-Bot Detection: Some websites block automated access. We implemented proper user agents, request headers, and timeout handling to minimize detection.
• Performance Optimization: Puppeteer can be resource-intensive. We optimized by implementing proper browser cleanup, connection pooling, and efficient DOM parsing.
• Scoring Algorithm: Creating an accurate scoring system that balances false positives and false negatives was challenging. We iteratively refined the algorithm based on testing with various legitimate and suspicious sites.
• Visualization Design: Creating meaningful and intuitive visualizations for complex security data required careful UX design and Chart.js integration.

Accomplishments that we're proud of

• Comprehensive Analysis: Successfully implemented 10+ different analysis categories
• Interactive Reports: Created beautiful, responsive HTML reports with real-time visualizations
• Production-Ready Code: Implemented proper error handling, logging, and cleanup mechanisms
• API Integration: Built a robust REST API that can be integrated with Chrome extensions
• Accurate Scoring: Developed a sophisticated scoring algorithm that effectively identifies suspicious patterns
• User Experience: Created an intuitive CLI and API interface with clear documentation

What we learned

• Web Security Patterns: Deep understanding of how phishing sites differ from legitimate websites
• Browser Automation: Advanced techniques for web scraping and DOM analysis with Puppeteer
• Data Visualization: Effective ways to present complex security data in an understandable format
• API Design: Best practices for building REST APIs with proper error handling and documentation
• Risk Assessment: How to balance multiple risk factors into a single, meaningful score

What's next for NotTheVibe Lite

Short-term: Fix minor server API bug for production deployment Add more sophisticated ML-based pattern detection Implement batch processing for multiple URLs Add Chrome extension integration

Medium-term: Machine learning model training on known phishing datasets Real-time monitoring and alerting system Integration with threat intelligence feeds Mobile app for on-the-go scanning

Long-term: Community-driven threat intelligence platform Integration with enterprise security tools Advanced behavioral analysis using AI/ML Global phishing site database and sharing platfor

Built With

• chart.js
• cheerio
• express.js
• node.js
• puppeteer
• whois-json