What is Phishalytics?

Phishalytics is a measurement infrastructure system I built to research phishing and malware attacks on Twitter during my PhD at Royal Holloway, University of London. Phishalytics is written in Python code and stores data in a structured database (such as MySQL, PostgreSQL, etc). See the design architecture page for details. Research outputs from Phishalytics have been published internationally and won multiple awards (see publications).

The codebase for Phishalytics is available on GitHub (see code). A summary of my PhD thesis is described on the thesis page. Key research projects I undertook that used Phishalytics are described on the research projects page. My thesis, and research papers relating to Phishalytics, can be accessed from the publications page.


Phishalytics is designed to perform the following core functionalities:


Interacting with Phishalytics is via an SSH connection in a terminal window. The server-side interface uses GNU Screen. The Screenshot below shows Phishalytics during one of our measurement studies. The layout consists of 18 windows; 16 small and 2 large. The two larger windows display a development area and the system monitor (htop command showing CPU and RAM usage, top processes, etc).

The 16 smaller windows in the above screenshot, labelled s1 to s16, show the following: