PhishBait — AI-Powered Spear Phishing Simulations

APP DEPLOYED AT: https://markrz0.dev

See how attackers see your company. PhishBait uses OSINT + LLM to generate hyper-realistic, personalized phishing simulations for security awareness training.

Quick Start

Prerequisites

• Python 3.12+
• uv (Python package manager)
• Node.js 22+
• Docker (for PostgreSQL)

Backend

cd backend

# Start PostgreSQL
docker compose up -d

# Install dependencies
uv sync

# Configure environment
cp .env.example .env
# Edit .env and add your ANTHROPIC_API_KEY

# Run the server
uv run uvicorn app.main:app --reload --port 8000

Frontend

cd frontend

# Install dependencies
npm install

# Configure environment
cp .env.local.example .env.local

# Run the dev server
npm run dev

Demo

1. Open http://localhost:3000
2. Enter any email in the "Attack Me" field
3. Watch the OSINT profile + personalized phishing email appear

Full Campaign Flow

1. Go to Dashboard > Employees > Upload CSV (use seed/mock_employees.csv)
2. Click "Collect All OSINT" to scan employees
3. Go to Campaigns > New Campaign
4. Select a goal and target employees
5. Generate emails (AI) > Send Campaign
6. Check results in the campaign dashboard

Tech Stack

• Frontend: Next.js 14 + Tailwind CSS + shadcn/ui
• Backend: Python FastAPI + SQLAlchemy + PostgreSQL
• LLM: Claude API (Anthropic)
• OSINT: Mock collectors (LinkedIn, Google, company news) + real (GitHub, HIBP)