import gradio as gr import pytesseract from PIL import Image from transformers import pipeline import re from langdetect import detect from deep_translator import GoogleTranslator import openai import os import requests import json # Set your OpenAI API key openai.api_key = os.getenv("OPENAI_API_KEY") # Retrieve Google Safe Browsing API key from environment SAFE_BROWSING_API_KEY = os.getenv("GOOGLE_SAFE_BROWSING_API_KEY") SAFE_BROWSING_URL = "https://safebrowsing.googleapis.com/v4/threatMatches:find" # Translator instance translator = GoogleTranslator(source="auto", target="es") # 1. Load separate keywords for SMiShing and Other Scam (assumed in English) with open("smishing_keywords.txt", "r", encoding="utf-8") as f: SMISHING_KEYWORDS = [line.strip().lower() for line in f if line.strip()] with open("other_scam_keywords.txt", "r", encoding="utf-8") as f: OTHER_SCAM_KEYWORDS = [line.strip().lower() for line in f if line.strip()] # 2. Zero-Shot Classification Pipeline model_name = "joeddav/xlm-roberta-large-xnli" classifier = pipeline("zero-shot-classification", model=model_name) CANDIDATE_LABELS = ["SMiShing", "Other Scam", "Legitimate"] def check_urls_with_google_safebrowsing(urls): """ Debug-enabled version of Google Safe Browsing check: - Prints payload and response to help troubleshoot issues. Returns a dict {url: bool is_malicious}. If the API key is missing or error occurs, returns {url: False}. """ result = {} if not SAFE_BROWSING_API_KEY: print("No GOOGLE_SAFE_BROWSING_API_KEY found. Returning all URLs as safe.") for u in urls: result[u] = False return result threat_entries = [{"url": u} for u in urls] payload = { "client": { "clientId": "my-smishing-detector", "clientVersion": "1.0" }, "threatInfo": { "threatTypes": [ "MALWARE", "SOCIAL_ENGINEERING", "UNWANTED_SOFTWARE", "POTENTIALLY_HARMFUL_APPLICATION" ], "platformTypes": ["ANY_PLATFORM"], "threatEntryTypes": ["URL"], "threatEntries": threat_entries } } print("---- Safe Browsing Debug ----") print("REQUEST Endpoint:", SAFE_BROWSING_URL) print("API Key:", SAFE_BROWSING_API_KEY) print("REQUEST Payload (JSON):") print(json.dumps(payload, indent=2)) try: resp = requests.post( SAFE_BROWSING_URL, params={"key": SAFE_BROWSING_API_KEY}, json=payload, timeout=10 ) print("RESPONSE Status Code:", resp.status_code) try: data = resp.json() print("RESPONSE JSON:") print(json.dumps(data, indent=2)) except Exception as parse_err: print("Error parsing response as JSON:", parse_err) data = {} malicious_urls = set() if "matches" in data: for match in data["matches"]: threat_url = match.get("threat", {}).get("url") if threat_url: malicious_urls.add(threat_url) for u in urls: result[u] = (u in malicious_urls) except Exception as e: print(f"Error contacting Safe Browsing API: {e}") for u in urls: result[u] = False print("RESULTS (url -> malicious):", result) print("---- End Debug ----\n") return result def get_keywords_by_language(text: str): """ Detect language using langdetect and translate keywords if needed. """ snippet = text[:200] try: detected_lang = detect(snippet) except Exception: detected_lang = "en" if detected_lang == "es": smishing_in_spanish = [ translator.translate(kw).lower() for kw in SMISHING_KEYWORDS ] other_scam_in_spanish = [ translator.translate(kw).lower() for kw in OTHER_SCAM_KEYWORDS ] return smishing_in_spanish, other_scam_in_spanish, "es" else: return SMISHING_KEYWORDS, OTHER_SCAM_KEYWORDS, "en" def boost_probabilities(probabilities: dict, text: str): """ Boost probabilities based on keyword matches, presence of URLs, and Google Safe Browsing checks. """ lower_text = text.lower() smishing_keywords, other_scam_keywords, detected_lang = get_keywords_by_language(text) smishing_count = sum(1 for kw in smishing_keywords if kw in lower_text) other_scam_count = sum(1 for kw in other_scam_keywords if kw in lower_text) smishing_boost = 0.30 * smishing_count other_scam_boost = 0.30 * other_scam_count # More robust URL pattern found_urls = re.findall( r"(https?://[^\s]+|\b[a-zA-Z0-9.-]+\.(?:com|net|org|edu|gov|mil|io|ai|co|info|biz|us|uk|de|fr|es|ru|jp|cn|in|au|ca|br|mx|it|nl|se|no|fi|ch|pl|kr|vn|id|tw|sg|hk)\b)", lower_text ) if found_urls: smishing_boost += 0.35 p_smishing = probabilities.get("SMiShing", 0.0) p_other_scam = probabilities.get("Other Scam", 0.0) p_legit = probabilities.get("Legitimate", 1.0) p_smishing += smishing_boost p_other_scam += other_scam_boost p_legit -= (smishing_boost + other_scam_boost) # Preliminary clamp & normalization p_smishing = max(p_smishing, 0.0) p_other_scam = max(p_other_scam, 0.0) p_legit = max(p_legit, 0.0) total = p_smishing + p_other_scam + p_legit if total > 0: p_smishing /= total p_other_scam /= total p_legit /= total else: p_smishing, p_other_scam, p_legit = 0.0, 0.0, 1.0 # **Now** check Safe Browsing (with debug prints) sb_results = {} if found_urls: sb_results = check_urls_with_google_safebrowsing(found_urls) # If any malicious => set p_smishing=1.0 if any(sb_results[u] for u in sb_results): p_smishing = 1.0 p_other_scam = 0.0 p_legit = 0.0 return { "SMiShing": p_smishing, "Other Scam": p_other_scam, "Legitimate": p_legit, "detected_lang": detected_lang, "found_urls": found_urls, "safe_browsing_results": sb_results } def smishing_detector(input_type, text, image): """ Main detection function combining text (if 'Text') & OCR (if 'Screenshot'), and debugging logs for Safe Browsing calls. """ if input_type == "Text": combined_text = text.strip() if text else "" else: combined_text = "" if image is not None: combined_text = pytesseract.image_to_string(image, lang="spa+eng").strip() if not combined_text: return { "text_used_for_classification": "(none)", "label": "No text provided", "confidence": 0.0, "keywords_found": [], "urls_found": [], "safe_browsing_results": {}, } # 1. Local zero-shot classification local_result = classifier( sequences=combined_text, candidate_labels=CANDIDATE_LABELS, hypothesis_template="This message is {}." ) original_probs = {k: float(v) for k, v in zip(local_result["labels"], local_result["scores"])} # 2. Boost with keywords, URLs, and Safe Browsing checks boosted_dict = boost_probabilities(original_probs, combined_text) detected_lang = boosted_dict.pop("detected_lang", "en") sb_results = boosted_dict.pop("safe_browsing_results", {}) found_urls = boosted_dict.pop("found_urls", []) for k in boosted_dict: boosted_dict[k] = float(boosted_dict[k]) final_label = max(boosted_dict, key=boosted_dict.get) final_confidence = round(boosted_dict[final_label], 3) return { "detected_language": detected_lang, "text_used_for_classification": combined_text, "original_probabilities": {k: round(v, 3) for k, v in original_probs.items()}, "boosted_probabilities": {k: round(v, 3) for k, v in boosted_dict.items()}, "label": final_label, "confidence": final_confidence, "urls_found": found_urls, "safe_browsing_results": sb_results } # # Gradio interface with dynamic visibility # def toggle_inputs(choice): if choice == "Text": return gr.update(visible=True), gr.update(visible=False) else: return gr.update(visible=False), gr.update(visible=True) with gr.Blocks() as demo: gr.Markdown("## SMiShing & Scam Detector with Debug-Enabled Safe Browsing") with gr.Row(): input_type = gr.Radio( choices=["Text", "Screenshot"], value="Text", label="Choose Input Type" ) text_input = gr.Textbox( lines=3, label="Paste Suspicious SMS Text", placeholder="Type or paste the message here...", visible=True ) image_input = gr.Image( type="pil", label="Upload Screenshot", visible=False ) input_type.change( fn=toggle_inputs, inputs=input_type, outputs=[text_input, image_input], queue=False ) analyze_btn = gr.Button("Classify") output_json = gr.JSON(label="Result") analyze_btn.click( fn=smishing_detector, inputs=[input_type, text_input, image_input], outputs=output_json ) if __name__ == "__main__": if not openai.api_key: print("WARNING: OPENAI_API_KEY not set. LLM calls may fail.") if not SAFE_BROWSING_API_KEY: print("WARNING: GOOGLE_SAFE_BROWSING_API_KEY not set. All URLs returned as safe.") demo.launch()