How to Scan Websites for Phishing Threats and Malicious Content in PHP

Malicious URLs are frequently used in phishing attacks to steal user credentials, and they’re also used to remotely download malware onto a user’s system.

Using the below code, we can take advantage of a free API that checks URLs for malicious content and threats, including both malware and phishing threats. With a free API key, we can process up to 800 URLs per month with no commitment (our API call total will reset the following month once we reach our limit).

First, we need to install the SDK. We can install the PHP client using Composer by executing the below command from the command line:

composer require cloudmersive/cloudmersive_virusscan_api_client

Next, we can use the below code to call the function.

<?php
require_once(__DIR__ . '/vendor/autoload.php');

// Configure API key authorization: Apikey
$config = Swagger\Client\Configuration::getDefaultConfiguration()->setApiKey('Apikey', 'YOUR_API_KEY');



$apiInstance = new Swagger\Client\Api\ScanApi(
    
    
    new GuzzleHttp\Client(),
    $config
);
$input = new \Swagger\Client\Model\WebsiteScanRequest(); // \Swagger\Client\Model\WebsiteScanRequest | 

try {
    $result = $apiInstance->scanWebsite($input);
    print_r($result);
} catch (Exception $e) {
    echo 'Exception when calling ScanApi->scanWebsite: ', $e->getMessage(), PHP_EOL;
}
?>

After we enter our API key in the appropriate snippet, we can pass in our URL string following the below JSON example:

{
  "Url": "string"
}

Now we can more easily defend our web applications against malicious URLs.