Published on

A Simple SMS Bot to Check for Malicious URLs

Like most people these days, I receive a lot of suspicious text messages, some that are obviously phishing attempts and a few that look quite legitimate.

After spending 5 years working at cybersecurity companies, I know better than to click on these suspicious links. Still, I thought it would be useful to have a simple way to determine if these links are in fact legitimate without having to actually click the link or copy and paste it into a a separate tool.

I've long had an interest in SMS bots as a way to build tools and utilities that are accessible from anywhere through an interface anyone can use. And so I took my frusturation from getting bombarded with sketchy text messages as an opportunity to build such a tool.

I quickly spun up a proof of concept in a few hours back in February, but in typical fashion, I had a lot of ideas I wanted to add before going live. I thought it would be useful for the bot to return a screenshot of the webpage, as well as a defanged final URL if the link is a redirect, as phishing links often are.

Additionally, wouldn't it be quite useful to look up the WhoIs information of the domain, along with details on the phone number the text was sent from like the local area code location and carrier? In short order, I had a laundry list of features I wanted to add, and never ended up releasing the project.

Until now. Tired of not shipping, I decided to just add the screenshot functionality and release the project on GitHub with the minimal amount of detail needed for someone to clone the repo and run their own instance of the bot.

You can find the repo on GitHub.

image info