Back to Projects

SecureTraining Phishing Platform

Tech Stack
Python · Django · Celery · PostgreSQL · Chart.js
Repo

Problem Statement

In the modern threat landscape, the "Human Element" remains the weakest link. Firewalls cannot stop an employee from voluntarily handing over credentials.

Organizations often lack a controlled, measurable way to test their employees' susceptibility to social engineering without relying on expensive, generic third-party SaaS solutions. SecureTraining was built to bridge this gap, providing a customizable, multi-tenant platform to run safe phishing simulations and measure the "Human Firewall."

Architecture & Workflow

The application was architected as a Multi-Tenant System, allowing multiple departments or client organizations to coexist on a single deployment with strict data isolation.

The Attack Lifecycle

The platform automates the full lifecycle of a simulated attack:

  1. Campaign Orchestration: Administrators select templates and upload target lists (CSV/Excel).
  2. Asynchronous Dispatch: To handle large target lists without blocking the UI, the system uses Celery workers to queue and send emails via SMTP.
  3. Tracking Mechanism: Each email contains a unique, encoded identifier (UUID).
  4. Behavioral Capture: When a user clicks, the system captures the event timestamp, user agent, and IP before redirecting.

The Admin Dashboard showing real-time campaign analytics and click-through ratesThe Admin Dashboard showing real-time campaign analytics and click-through rates

Technical Highlights

1. Multi-Tenant Data Isolation

We implemented a robust permission system using django-allauth and custom decorators. This ensures that an administrator from "Company A" can never access the employee lists or campaign results of "Company B," despite sharing the same underlying database schema.

2. Real-Time Visualization

Instead of static reports, we utilized Chart.js to render live analytics. Administrators can watch a campaign unfold in real-time, identifying high-risk departments or individuals who require immediate intervention.

Realistic Phishing Email Template ExampleRealistic Phishing Email Template Example

3. Immediate Feedback Loop (Teachable Moments)

The critical component of this platform is education, not just detection. Upon clicking a simulated link, the user is immediately redirected to a "Teachable Moment" landing page.

This page deconstructs the specific email they just clicked, highlighting the Red Flags they missed (e.g., mismatched sender URL, urgency cues).

Educational Landing Page for users who failed the simulationEducational Landing Page for users who failed the simulation

Technology Stack

The project prioritized stability and rapid development:

  • Backend: Python & Django (for robust ORM and security features).
  • Task Queue: Celery & Redis (for handling bulk email dispatch asynchronously).
  • Database: SQLite (Dev) / PostgreSQL (Prod).
  • Frontend: Django Templates injected with Chart.js for visualization.

Project Status & Credits

Note: This is a collaborative project developed by a team of three. The source code is currently private to protect proprietary training modules.

The Team:

  • Sohan Kanna (Tech Lead & Backend Architecture)
  • Sujan (Frontend & Visualization)
  • Vishwas Adhikari (Database & Content)