Phishing Analysis Platform

Detect phishing.
Before it strikes.

Kyburn detonates suspicious emails and URLs in isolation, extracts indicators of compromise, and delivers structured threat reports — in seconds.

Start Free How it works
$ kyburn analyze --url "http://27.44.147.199:60780/i"
→ following redirect chain ... 1 hop
→ detonating in sandbox container ...
→ drive-by download detected: i.zip
→ running reputation engine ... 4 signals fired
verdict MALICIOUS score 100 iocs 2
Submissions Analyzed
Threats Detected
IOCs Extracted
Analyses Running
// capabilities

Everything you need to hunt phishing threats

From raw .eml files to live URL detonation — Kyburn covers the full attack surface with no API keys required for core analysis.

Email Analysis
Deep-parse raw .eml files. Validate SPF, DKIM, DMARC. Extract and score every URL. Identify brand impersonation, urgency language, and spoofed sender headers.
SPF / DKIM / DMARC Header forensics Attachment hashing Sender spoofing
URL Detonation
Safely navigate URLs inside a hardened, ephemeral container. Screenshot the landing page, follow redirect chains, detect credential forms, and flag drive-by downloads.
Isolated sandbox Screenshot Redirect chain Drive-by detection
Built-in Reputation Engine
No API keys required. Domain age, typosquatting detection, suspicious TLD scoring, lexical URL analysis, SSL certificate age, favicon brand matching, and URLhaus feed.
WHOIS age Typosquat URLhaus VirusTotal BYOK
Structured Reports
Every analysis produces a scored verdict, a full IOC list, per-signal evidence, and a screenshot — exportable as JSON for your SIEM or SOAR platform.
Confidence score IOC export JSON API SIEM-ready
Live Browser Session
Spin up an isolated Chromium browser directly in the dashboard. Manually investigate a suspicious site with full interaction — safely, inside a container.
Isolated container noVNC in-browser Auto-expire 5 min
REST API
Integrate Kyburn directly into your SOC workflow, SOAR playbooks, or CI pipeline. Submit via API, poll for results, and ingest structured JSON reports programmatically.
API key auth Async jobs Celery + Redis
// workflow

From suspicious to verdict in under 60 seconds

No agents to deploy. No infrastructure to manage. Submit via the dashboard or API and get a full threat report.

Step 01
Submit
Upload a raw .eml file or paste a suspicious URL via the dashboard or REST API. Supports drag-and-drop.
Step 02
Detonate
The submission is queued and processed asynchronously in an isolated container. No risk to your environment.
Step 03
Analyze
15+ signals fire across domain reputation, page behavior, lexical patterns, and external threat feeds.
Step 04
Report
A scored verdict with per-signal evidence, a screenshot, and a full IOC list is ready within seconds.
// pricing

Simple, transparent pricing

Start free. Scale when you need more. All plans include the full built-in reputation engine — no mandatory third-party API keys.

Starter
$0 / month
Free tier. No credit card required.
  • 25 submissions / month
  • Email + URL analysis
  • Built-in reputation engine
  • Screenshot capture
  • JSON report export
  • Live Browser Session
  • VirusTotal enrichment (BYOK)
  • Full API access
Get Started Free
Most Popular
Pro
/ month
For security analysts and SOC teams.
  • 1 000 submissions / month
  • Email + URL analysis
  • Built-in reputation engine
  • Screenshot capture
  • JSON report export
  • Live Browser Session
  • VirusTotal enrichment (BYOK)
  • Full API access
Get Pro Access
Need More?
Let's talk
Higher volume, self-hosting, or custom integrations.
  • Volume above 1 000 / month
  • Self-hosted deployment
  • Custom API integrations
  • Dedicated support
Contact Us
// get access

Create your account

Your API key is generated instantly. Start analyzing threats in minutes.

Account created — plan
Your API Key

Save this key — it will not be shown again.
Use it as the X-API-Key header on all API requests, or paste it into the dashboard when prompted.

Open Dashboard