Direct answer
Can this expose attackers? It can support lawful investigation through operator-style clusters and preserved evidence, but not public attribution by itself.
What is analyzed
HTML, JS, screenshots, redirects, headers, PDFs, APK metadata, kit ZIP references and public repo/paste references.
What is detected
Exposed panels, open directories, backups, debug artifacts, leaked config metadata, webhook reuse, AiTM markers and panel path reuse.
Safety
Normal UI shows safe summaries, fingerprints and evidence readiness; raw sensitive artifacts stay restricted.
How PhishNet uses this
Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.
Selected sources and research
These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.
Common questions
Can this expose attackers?
It can support lawful investigation through operator-style clusters and preserved evidence, but not public attribution by itself.
Does PhishNet provide exploit instructions?
No. It provides defensive summaries and safe next actions.