Existing phishing webpage detection models exhibit insufficient robustness against adversarial attacks. To address this, we propose PhishOracle—the first configurable, brand-agnostic adversarial phishing webpage generation framework. It systematically evaluates the vulnerability of mainstream detectors and multimodal large language models (MLLMs) under realistic adversarial conditions by injecting diverse phishing features into benign webpages. Our experiments reveal three key findings: (1) Traditional detectors suffer substantial declines in detection accuracy; (2) Although MLLMs demonstrate greater robustness, they remain susceptible to evasion; (3) Generated adversarial samples successfully deceive both automated models and human users, exposing dual failure modes. The study integrates DOM and visual embeddings, multimodal prompt engineering, and rigorous user studies. We publicly release our framework, benchmark dataset, and an interactive web application—establishing a new standard for evaluating robustness in phishing detection systems.

Phishing attacks attempt to deceive users into stealing sensitive information, posing a significant cybersecurity threat. Advances in machine learning (ML) and deep learning (DL) have led to the development of numerous phishing webpage detection solutions, but these models remain vulnerable to adversarial attacks. Evaluating their robustness against adversarial phishing webpages is essential. Existing tools contain datasets of pre-designed phishing webpages for a limited number of brands, and lack diversity in phishing features. To address these challenges, we develop PhishOracle, a tool that generates adversarial phishing webpages by embedding diverse phishing features into legitimate webpages. We evaluate the robustness of three existing task-specific models -- Stack model, VisualPhishNet, and Phishpedia -- against PhishOracle-generated adversarial phishing webpages and observe a significant drop in their detection rates. In contrast, a multimodal large language model (MLLM)-based phishing detector demonstrates stronger robustness against these adversarial attacks but still is prone to evasion. Our findings highlight the vulnerability of phishing detection models to adversarial attacks, emphasizing the need for more robust detection approaches. Furthermore, we conduct a user study to evaluate whether PhishOracle-generated adversarial phishing webpages can deceive users. The results show that many of these phishing webpages evade not only existing detection models but also users. We also develop the PhishOracle web app, allowing users to input a legitimate URL, select relevant phishing features and generate a corresponding phishing webpage. All resources will be made publicly available on GitHub.