Existing phishing detection models suffer from limited generalizability due to insufficient dataset diversity and incomplete web resource collection—often capturing only URLs or HTML source code while omitting critical multimodal elements such as CSS, JavaScript, favicons, and screenshots. To address this, we propose the first systematic, automated framework for comprehensive phishing webpage acquisition: leveraging the PhishTank API for real-time phishing URL retrieval and employing a custom-built crawler (outperforming PyWebCopy) to fully capture URLs, HTML, CSS, JavaScript, images, icons, and full-page screenshots. We introduce PhishMM, a publicly available multimodal dataset comprising 5,666 phishing and 4,056 legitimate websites, with fine-grained annotations of feature relevance. PhishMM bridges critical gaps in existing benchmarks regarding completeness, modality diversity, and contextual richness, thereby enabling robust, interpretable, and multimodal machine learning–based phishing detection.

To combat phishing attacks -- aimed at luring web users to divulge their sensitive information -- various phishing detection approaches have been proposed. As attackers focus on devising new tactics to bypass existing detection solutions, researchers have adapted by integrating machine learning and deep learning into phishing detection. Phishing dataset collection is vital to developing effective phishing detection approaches, which highly depend on the diversity of the gathered datasets. The lack of diversity in the dataset results in a biased model. Since phishing websites are often short-lived, collecting them is also a challenge. Consequently, very few phishing webpage dataset repositories exist to date. No single repository comprehensively consolidates all phishing elements corresponding to a phishing webpage, namely, URL, webpage source code, screenshot, and related webpage resources. This paper introduces a resource collection tool designed to gather various resources associated with a URL, such as CSS, Javascript, favicons, webpage images, and screenshots. Our tool leverages PhishTank as the primary source for obtaining active phishing URLs. Our tool fetches several additional webpage resources compared to PyWebCopy Python library, which provides webpage content for a given URL. Additionally, we share a sample dataset generated using our tool comprising 4,056 legitimate and 5,666 phishing URLs along with their associated resources. We also remark on the top correlated phishing features with their associated class label found in our dataset. Our tool offers a comprehensive resource set that can aid researchers in developing effective phishing detection approaches.