Sign in to your Google Cloud account. If you're new to
Google Cloud,
create an account to evaluate how our products perform in
real-world scenarios. New customers also get $300 in free credits to
run, test, and deploy workloads.
In the Google Cloud console, on the project selector page,
select or create a Google Cloud project.
When you see the Starting server at localhost:8080 message, wrserver is started at localhost:8080.
To preview the application on the localhost, click Web Preview
and then select Preview on port 8080.
Cloud Shell opens the preview URL (port 8080) on its proxy service in a new browser window.
The preview URL browser window shows a 404 page not found message.
In the preview URL window, check the following URLs.
To check a URL, replace the query string after the preview URL of the local server with
the URL you want to check in the following format: PREVIEW_URL/r?url=URL_TO_BE_CHECKED.
If the URL is unsafe, an interstitial warning page is shown as recommended by Web Risk.
If the URL is safe, the client is automatically redirected to the target.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# Run the sample Web Risk app\n===========================\n\nLearn how to install the sample Web Risk Go app from\nGitHub and how to run the sample app to detect malicious URLs in a Go environment.\n\n*** ** * ** ***\n\nTo follow step-by-step guidance for this task directly in the\nGoogle Cloud console, click **Guide me**:\n\n[Guide me](https://console.cloud.google.com/freetrial?redirectPath=/?walkthrough_id=https://cloud-dot-devsite-v2-prod.appspot.com/walkthroughs/web-risk/webrisk_sample_quickstart)\n\n*** ** * ** ***\n\nBefore you begin\n----------------\n\n- Sign in to your Google Cloud account. If you're new to Google Cloud, [create an account](https://console.cloud.google.com/freetrial) to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.\n- In the Google Cloud console, on the project selector page,\n select or create a Google Cloud project.\n\n | **Note**: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.\n\n [Go to project selector](https://console.cloud.google.com/projectselector2/home/dashboard)\n-\n [Verify that billing is enabled for your Google Cloud project](/billing/docs/how-to/verify-billing-enabled#confirm_billing_is_enabled_on_a_project).\n\n-\n\n\n Enable the Web Risk API.\n\n\n [Enable the API](https://console.cloud.google.com/flows/enableapi?apiid=webrisk.googleapis.com)\n\n- In the Google Cloud console, on the project selector page,\n select or create a Google Cloud project.\n\n | **Note**: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.\n\n [Go to project selector](https://console.cloud.google.com/projectselector2/home/dashboard)\n-\n [Verify that billing is enabled for your Google Cloud project](/billing/docs/how-to/verify-billing-enabled#confirm_billing_is_enabled_on_a_project).\n\n-\n\n\n Enable the Web Risk API.\n\n\n [Enable the API](https://console.cloud.google.com/flows/enableapi?apiid=webrisk.googleapis.com)\n\n1. Create a new API key for authentication:\n 1. In the Google Cloud console navigation menu, click **APIs \\& Services \\\u003e Credentials**.\n 2. On the **Credentials** page, click **addCreate credentials** and then select **API key**.\n 3. In the **API key created** dialog, to copy the key, click content_copy **Copy key**. Close the dialog and secure the key that you copied for later use.\n2. Set up your environment:\n 1. \u003cbr /\u003e\n\n\n In the Google Cloud console, click **Activate Cloud Shell** to open a terminal window.\n\n \u003cbr /\u003e\n\n The Cloud Shell terminal can take several seconds to fully load.\n 2. Export the API key that you copied. \n\n ```bash\n export APIKEY=API_KEY\n ```\n\nInstall and run the sample Web Risk app\n---------------------------------------\n\nThe sample Web Risk app has the following binaries to detect\nwhether the URLs are malicious or safe:\n\n\u003cbr /\u003e\n\n- [**`wrserver`** server](https://github.com/google/webrisk/tree/master/cmd/wrserver): This binary runs the Web Risk API lookup proxy that lets you check URLs.\n- [**`wrlookup`** command-line](https://github.com/google/webrisk/tree/master/cmd/wrlookup): This binary filters unsafe URLs piped through STDIN.\n\n\u003cbr /\u003e\n\nThis quickstart document shows how to detect whether the URLs are malicious or safe by using the\n**`wrserver`** server and **`wrlookup`** command-line binaries.\n\n### Check URLs using the `wrserver` server binary\n\n1. In the Cloud Shell terminal, install `wrserver`: \n\n ```bash\n go install github.com/google/webrisk/cmd/wrserver@latest\n ```\n2. Run `wrserver` with your API key: \n\n ```bash\n wrserver -apikey=$APIKEY\n ```\n\n When you see the *Starting server at localhost:8080* message, `wrserver` is started at `localhost:8080`.\n3. To preview the application on the localhost, click **Web Preview** and then select **Preview on port 8080** . \n\n Cloud Shell opens the preview URL (port 8080) on its proxy service in a new browser window.\n The preview URL browser window shows a **404 page not found** message.\n4. In the preview URL window, check the following URLs. To check a URL, replace the query string after the preview URL of the local server with the URL you want to check in the following format: \u003cvar translate=\"no\"\u003ePREVIEW_URL\u003c/var\u003e`/r?url=`\u003cvar translate=\"no\"\u003eURL_TO_BE_CHECKED\u003c/var\u003e.\n\n If the URL is unsafe, an interstitial warning page is shown as recommended by Web Risk.\n If the URL is safe, the client is automatically redirected to the target.\n\n A fake malware URL: \n\n ```bash\n http://testsafebrowsing.appspot.com/apiv4/ANY_PLATFORM/MALWARE/URL/\n ```\n\n A safe URL: \n\n ```bash\n http://www.google.com/\n ```\n5. To stop the server, press `Control+C`.\n\nYou have successfully verified the URLs by using the `wrserver` server binary.\n\n### Check URLs using the `wrlookup` command-line binary\n\n1. In the Cloud Shell terminal, install the `wrlookup` command-line binary: \n\n ```bash\n go install github.com/google/webrisk/cmd/wrlookup@latest\n ```\n2. Check the URLs with your API key. A fake malware URL:\n\n ```bash\n echo \"http://testsafebrowsing.appspot.com/apiv4/ANY_PLATFORM/MALWARE/URL/\" | wrlookup -apikey=$APIKEY\n ```\n\n The following output is an abbreviated output for a malware URL: \n\n ```\n ......\n Unsafe URL: [MALWARE]\n ```\n\n A safe URL: \n\n ```bash\n echo \"http://www.google.com/\" | wrlookup -apikey=$APIKEY\n ```\n\n The following output is an abbreviated output for a safe URL: \n\n ```\n ......\n Safe URL: http://google.com\n ```\n\nYou have successfully verified the URLs by using the `wrlookup` command-line binary.\n\n\u003cbr /\u003e\n\nClean up\n--------\n\n\nTo avoid incurring charges to your Google Cloud account for\nthe resources used on this page, follow these steps.\n\nKeep the following things in mind when deleting a project:\n\n- Deleting a project deletes all the resources in the project.\n- You cannot reuse the custom project ID of a deleted project.\n\nIf you plan to explore multiple tutorials and quickstarts, reusing projects can\nhelp you avoid exceeding project quota limits.\n\nTo delete your project, do the following:\n\n1. In the Google Cloud console navigation menu, click **IAM \\& Admin \\\u003e Settings** .\n\n [Go to Settings](https://console.cloud.google.com/iam-admin/settings)\n2. Confirm that the project name is the name of the project you want to delete. If it isn't, choose the project you want to delete from the\n **Project selector**.\n\n3. Click **Shut down**.\n4. In the dialog, type the project ID, then click **Shut down** to delete the project.\n\nWhat's next\n-----------\n\n- Learn more about [Web Risk](/web-risk/docs/overview).\n- Learn more about the Web Risk app on the [Web Risk GitHub project](https://github.com/google/webrisk)."]]