I need a single, self-hosted link that I can hand to my staff during periodic security drills. When a real person follows the link, it must convincingly imitate three attack vectors — email, social-media, and straight website phishing — all from the same URL pathway so I can randomise the scenario I present. While the user believes they are on a familiar page, the script should collect login credentials, personal details and even mock financial data, then store each piece in an encrypted local file or secure database table that I can download later for the debrief. To keep mail filters and reputation scanners from spoiling the exercise, an anti-spam-bot layer has to sit in front of everything. Instead of blocking or warning crawlers, the detector should quietly evade them: serve a bland “404 / moved” style response, alternate content, or any other stealth method you prefer. User-agent, headless-browser clues, JavaScript execution checks, and timing analysis are all fair game, as long as the end result is that real staff reach the phishing page while automated scanners never see it. Essential deliverables: • Fully functional link with the three scenario templates embedded • Bot-evasion module integrated and tested against common scanners (Gmail, Outlook, Facebook, etc.) • Secure storage or export of the captured data for later reporting • Brief deployment guide plus reset script so I can wipe data between training rounds Clean, readable code is important; PHP/JS or Python are fine, but I’m open to alternatives if you justify them. Provide any third-party libraries you rely on and keep everything runnable on a typical Linux VPS.