一款分析链接行为的iOS应用,类似营养标签,无需云端,开源。
你好,
在一位亲属因点击假冒银行链接而遭遇网络钓鱼后,我想开发一款应用,帮助他们和其他人即时评估链接的可信度。
LegitURL是一款严格的、本地优先的iOS应用,它像浏览器一样分析链接,但清晰地展示所有信息,并不试图“修复”任何内容。
它检查:
- 域名结构(例如品牌冒充、无意义字符、编码技巧)
- TLS证书(发行者、SANs、过期时间)
- HTTP头部(HSTS、CSP、重定向行为)
- Cookies和脚本行为
它给出一个类似营养标签的评分,并明确显示如果存在重定向链的最终URL。
除了对链接进行HTTPS GET请求(在沙盒环境中,不使用Cookies和会话数据)外,所有操作均在本地进行。没有云端服务,没有追踪,没有后端。
该应用目前处于*TestFlight测试版*,正在等待App Store审核。它是免费的,且开源(AGPLv3)。
我非常希望能收到反馈,尤其是来自比我更了解这一领域的朋友们。
GitHub: https://github.com/sigfault-byte/LegitURL
TestFlight: https://testflight.apple.com/join/VESrumtr
查看原文
Hi,<p>After a relative got phished by a link impersonating their bank, I wanted to create an app to help them ,and others, evaluate the trustworthiness of a link on the fly.<p>LegitURL is a strict, local-first iOS app that analyzes a link like a browser would, but shows everything clearly and doesn’t try to "fix" anything.<p>It checks:
- Domain structure (e.g. brand impersonation, gibberish, encoding tricks)
- TLS certificate (issuer, SANs, expiry)
- HTTP headers (HSTS, CSP, redirect behavior)
- Cookies and script behavior<p>It gives a score like a nutrition label ( ) and explicitly shows the final URL if there's a redirect chain.<p>Everything runs locally, except for HTTPS GET to the links (sandboxed, no cookies, no session data).
There’s no cloud, no tracking, no backend.<p>The app is currently in *TestFlight beta* while waiting for App Store review.
It’s free and open source (AGPLv3).<p>I’d love feedback, especially from folks who know more than me.<p>GitHub: https://github.com/sigfault-byte/LegitURL
TestFlight: https://testflight.apple.com/join/VESrumtr