一款分析链接行为的iOS应用,类似于营养标签,无需云端,开源。
你好,
在一位亲属被伪装成其银行的链接钓鱼后,我想开发一个应用程序,帮助他们和其他人实时评估链接的可信度。
LegitURL 是一款严格的本地优先 iOS 应用,它像浏览器一样分析链接,但清晰地展示所有信息,并不试图“修复”任何内容。
它检查以下内容:
- 域名结构(例如品牌冒充、无意义字符、编码技巧)
- TLS 证书(颁发者、SANs、过期时间)
- HTTP 头部(HSTS、CSP、重定向行为)
- Cookies 和脚本行为
它提供一个类似营养标签的评分,并在有重定向链时明确显示最终 URL。
除了对链接进行 HTTPS GET 请求(在沙盒环境中,无 Cookies,无会话数据)外,所有操作均在本地进行。没有云端、没有追踪、没有后端。
该应用目前处于 *TestFlight 测试版*,正在等待 App Store 的审核。它是免费的开源软件(AGPLv3)。
我非常希望能收到反馈,特别是来自比我更懂行的人。
GitHub: https://github.com/sigfault-byte/LegitURL
TestFlight: https://testflight.apple.com/join/VESrumtr
查看原文
Hi,<p>After a relative got phished by a link impersonating their bank, I wanted to create an app to help them ,and others, evaluate the trustworthiness of a link on the fly.<p>LegitURL is a strict, local-first iOS app that analyzes a link like a browser would, but shows everything clearly and doesn’t try to "fix" anything.<p>It checks:
- Domain structure (e.g. brand impersonation, gibberish, encoding tricks)
- TLS certificate (issuer, SANs, expiry)
- HTTP headers (HSTS, CSP, redirect behavior)
- Cookies and script behavior<p>It gives a score like a nutrition label ( ) and explicitly shows the final URL if there's a redirect chain.<p>Everything runs locally, except for HTTPS GET to the links (sandboxed, no cookies, no session data).
There’s no cloud, no tracking, no backend.<p>The app is currently in *TestFlight beta* while waiting for App Store review.
It’s free and open source (AGPLv3).<p>I’d love feedback, especially from folks who know more than me.<p>GitHub: https://github.com/sigfault-byte/LegitURL
TestFlight: https://testflight.apple.com/join/VESrumtr