Hi,<p>After a relative got phished by a link impersonating their bank, I wanted to create an app to help them ,and others, evaluate the trustworthiness of a link on the fly.<p>LegitURL is a strict, local-first iOS app that analyzes a link like a browser would, but shows everything clearly and doesn’t try to "fix" anything.<p>It checks:
- Domain structure (e.g. brand impersonation, gibberish, encoding tricks)
- TLS certificate (issuer, SANs, expiry)
- HTTP headers (HSTS, CSP, redirect behavior)
- Cookies and script behavior<p>It gives a score like a nutrition label ( ) and explicitly shows the final URL if there's a redirect chain.<p>Everything runs locally, except for HTTPS GET to the links (sandboxed, no cookies, no session data).
There’s no cloud, no tracking, no backend.<p>The app is currently in *TestFlight beta* while waiting for App Store review.
It’s free and open source (AGPLv3).<p>I’d love feedback, especially from folks who know more than me.<p>GitHub: https://github.com/sigfault-byte/LegitURL
TestFlight: https://testflight.apple.com/join/VESrumtr
Misspelled aborted
(Analysis aborded)
Did not provide any reason(s) for 0 score of tested phishing link.
Works for showing redirects but lacks explanations of the analysis