Chrome Extension · Manifest V3 · Free & Open Source
CertiLens

The browser knows
when something's wrong.
Now so do you.

CertiLens runs six independent security engines in parallel — Certificate Transparency, domain age, DNS authentication, security headers, DOM heuristics, and homograph detection — and synthesizes them into a single risk score before the page finishes loading.

Add to Chrome — It's Free See how it works ↓
6 security engines
0 API keys required
MV3 Manifest V3 compliant
GPL-3 open source license
How It Works

Not just a blocklist check.

Most extensions compare your URL against a database. CertiLens actively analyzes the site itself — even if it's never been seen before.

01
🌐
You navigate to a page
The content script injects and performs a DOM scan — collecting password fields, iframes, form actions, and page identity signals.
02
Six engines fire in parallel
The service worker runs all six analysis engines concurrently via Promise.all(). Total scan time is ~2s, not 15s.
03
🧮
Risk score computed
Each engine contributes an independent penalty. Scores are additive and capped at 100, with per-finding rationale surfaced to you.
04
🔍
Results in your toolbar
The popup shows your risk score, all engine results, and the exact reasons a site was flagged — no black boxes.
Analysis Engines

Six layers of detection.

Each engine catches a different class of attack. Together they handle brand-new phishing domains that no blocklist has ever seen.

🔏
crt.sh API

Certificate Transparency

Queries CT logs for every certificate ever issued to the domain. A cert issued in the last 7 days is a strong phishing signal — attackers can't buy old certificates.

Risk trigger Cert < 30 days old
🛡
HTTP HEAD

Security Header Audit

Checks eight response headers: CSP, HSTS, X-Frame-Options, X-Content-Type, Referrer-Policy, Permissions-Policy, COOP, and COEP. Legitimate sites configure these. Phishing sites don't.

Risk trigger Missing CSP or HSTS
📅
RDAP Protocol

Domain Age (RDAP)

Uses RDAP — the JSON-based successor to WHOIS — to check domain registration date. Most phishing domains are registered days before an attack. No API key needed.

Risk trigger Domain < 90 days old
📧
Cloudflare DoH

DNS Email Security

Checks for SPF and DMARC records via DNS-over-HTTPS. Missing these records means anyone can send phishing emails that appear to come from this domain.

Risk trigger No SPF or DMARC
🖥️
Content Script

DOM Heuristics

The injected content script scans the live DOM for password fields on HTTP, cross-origin form actions, hidden iframes, obfuscated JavaScript (eval/atob), and page identity–based brand spoofing.

Risk trigger Password on HTTP, brand spoof
🔤
Local Analysis

Homograph Detection

Identifies IDN homograph attacks: Cyrillic/Greek lookalike characters, mixed Unicode scripts, punycode domains, and digit-for-letter substitution like paypa1.com. Runs entirely offline.

Risk trigger Mixed scripts, punycode
Risk Scoring

Transparent by design.

Every point in the 0–100 score is traceable to a specific finding. No black box — you see exactly why a site was flagged.

SignalPenalty
No HTTPS (plain HTTP)+20
Cert issued < 7 days ago+30
Domain registered < 30 days+35
Brand impersonation in page identity+30
Homograph / mixed Unicode scripts+25–30
Password field on HTTP page+35
Missing CSP + HSTS headers+15–25
No SPF / DMARC records+8–16
Obfuscated JS (eval/atob/fromCharCode)+8–15
Cross-origin form action+20
Known malicious (URLScan.io)+50
0–24
LOW
Site appears legitimate. Standard security posture.
25–49
MEDIUM
Some risk signals present. Proceed with caution.
50–74
HIGH
Multiple risk factors detected. Avoid entering credentials.
75–100
CRITICAL
Strong phishing indicators. Do not interact with this site.
About the Developer

Built by a high school developer.

CertiLens was built by Jalen Joseph, a high school junior holding CompTIA Security+, Network+, and ITF+ certifications. What started as a way to apply classroom security concepts became a full-featured browser security tool that mimics the detection logic of enterprise EDR browser agents.

The project demonstrates applied knowledge across four Security+ domains — PKI and certificate validation, threat and vulnerability analysis, multi-layer security architecture, and security operations.

Every design decision has a reason: RDAP instead of WHOIS because it returns structured JSON; parallel engine execution because total scan time should be bounded by the slowest API, not the sum; identity-only brand spoofing checks because scanning full page text produces false positives on legitimate search engines.

github.com/JalenTechHub @JalenTechHub LinkedIn Portfolio
Security+ Concepts
Domain 1.0
General Security Concepts
PKI, TLS, CSP, HSTS, certificate validation and transparency
Domain 2.0
Threats & Vulnerabilities
Phishing, brand impersonation, homograph attacks, obfuscated malicious JS
Domain 3.0
Security Architecture
Defense-in-depth, multi-layer detection, graceful API degradation
Domain 4.0
Security Operations
Threat intelligence, automated scanning, audit logging
Installation

Add it in seconds.

No account. No API keys. No build step.

Option 1 — Recommended
Add from the Chrome Web Store
One click. Always up to date. No setup required.
Add to Chrome — It's Free
Option 2 — Developer / Manual
1
Clone the repository
git clone https://github.com/JalenTechHub/CertiLens
2
Open Chrome Extensions
chrome://extensions/
Enable Developer mode in the top-right corner
3
Load the extension
Click Load unpacked → select the extension folder from the cloned repo
4
You're done
The CertiLens icon appears in your toolbar. Navigate to any site to run a scan.
Support the Project

Keep CertiLens free & open source.

CertiLens is built and maintained solo by a high school student — no company, no team, no budget. If it has helped you stay safer online, a small contribution goes a long way toward keeping it alive and improving it.

Buy me a coffee
Every donation helps fund development time and future features. Any amount is appreciated.
Donate via PayPal
Secure · Any amount helps · Thank you