CertiLens — Phishing & Site Safety Checker

Real-time phishing detection with Certificate Transparency, header auditing, and DOM heuristics.

Real-time phishing detection that goes beyond the blocklist. 🛡️ CertiLens – Know If a Site Is Safe Before You Trust It CertiLens analyzes websites the moment you visit them using six independent security engines — giving you a clear risk score in seconds, even for brand-new phishing sites that no blocklist has seen yet. What CertiLens checks: 🔍 Certificate Transparency – Detects SSL certificates less than 30 days old. Phishing sites can't fake a certificate history they don't have. 📅 Domain Age – Most phishing domains are registered less than 90 days before they're used. CertiLens checks via RDAP, the structured standard built to replace WHOIS. 📋 Security Headers – Audits for CSP, HSTS, X-Frame-Options, and more. Real sites have them. Phishing pages almost never do. ✉️ Email Authentication – Missing SPF and DMARC records mean the domain can be spoofed in phishing emails sent to your contacts. 🌐 Threat Intelligence – Cross-references against URLScan.io's public database of flagged malicious sites. 🔤 Homograph Detection – Catches lookalike attacks offline: mixed Cyrillic and Latin scripts, punycode domains, and digit swaps like paypa1 vs paypal. All six engines run at the same time. Total scan time: about 6 seconds. 🔒 Privacy first: CertiLens never collects, stores, or transmits personal data. Only the domain name is used for analysis. Everything else stays in your browser. Built by a high school cybersecurity developer holding CompTIA Security+, Network+, and ITF+ certifications. Free and open source under GPL v3. Source code: github.com/JalenTechHub/CertiLens