A Chrome extension that uses Google's Gemini Flash 2.5 AI to detect phishing websites and analyze email headers in real-time.
- Real-time Analysis: Analyzes webpages as you browse
- AI-Powered Detection: Uses Gemini Flash 2.5 for intelligent phishing detection
- Comprehensive Scanning: Extracts URL, text content, forms, and suspicious elements
- Risk Scoring: Provides 0-10 risk score with detailed explanations
- Caching: Caches results to avoid repeated analysis of the same pages
- DKIM Verification: Checks DomainKeys Identified Mail signatures
- SPF Validation: Verifies Sender Policy Framework records
- DMARC Compliance: Analyzes Domain-based Message Authentication compliance
- Sender Mismatch Detection: Identifies mismatched sender addresses
- Reply-To Analysis: Detects suspicious Reply-To discrepancies
- Spoofing Indicators: Identifies suspicious headers and patterns
- AI-Enhanced Analysis: Provides intelligent assessment of email authenticity
- Open Chrome and go to
chrome://extensions/ - Enable "Developer mode" in the top right
- Click "Load unpacked" and select the extension folder
- The extension icon should appear in your toolbar
- Navigate to any website
- Click the Phishing Detector extension icon
- Click the "Page Analysis" tab
- Click "Analyze Current Page"
- View the AI-generated risk assessment
- Open the email you want to analyze
- Access the email's raw headers:
- Gmail: Click ⋮ (three dots) → "Show original"
- Outlook: Click ... → "View message source"
- Yahoo: Click "More" → "View raw message"
- Copy all the header information
- Click the Phishing Detector extension icon
- Switch to the "Email Headers" tab
- Paste the headers into the text area
- Click "Analyze Email Headers"
- Review the comprehensive security assessment including:
- DKIM, SPF, and DMARC verification status
- Sender address mismatches
- Reply-To discrepancies
- Suspicious header patterns
- AI-generated security insights
- Content Extraction: The extension extracts page URL, text content, forms, and links
- AI Analysis: Data is sent to the Node.js server which uses Gemini Flash 2.5 to analyze for phishing indicators
- Risk Assessment: The AI provides a 0-10 risk score with detailed explanation
- User Alert: Results are displayed in the extension popup with color-coded warnings
- 0-3: Likely Safe (Green)
- 4-6: Suspicious (Yellow)
- 7-10: High Risk (Red)
- Google Generative AI API key
- Gemini Flash 2.5 model access
- DKIM (DomainKeys Identified Mail): Verifies the email hasn't been tampered with and confirms the sender domain
- SPF (Sender Policy Framework): Checks if the sending server is authorized to send emails for the domain
- DMARC (Domain-based Message Authentication): Ensures the email aligns with the domain's authentication policies
- From vs Return-Path: Compares the visible sender with the actual return path
- From vs Sender: Checks for discrepancies between From and Sender headers
- Reply-To Mismatches: Detects when replies would go to a different address/domain
- Automated Mailers: Identifies bulk email tools used for seemingly personal emails
- Message-ID Mismatches: Detects when the message ID domain differs from the sender domain
- Unusual Routing: Flags emails with too few mail server hops
- Date Anomalies: Identifies future-dated or very old emails
- 0-3: Likely legitimate - all authentication checks passed
- 4-6: Suspicious - some authentication issues or warnings
- 7-10: High risk - multiple failures indicating possible spoofing
- Local caching to reduce API calls
- Content length limits to prevent abuse
- CORS protection on server endpoints
- No sensitive data storage in extension
- Secure header parsing and validation