A Chrome extension that provides local-first, privacy-preserving website security analysis using on-device AI (WebLLM). All processing happens in your browser - no data is sent to external servers.
- Trust Score Analysis - Comprehensive 0-100 security scoring with letter grades (A-F)
- Security Breakdown - Detailed analysis of:
- HTTPS/SSL certificate validation
- Domain age verification
- Phishing signal detection
- Malicious script scanning
- Cookie compliance checking
- Form security assessment
- AI Chatbot - Ask questions about any website's security and content
- Real-time Scanning - Instant security assessment of any webpage
- 100% Local - All AI processing runs in your browser using WebGPU
Choose from three models based on your device capabilities:
| Model | Size | VRAM | Best For |
|---|---|---|---|
| Gemma 2 2B | ~1.5GB | 2GB | Quick scans |
| Phi-3 Mini ⭐ | ~2GB | 3GB | Recommended |
| Llama 3.1 8B | ~4.5GB | 6GB | Complex analysis |
-
Clone the repository:
git clone https://github.com/yourusername/zerotrust.git cd zerotrust -
Install dependencies:
npm install
-
Build the extension:
npm run build
-
Load in Chrome:
- Open
chrome://extensions/ - Enable "Developer mode"
- Click "Load unpacked"
- Select the
distfolder
- Open
# Development mode with hot reload
npm run dev
# Build for production
npm run build
# Lint code
npm run lintThis is a Manifest V3 Chrome extension with multiple components:
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Popup │────▶│ Background │────▶│ Offscreen │
│ (React) │ │ (Router) │ │ (WebLLM) │
└─────────────┘ └─────────────┘ └─────────────┘
│
▼
┌─────────────┐
│ Content │
│ (Scanner) │
└─────────────┘
- Popup (
src/popup/) - React UI for interaction - Background (
src/background/) - Message routing, offscreen management - Offscreen (
src/offscreen/) - WebLLM engine, AI inference - Content (
src/content/) - Page analysis, trust score calculation
- React 19 - UI framework
- TypeScript - Type safety
- Vite - Build tool
- Tailwind CSS 4 - Styling
- WebLLM - On-device LLM inference
- WebGPU - GPU acceleration
The trust score (0-100) is calculated from:
| Factor | Max Points |
|---|---|
| HTTPS Connection | 15 |
| Valid Certificate | 10 |
| Domain Age | 10 |
| No Phishing Signals | 25 |
| No Malicious Scripts | 20 |
| Cookie Compliance | 10 |
| Form Security | 10 |
- A (90-100): Excellent security
- B (80-89): Good security
- C (70-79): Moderate concerns
- D (60-69): Poor security
- F (0-59): Critical issues
ZeroTrust is designed with privacy as a core principle:
- All AI processing happens locally in your browser
- No website data is sent to external servers
- No analytics or tracking
- No account required
- Chrome 113+ (WebGPU support)
- Minimum 4GB RAM (8GB recommended)
- GPU with WebGPU support
MIT License - See LICENSE for details.
Contributions are welcome! Please read our contributing guidelines before submitting PRs.
Never Trust, Always Verify.