iOS app that analyzes link behavior like nutrition label, no cloud, open source
Hi,
After a relative got phished by a link impersonating their bank, I wanted to create an app to help them ,and others, evaluate the trustworthiness of a link on the fly.
LegitURL is a strict, local-first iOS app that analyzes a link like a browser would, but shows everything clearly and doesn’t try to "fix" anything.
It checks: - Domain structure (e.g. brand impersonation, gibberish, encoding tricks) - TLS certificate (issuer, SANs, expiry) - HTTP headers (HSTS, CSP, redirect behavior) - Cookies and script behavior
It gives a score like a nutrition label ( ) and explicitly shows the final URL if there's a redirect chain.
Everything runs locally, except for HTTPS GET to the links (sandboxed, no cookies, no session data). There’s no cloud, no tracking, no backend.
The app is currently in *TestFlight beta* while waiting for App Store review. It’s free and open source (AGPLv3).
I’d love feedback, especially from folks who know more than me.
GitHub: https://github.com/sigfault-byte/LegitURL TestFlight: https://testflight.apple.com/join/VESrumtr
Misspelled aborted (Analysis aborded) Did not provide any reason(s) for 0 score of tested phishing link. Works for showing redirects but lacks explanations of the analysis
Well! Thank you for catching the typo, I just fixed it locally
It’s definitely strange if there are no explanations. If the bottom findings section is empty, and the score is still 0, it might mean the analysis was aborted before any real checks were made.
If you’re willing to share the link (or a screenshot of what the app showed), I’d love to take a look and figure out what’s missing.
The “Analysis aborted” label usually appears if the TLS cert was invalid, the connection failed, or the site didn’t respond in a way that allowed analysis to continue. In some cases that might actually be a critical finding, but right now I’m not surfacing that clearly enough. I’ll improve that in the next update.
Small clarification, all analysis results and warnings are logged in the findings section (at the bottom of the app). But I realize now it may not be visually obvious that this section is interactive?
Thanks again for pointing it out. That’s exactly the kind of blind spot I’m working to fix.