Simple URL's security score check tool. (implement by Golang and Chrome Extension.).
When you're search knowledge, suddenly you may see a alert by Security Scan tool.
You have unfortunately displayed a site that contains a malware script.
But you've search a lot of for learn. I don't blame you.
Can't we at least easily check if it's suspicious before we open it?
I created this tool with that in mind for you!
When you right-click and select context menu, it opens a temporary tab before URL be opened.
In that tab, request Golang API on server and will check the following.
- Can name resolve on the Secure DNS server?
- Is SSL certificate is not free type?
- Is higher rank search results on search engines?
Check results are displayed with a score(star rate).
If you want to put it under the path, you can use the following.
go get github.com/yasutakatou/goScore
If you want to create a binary and copy it yourself, use the following.
git clone https://github.com/yasutakatou/goScore
cd goScore
go build goScore.go
or download binary from release page.
save binary file, copy to entryed execute path directory.
delete that binary. del or rm command. (it's simple!)
- run server and space or enter press will display ip addres and port.
- input server address to chrome extension.
- in case of success, it will be added.
- in case of checking url, right click on link, display context menu, send to server.
- new tab will open, waiting for making score from server.
- score displayed.
If you click center link, go to original URL.
(So, You can check before we open it.)
note) if url cached, server return old result. So, it's fast.
this options use when run.
option name | default value | detail |
---|---|---|
-debug | false | debug mode (true is enable) |
-cert | localhost.pem | ssl_certificate file path (if you don't use https, haven't to use this option) |
-key | localhost-key.pem | ssl_certificate_key file path (if you don't use https, haven't to use this option) |
-port | 8080 | port number |
-config | config | config file name(detail: config file) |
This tool have config file, detail is following.
note) default config file name is "config".
This value is cacheing time and format is value and unit multiplication.
define | seconds |
---|---|
"d" or "D" | 12 * 60 * 60 |
"h" or "H" | 60 * 60 |
"m" or "M" | 60 |
"s" or "S" | 1 |
example)
- 12 D -> 12days
- 30 M -> 30minuts
define DNS servers to name resolve.
note)
I recommend that use DNS server (1.1.1.1 or 9.9.9.9.9 etc) for content filtering purposes.
example)
- 9.9.9.9
- 1.1.1.1
define google page rank check by integer value.
If your URL search results rank lower than this value, Return a star to the client.
define you trusted ssl certificate authority.
example)
- DigiCert
- GlobalSign
- Google Trust Services
- GeoTrust
- SECOM Passport
- Sectigo RSA Organization
- Cybertrust
this value is server cache.
format is url, cached unix time, score. value is space splited.
score "0" is star, "1" is no star.
note) this value is wrote by tool when tool exit.
example)
- https://www.google.co.jp/ 1598448280 000
- When add server to extension, following message displaying!
YYYY/MM/DD HH:MM:SS http: TLS handshake error from XXX.XXX.XXX.XXX:XXXXX: remote error: tls: unknown certificate
If you use Self-signed cert file, Chrome must trusted this cert.
You have to access endpoint once by manualy.
browse url to https://xxx.xxx.xxx.xxx:yyyyy/token
If alert from Chrome and you continue access, message will not displayed.
MIT License