π‘οΈ Real-Time Security Meter
Your constant guardian - a floating security score that appears on every webpage you visit.
How It Works
The security meter is a small, elegant circular widget (40x40px) that positions itself on the right edge of your screen. As soon as you load a webpage, it springs into action, running our 8 specialized scanners in parallel and displaying a security score from 0-100.
Visual Indicators
- Green (80-100): Site is secure and safe to use
- Yellow (50-79): Proceed with caution, some security concerns
- Red (0-49): High risk, avoid entering sensitive information
β¨ Key Features
- β Draggable along vertical axis - position it where you want
- β One-click rescan button for instant re-evaluation
- β Triple-layer glow effects with status-matching colors
- β Smooth animations during scanning
- β Click to view detailed security report
Performance
The meter is designed to be lightweight and non-intrusive. Scanning happens asynchronously, so your browsing experience remains smooth. Results are cached for 5 minutes, meaning if you revisit the same page, you get instant feedback.
π€ AI-Powered Phishing Detection PREMIUM
Go beyond basic pattern matching with advanced machine learning trained on 50,000+ phishing and legitimate pages.
Natural Language Processing (NLP)
Our AI analyzes the actual content of webpages, understanding context and intent. It detects:
- Urgency Keywords: "verify now", "account suspended", "urgent action required"
- Social Engineering Phrases: "confirm your identity", "unusual activity detected"
- Credential Harvesting Language: "re-enter password", "validate account"
Brand Impersonation Detection
The AI checks if a webpage is pretending to be a legitimate brand:
- Detects unauthorized use of brand names (PayPal, Amazon, Microsoft, banks)
- Validates brand mentions against actual domain ownership
- Identifies fake customer support pages
- Recognizes copied logos and visual elements
Form Analysis
Suspicious input field combinations are a red flag. Our AI detects:
- Password + SSN + Credit Card on same form (highly suspicious)
- Hidden form fields used for stealth data capture
- Form action URLs that don't match the domain
- Excessive personal information requests
π― Accuracy Metrics
- β 95%+ detection accuracy on sophisticated phishing
- β <2% false positive rate - won't cry wolf
- β Continuous learning from latest threat feeds
- β Real-world tested against actual phishing campaigns
Use Cases
- Corporate email security training
- Banking website verification
- Tax season scam prevention
- Cryptocurrency/Web3 site validation
- Romance and social engineering scam detection
π 8 Specialized Security Scanners
Each scanner is an expert in its domain. Together, they provide comprehensive security coverage.
| Scanner |
Type |
What It Detects |
| π‘οΈ Security Headers |
FREE |
Missing CSP, HSTS, X-Frame-Options, etc. |
| π Mixed Content |
FREE |
HTTP resources on HTTPS pages |
| β οΈ Threat Intelligence |
FREE |
Known malware & phishing URLs |
| π JS Vulnerabilities |
PREMIUM |
Library CVEs (jQuery, Angular, React, etc.) |
| π£ Basic Phishing |
FREE |
Typosquatting, suspicious TLDs |
| π€ AI Phishing (NLP) |
PREMIUM |
Sophisticated phishing with ML |
| π Domain Reputation |
PREMIUM |
Domain age, SSL, DNS, traffic rank |
| π Form Security |
FREE |
Insecure forms, excessive data collection |
Parallel Execution
All 8 scanners run simultaneously using Web Workers, completing a full security audit in just 2-4 seconds. Each scanner has a 10-second timeout and fails gracefully (defaults to 70 score) if it encounters issues.
π Comprehensive Security Reports
Click on the security meter to get a full breakdown of your security scan with actionable recommendations.
What You See
- Overall Score & Grade: A-F grading system (A = 90-100, F = 0-59)
- Categorized Results: Tests grouped by Infrastructure, Security, Threat Detection, Privacy
- Pass/Fail Statistics: Visual count of tests passed vs failed
- Issue Details: Specific problems found with severity ratings
- Recommendations: Clear, actionable steps to improve security
- CVE Information: For vulnerability scans, full CVE IDs and descriptions
π‘ Example Report
Score: 68/100 (Grade C - Fair Security)
π΄ Critical Issues (2)
- Missing Content-Security-Policy header (allows XSS attacks)
- Login form submits over HTTP (credentials exposed)
π‘ Warnings (3)
- jQuery 2.1.4 has known XSS vulnerability (CVE-2020-11022)
- Domain registered 45 days ago (relatively new)
- 3 mixed content resources detected
π Privacy-First Architecture
Your privacy is non-negotiable. We've designed Chesta Security Pro to operate completely locally.
What We DON'T Do
- β No Data Collection: We don't collect, store, or transmit your browsing history
- β No Tracking: Zero third-party analytics or tracking scripts
- β No Ads: Clean, distraction-free interface with no advertising
- β No Cloud Processing: All scanning happens locally in your browser
- β No Account Required: For basic scanning (trial requires email only)
What We DO
- β Local Storage Only: Scan history stored in your browser only
- β User Control: Delete scan history anytime with one click
- β Transparent Operations: Open about what data we access and why
- β Secure Authentication: Supabase enterprise-grade auth (for trial users)
π‘οΈ Chrome Extension Permissions
We only request permissions necessary for security scanning:
- activeTab: Access current page for scanning
- storage: Save settings and session locally
- webRequest: Analyze HTTP headers for security
- tabs: Reload pages after authentication
- notifications: Alert you of critical security threats
π 30-Day FREE Trial - No Strings Attached
We believe you should experience the full power of Chesta Security Pro before committing. That's why we offer a generous 30-day trial.
What's Included in the Trial
- β All 9 Scanners: Including premium AI phishing, JS vulnerabilities, domain reputation, password strength checker
- β Unlimited Scans: Scan as many websites as you want
- β Full Reports: Complete security breakdowns with CVE details
- β All Features: Real-time meter, detailed reports, scan history, password strength analysis
- β No Credit Card: Just email and password to sign up
After Trial Ends
| Feature |
Free Forever |
Premium ($1/mo) |
| Number of Scans Per Day |
βΎοΈ UNLIMITED |
βΎοΈ UNLIMITED |
| Security Headers Scanner |
β Unlimited |
β Unlimited |
| Mixed Content Scanner |
β Unlimited |
β Unlimited |
| Threat Intelligence |
β Unlimited |
β Unlimited |
| Basic Phishing Detection |
β Unlimited |
β Unlimited |
| Form Security Analyzer |
β Unlimited |
β Unlimited |
| AI Phishing Detection (NLP) |
β Locked |
β Unlimited |
| JS Vulnerability Scanner |
β Locked |
β Unlimited |
| Domain Reputation Analyzer |
β Locked |
β Unlimited |
| Password Strength Analyzer |
β Locked |
β Unlimited |
| On-Demand URL Scanning |
β Locked |
β Unlimited |
β οΈ Trial Expiry Warning System
We'll never surprise you! Starting 3 days before your trial ends:
- π΄ The shield icon turns red and blinks gently
- Hover over it to see exactly how many days remain
- Clear call-to-action to subscribe if you want to continue
- After trial: No interruptions, just reduced to basic features
π Password Strength Analyzer PREMIUM β’ FREE TRIAL
Real-time password strength analysis that appears automatically when you type in password fields on any website. Available to trial users and premium subscribers.
How It Works
When you type in a password field on any website, our analyzer instantly evaluates your password and displays a beautiful strength indicator right below the field. No need to click anything - it just works automatically! The analyzer appears as an elegant overlay with a color-coded meter and helpful feedback.
What It Shows
- Visual Strength Meter: Color-coded progress bar (red β orange β yellow β light green β green)
- Strength Rating: Very Weak, Weak, Fair, Good, or Strong
- Crack Time Estimate: How long it would take to crack your password (e.g., "Less than 1 second", "3 hours", "centuries")
- Actionable Feedback: Specific tips to improve your password (e.g., "Add uppercase letters", "Use symbols")
- Score Display: Numerical score out of 100
Analysis Factors
- Password length: Longer passwords are exponentially stronger (minimum 8 characters recommended, 12+ ideal)
- Character variety: Checks for uppercase, lowercase, numbers, and special symbols
- Common patterns: Detects and warns about "123456", "password", "qwerty", etc.
- Dictionary words: Identifies common English words that are easy to crack
- Repeated characters: Detects patterns like "aaaaaa" or "111111"
- Sequential patterns: Identifies "abcdef", "123456", keyboard patterns like "asdfgh"
- Personal information: Warns if password contains common names or dates
π‘ Example Feedback
Password: "password123"
Strength: Weak (35/100)
Crack Time: Less than 1 second
Feedback: "Add uppercase letters and symbols. Avoid common words like 'password'."
Better Password: "P@ssw0rd!2024#Secure"
Strength: Strong (92/100)
Crack Time: Centuries
Feedback: "Excellent! This password is very strong."
Where It Works
- β Registration forms on any website
- β Password change pages
- β Account creation flows
- β Banking and financial sites
- β E-commerce checkout pages
- β Social media platforms
- β Corporate login portals
Privacy & Security
All password analysis happens 100% locally in your browser. Your passwords are:
- β Never sent to our servers
- β Never stored anywhere
- β Never logged or recorded
- β Analyzed in real-time locally
- β Completely private
Complete privacy guaranteed. We take your security seriously.
Who Benefits
- Everyone creating accounts: Get instant feedback on password strength
- Security-conscious users: Ensure your passwords meet best practices
- Corporate users: Meet company password policies
- Parents & educators: Teach children about password security
- Developers: Test password requirements on your own sites
π On-Demand URL Scanning PREMIUM β’ FREE TRIAL
Scan any suspicious URL before clicking it. Perfect for email links, SMS messages, and social media ads. Available to trial users and premium subscribers.
How It Works
Open the extension popup by clicking the Chesta Security Pro icon in your browser toolbar. You'll see an "On-Demand URL Scanner" section with an input field. Simply paste any URL you want to check, click "Scan URL", and get a complete security report in 2-4 seconds - all without ever visiting the potentially dangerous site.
Perfect For
- Email Links: Verify links before clicking in emails (especially from unknown senders)
- SMS/Text Messages: Check suspicious text message links claiming to be from banks, delivery services, etc.
- Social Media Ads: Verify ads and sponsored posts before clicking
- Shortened URLs: See what's behind bit.ly, tinyurl, goo.gl, and other URL shorteners
- QR Code Destinations: Scan URLs from QR codes before visiting
- Search Results: Verify sites before visiting from search engines
- Messenger Links: Check links sent via WhatsApp, Telegram, Discord, etc.
- Forum Posts: Verify links in Reddit, Twitter, Facebook posts
What You Get
- Complete security score (0-100): Instant risk assessment
- All 9 scanners run on the URL: Security headers, mixed content, threat intelligence, JS vulnerabilities, basic phishing, AI phishing, domain reputation, form security, password strength
- Detailed issue breakdown: See exactly what's wrong with the site
- Color-coded risk level: Green (safe), Yellow (caution), Red (danger)
- Actionable recommendations: Clear guidance on whether to proceed
- Safe preview: Get full report without visiting the site
- Scan history: Review previously scanned URLs
π‘οΈ Real-World Use Case Examples
Example 1: Phishing Email
Scenario: You receive an email claiming to be from PayPal: "Your account has been suspended. Click here to verify: http://paypa1-secure.com/verify"
Action: Copy the link β Open extension β Paste into on-demand scanner β Click "Scan URL"
Result: Scanner detects:
- β Domain is not paypal.com (it's paypa1-secure.com with number "1" instead of letter "l")
- β Domain registered 2 days ago (brand new, highly suspicious)
- β AI phishing scanner detects urgency language: "suspended", "verify"
- β Listed in URLhaus threat database
- β Missing security headers
- Score: 15/100 (DANGER)
Outcome: You avoided a phishing attack that would have stolen your PayPal credentials! π
Example 2: Shortened URL from SMS
Scenario: You receive a text: "Your package is waiting! Track it here: bit.ly/pkg12345"
Action: Copy bit.ly link β Scan with on-demand scanner
Result: Scanner follows redirect and analyzes final destination:
- β Legitimate shipping company domain (fedex.com)
- β Strong security headers present
- β Domain age: 25 years (established company)
- β Valid SSL certificate
- Score: 92/100 (SAFE)
Outcome: Safe to click! It's a legitimate tracking link. β
Example 3: Social Media Ad
Scenario: You see a Facebook ad for "70% off designer handbags" linking to: luxury-bags-sale.xyz
Action: Copy link β Scan before clicking
Result: Scanner detects:
- β οΈ Suspicious TLD (.xyz often used for scams)
- β οΈ Domain registered 15 days ago
- β οΈ No HTTPS (insecure connection)
- β οΈ Form collects credit card without proper security
- Score: 42/100 (CAUTION)
Outcome: Likely a scam site. Don't enter payment information! β οΈ
Step-by-Step Guide
- Find a suspicious link in email, SMS, social media, etc.
- Copy the URL (right-click β Copy link address, or select and Ctrl+C)
- Click the Chesta Security Pro icon in your browser toolbar
- Paste the URL into the "On-Demand URL Scanner" field
- Click "Scan URL" button
- Wait 2-4 seconds for analysis to complete
- Review the security report with score, issues, and recommendations
- Make an informed decision whether to visit the site
Technical Details
- Scan Speed: 2-4 seconds for complete analysis
- URL Shortener Support: Automatically follows redirects from bit.ly, tinyurl, goo.gl, etc.
- Parallel Scanning: All 9 scanners run simultaneously for speed
- No Site Visit Required: Analysis happens without loading the page in your browser
- Scan History: Previously scanned URLs are saved for quick reference
- Cache Duration: Results cached for 5 minutes to avoid redundant scans
Who Benefits Most
- Online shoppers: Verify e-commerce sites before entering payment info
- Business professionals: Check vendor links and client-sent URLs
- Parents: Verify links before children click them
- Cryptocurrency users: Avoid wallet-draining scam sites
- Senior citizens: Extra protection against targeted scams
- Anyone receiving suspicious messages: Verify before clicking
Privacy
When you scan a URL, we fetch the page content to analyze it. However:
- β We don't store the URLs you scan
- β We don't track your scanning history on our servers
- β Scan history is stored locally in your browser only
- β You can clear scan history anytime