Scrutinix is a FOSS multi-signal URL threat analyzer. Paste a suspicious link and get a streamed, evidence-first report that combines browser-protection lists, threat feeds, redirect tracing, DNS and TLS context, registration data, and ML scoring in one place.
- Live app:
https://www.scrutinix.net - About:
https://www.scrutinix.net/about - Privacy:
https://www.scrutinix.net/privacy - Spec:
SPEC.md - Contributing:
CONTRIBUTING.md - Security:
SECURITY.md
- Streamed analysis over NDJSON instead of spinner-then-dump results.
- Eight normalized signals on every scan result.
- Batch triage for up to 10 URLs with per-item failure isolation.
- Client-side history with re-scan, search, filters, and CSV/JSON export.
- Privacy-aware defaults: history stays in IndexedDB, and server logs avoid raw URL strings.
- Public-facing trust surfaces that explain methodology, caveats, and data handling.
virusTotal: multi-engine reputation checkgoogleSafeBrowsing: browser-protection verdictsthreatFeeds: URLhaus plus cached OpenPhish community feed coveragemlEnsemble: hosted classifier plus local lexical scoringssl: certificate validity and trust signalswhois: RDAP-backed registration and age contextdns: record-level infrastructure contextredirectChain: hop-by-hop redirect tracing with resilient certificate handling
- Single-URL scans stream
scan_started,signal_result,scan_complete, andscan_errorevents. - Batch scans stream per-URL progress and keep one broken URL from aborting the rest of the run.
- Summary and Full Report modes present the same scan at different levels of density.
- Share links are client-generated snapshots; they do not create a server-side share database.
/aboutand/privacyexplain how verdicts are formed and what data stays in the browser.
- Next.js
16 - React
19 - TypeScript
5.9 - Tailwind CSS
4 - selective shadcn/ui primitives +
next-themes - Vitest + MSW
- Playwright + axe-core
- Lighthouse
- Install dependencies.
npm install- Copy the example env file and add any provider keys you want to enable.
cp .env.example .env.local- Start the app.
npm run devFor browser automation and local audits, bind the host explicitly:
npm run dev -- --hostname 127.0.0.1 --port 3000Core provider and deployment variables:
VIRUSTOTAL_API_KEY=
GOOGLE_SAFE_BROWSING_API_KEY=
HUGGINGFACE_API_KEY=
HUGGINGFACE_URL_MODEL=DunnBC22/codebert-base-Malicious_URLs
URLHAUS_AUTH_KEY=
UPSTASH_REDIS_REST_URL=
UPSTASH_REDIS_REST_TOKEN=
KV_REST_API_URL=
KV_REST_API_TOKEN=
OPENPHISH_FEED_URL=https://openphish.com/feed.txt
NEXT_PUBLIC_APP_URL=https://www.scrutinix.netScrutinix still runs in a degraded mode without third-party keys. Local enrichment signals remain available, provider failures are surfaced explicitly, and safe-result confidence is capped when primary reputation coverage is missing.
Primary local checks:
npm run lint
npm run format -- --check .
npm run typecheck
npm run test:unit -- --run
npm run test:integration -- --run
npm run test:e2e -- --grep @smoke
npm run buildAdditional repo maintenance checks:
npm audit
npm run lighthouseapp/api/analyze/route.ts: single-scan NDJSON endpointapp/api/analyze/batch/route.ts: batch NDJSON endpointproxy.ts: request gating and rate limiting for/api/analyzelib/server/: orchestration, provider adapters, caching, logging, and stream helperscomponents/scrutinix/: branded analyzer UI and client runtime islandshooks/: NDJSON stream readers and IndexedDB-backed historytests/: unit, integration, accessibility, keyboard, and E2E smoke coverage
SPEC.md: product and architecture source of truthPLAN.md: execution history and validation recordCONTRIBUTING.md: local setup and contribution rulesSECURITY.md: private vulnerability reporting guidanceLICENSE: MIT
Scrutinix is deployed on Vercel at https://www.scrutinix.net. Preview
deployments are protection-gated in this project; use vercel inspect when
anonymous preview requests return 401.