A real-time threat intelligence sensor that lives in your browser. Scans pages for IOCs, blocks phishing forms, and quarantines suspicious downloads — all powered by a local FastAPI engine.
cd backend
pip install -r requirements.txt
uvicorn main:app --reload --host 127.0.0.1 --port 8000API docs available at: http://127.0.0.1:8000/docs
- Open
chrome://extensions/ - Enable Developer mode
- Click Load unpacked → select the
extension/folder - Pin ThreatNode from the extensions toolbar
threatNode/
├── backend/
│ ├── main.py
│ └── requirements.txt
├── extension/
│ ├── manifest.json
│ ├── background.js
│ ├── content_scripts/
│ │ ├── ioc_scanner.js
│ │ ├── phishing_shield.js
│ │ └── tooltip.css
│ ├── popup/
│ │ ├── popup.html
│ │ └── popup.js
│ └── icons/
└── README.md
Installation Steps
- Load the Extension in Chrome/Edge
Since this isn't published on the Chrome Web Store, you'll need to load it locally:
Clone/Download the repository:
bash
git clone https://github.com/narkytypey/threat.ext.git
cd threat.ext
Open Chrome/Edge and go to the Extensions page:
Chrome: chrome://extensions
Edge: edge://extensions
Enable "Developer mode" (toggle in the top-right corner)
Click "Load unpacked" and select the extension/ folder from the cloned repo
The extension should now appear in your extensions list with the ThreatNode icon
- Set Up the Backend (Python)
The extension communicates with a backend API (FastAPI-based). To enable full functionality:
Install Python dependencies:
bash
cd backend
pip install -r requirements.txt # or check for setup instructions
Start the backend server:
bash
python main.py
The backend typically runs on http://127.0.0.1:8000/ (as defined in the manifest)
Key Features to Try
IOC Detection: Scans pages for indicators like IP addresses, MD5/SHA hashes, suspicious URLs
Phishing Protection: Blocks phishing forms
Download Quarantine: Intercepts and flags suspicious downloads