Secureye

About

Secureye is a browser extension that detects suspicious downloads and script activity that Chrome's built-in security misses.

WHAT IT DETECTS

Download threats:
- MIME type mismatches (server says executable, file says PDF)
- Double extension tricks (report.pdf.exe)
- Drive-by burst downloads (multiple files in rapid succession)
- Social engineering filenames (urgency keywords, scareware names)

Script and resource threats:
- Obfuscated code execution (eval(atob()), encoded payloads)
- Hidden iframes from unknown domains
- Cross-origin data exfiltration via sendBeacon
- Browser fingerprinting (canvas, audio, WebGL tracking)

HOW IT WORKS

Secureye runs a 6-layer detection pipeline entirely within your browser:
1. MIME type analysis (compares server headers against file extension)
2. URL pattern analysis (suspicious domains, raw IPs, risky TLDs)
3. Behaviour detection (burst downloads, silent downloads)
4. Filename analysis (double extensions, social engineering keywords)
5. Script inspection (runtime API interception in page context)
6. Optional API enrichment (URLhaus, Google Safe Browsing, VirusTotal)

When a threat is detected, Secureye blocks the download, shows a clear warning page explaining what was found, and logs the detection in a local dashboard.

PRIVACY FIRST

- All detection runs locally in your browser
- No personal data is collected or transmitted
- No analytics, telemetry, or tracking
- API enrichment is opt-in and disabled by default
- All data stored locally using Chrome's storage API

USER CONTROLS

- Adjustable detection sensitivity (Low / Medium / High)
- Domain whitelist (skip analysis for trusted sites)
- Domain blacklist (auto-block specific domains)
- Dark and light theme
- Manual page scan for on-demand inspection
- Detection feedback system (report false positives to improve accuracy)