TraceGlyph by mthcht

About

TraceGlyph is a real-time website security analyzer built for security researchers, investigators, and privacy-conscious users. It runs entirely in the browser with zero external communication - no data ever leaves the user's machine.
When a user visits any website, TraceGlyph silently monitors and analyzes everything happening behind the scenes:
Fingerprint Detection: Intercepts 40+ browser API calls that websites use to build a unique device fingerprint, including Canvas, WebGL, WebGPU, Audio, Font enumeration, Screen profiling, WebRTC, Battery, Navigator properties, CSS media queries, Math functions, and behavioral biometrics. Each interception shows the exact data the website attempted to read.
Phishing Analysis: Applies 47 detection rules across 7 categories to identify phishing indicators such as brand impersonation through favicons or images, suspicious login forms, homograph domain attacks, obfuscated JavaScript typical of phishing kits, and anti-analysis techniques like debugger traps.
Tracking Pixel Decoder: Detects hidden tracking pixels and beacons from 35+ advertising and analytics networks, then decodes their URL parameters to reveal exactly what data is being transmitted about the user.
Network Intelligence: Resolves domain-to-IP mappings, tracks redirect chains, detects network anomalies, and audits security headers such as CSP, HSTS, X-Frame-Options, and Permissions-Policy.
IOC Extraction: Automatically extracts Indicators of Compromise from page content, including IP addresses, domains, URLs, file hashes, CVE identifiers, MITRE ATT&CK technique IDs, email addresses, suspicious filenames, registry keys, and cryptocurrency wallet addresses. Handles defanged notation automatically.
Ghost and Spoof Protection: Ghost mode blocks all fingerprinting by returning generic values. Spoof mode returns realistic randomized fake values. Both can be applied per-site or globally.
Threat Scoring: Assigns a 0-100 threat score with a transparent breakdown across 9 categories, helping users quickly assess a website's risk level.
Full transparency into fingerprinting techniques used against you, active protection via Ghost and Spoof modes, real-time phishing detection, investigation-grade network intelligence without any external data sharing, tracking pixel visibility, and complete offline operation with no accounts or telemetry required.