BASTION — Anti-phishing shield
The ASA arsenal, fused into your browser. Free, open, no account. Chrome and Safari supported.
Chrome · Edge · Brave
Unpacked install via Developer mode. ~60 seconds.
Download for ChromeManifest V3 · 24 KB
Safari (macOS)
Xcode project source. You build and sign it locally.
Download for SafariXcode 14+ · macOS only · Apple Developer account for App Store
Typosquat detection
Catches lookalike domains before you log in.
Homoglyph detection
Flags Cyrillic and unicode tricks in URLs.
Domain age check
Newly-registered domains get extra scrutiny.
Google Safe Browsing
Live-checks against Google's threat database.
Phishing page detection
Spots fake login pages on unfamiliar domains.
Link annotation
Hover any link to see its real destination + risk.
Gmail scanning
Scans incoming Gmail messages for known scam patterns.
Install in Chrome
~60 seconds- 1Download the Chrome ZIP using the button above.
- 2Unzip it to a folder you'll keep (Documents/BASTION works).
- 3Open
chrome://extensions/in a new tab. - 4Enable Developer mode (toggle in the top-right).
- 5Click Load unpacked and select the unzipped
bastion-extensionfolder. - 6Pin the extension from the puzzle-piece icon in your toolbar.
- 7Shield icon appears — you're protected on every site.
Install in Safari
Requires Xcode- 1Download the Safari ZIP (Xcode project — requires Xcode 14+ on macOS).
- 2Unzip and open
BASTION/BASTION.xcodeproj. - 3Select the BASTION (macOS) scheme and press ⌘R to build and run the container app.
- 4In Safari, enable Develop ▸ Allow Unsigned Extensions (first-run only; Safari hides this menu by default — turn it on in Settings ▸ Advanced).
- 5Open Safari Settings ▸ Extensions and tick BASTION.
Optional API keys (enhanced protection)
Open the extension options page to paste your own keys — without them BASTION falls back to local heuristics only.
- • Google Safe Browsing — free, real-time threat list
- • WhoisXML — domain age + registrant lookups
- • VirusTotal — multi-engine URL/file scanning
Keys are stored locally in the browser's extension storage — they never leave your browser.