ASAAnti-Scam Arsenal

BASTION — Anti-phishing shield

The ASA arsenal, fused into your browser. Free, open, no account. Chrome and Safari supported.

Chrome · Edge · Brave

Unpacked install via Developer mode. ~60 seconds.

Download for Chrome

Manifest V3 · 24 KB

Safari (macOS)

Xcode project source. You build and sign it locally.

Download for Safari

Xcode 14+ · macOS only · Apple Developer account for App Store

Typosquat detection

Catches lookalike domains before you log in.

Homoglyph detection

Flags Cyrillic and unicode tricks in URLs.

Domain age check

Newly-registered domains get extra scrutiny.

Google Safe Browsing

Live-checks against Google's threat database.

Phishing page detection

Spots fake login pages on unfamiliar domains.

Link annotation

Hover any link to see its real destination + risk.

Gmail scanning

Scans incoming Gmail messages for known scam patterns.

Install in Chrome

~60 seconds
  1. 1Download the Chrome ZIP using the button above.
  2. 2Unzip it to a folder you'll keep (Documents/BASTION works).
  3. 3Open chrome://extensions/ in a new tab.
  4. 4Enable Developer mode (toggle in the top-right).
  5. 5Click Load unpacked and select the unzipped bastion-extension folder.
  6. 6Pin the extension from the puzzle-piece icon in your toolbar.
  7. 7Shield icon appears — you're protected on every site.

Install in Safari

Requires Xcode
  1. 1Download the Safari ZIP (Xcode project — requires Xcode 14+ on macOS).
  2. 2Unzip and open BASTION/BASTION.xcodeproj.
  3. 3Select the BASTION (macOS) scheme and press ⌘R to build and run the container app.
  4. 4In Safari, enable Develop ▸ Allow Unsigned Extensions (first-run only; Safari hides this menu by default — turn it on in Settings ▸ Advanced).
  5. 5Open Safari Settings ▸ Extensions and tick BASTION.

Optional API keys (enhanced protection)

Open the extension options page to paste your own keys — without them BASTION falls back to local heuristics only.

  • Google Safe Browsing — free, real-time threat list
  • WhoisXML — domain age + registrant lookups
  • VirusTotal — multi-engine URL/file scanning

Keys are stored locally in the browser's extension storage — they never leave your browser.