url.vet

About

A fully open-source phishing detection engine that runs multiple checks in real time and explains exactly what it found. No accounts, no hidden algorithms. Built for people who want to understand why a link is safe, not just be told it is.

Why this exists

Phishing links show up everywhere: in emails, DMs, QR codes, and shortened URLs. When something looks suspicious, most people either click and hope, or avoid the link entirely. Neither is a good. The tools that exist don't help much either. Quick scanners return a pass or fail with no explanation. Thorough crawlers take too long and often bury results in raw technical data. There is nothing in between that is fast and still shows its work in plain language.

url.vet (also known as URLvet, previously SafeSurf) is that middle ground. Paste a link and get a result in seconds: a trust score, a clear verdict, and a breakdown of exactly what was checked. No guesswork, no signup, nothing hidden.

It runs 18 checks covering URL structure, DNS records, TLS certificates, domain age, typosquatting, page content, and live threat feeds. Every check produces a plain-language reason, so you always know what pushed the score up or down.

Philosophy

Explainability over security theater

A verdict you can't explain is a verdict you can't trust. Every signal is shown, whether it helped or hurt the score.

Live over cached

Phishing pages spin up and disappear in hours. Scanning at request time catches what static databases miss.

Open source by default

Security tools should be auditable. The entire detection engine is on GitHub under AGPL-3.0.

No friction

No account, no ads, no API key. Paste a URL, get an answer.

Team

abhizaik
abhizaik

Creator & maintainer

Got one too many suspicious links with no good way to check them, so built url.vet.

@abhizaik [email protected]

With help from friends on GitHub.

Open source

url.vet is fully open source. A lot of projects call themselves open source but only publish the frontend while keeping the actual engine private. Here, everything is publicly available. The detection engine, scoring logic, API, and frontend. Nothing hidden.

The community edition is licensed under AGPL-3.0. Free to use, self-host, and modify. Found a bug or want to contribute? Pull requests are welcome.

View on GitHub Report an issue

Get in touch

Feedback, false positives, or just to say hi. Reach out at [email protected].