Udjat (The Eye of Horus) is an advanced multimodal AI agent designed for real-time zero-day phishing detection. It intercepts every URL you visit in the browser, analyzes it with a multimodal AI (screenshot + DOM text + URL heuristics) before the page is fully interactable, and shows you an inline verdict: SAFE, MALICIOUS, or UNKNOWN.
Udjat solves the critical problem of modern phishing attacks that bypass traditional blocklists by using advanced vision and reasoning to "see" the threat as it happens.
Traditional anti-phishing solutions rely on static blocklists and known signatures, leaving you vulnerable to Zero-Day attacks. Udjat changes the game by using a real-time multimodal AI agent that acts as a 24/7 personal security analyst on your device.
- β‘ Zero-Day Detection: Identify malicious sites minutes after they go live, without waiting for blocklist updates.
- ποΈ Multimodal Vision: Udjat analyzes logos, UI layouts, and brand impersonation attempts using high-end vision models.
- π« Anti-Cloaking: Analysis happens natively in your browser, bypassing attacker tricks that hide content from automated server-side scanners.
- π Hyper-Private: Zero telemetry. Your data stays between you and your AI provider. Use Ollama for a 100% local, air-gapped security model.
- π§ Provider Agnostic: Connect to Google Gemini, OpenAI GPT-4o, Anthropic Claude, or any local model via OpenRouter/Ollama.
1. AI Interception & Block Page Udjat stops the navigation to show you the full reasoning of the AI model before you can interact with the malicious page.
2. Persistent Danger Banner (Bypass Mode) If you decide to proceed at your own risk on a flagged site, Udjat injects a persistent, unclosable red banner to ensure you stay alert.
3. Enterprise Configuration Panel Connect Udjat to your own locally hosted AI (Ollama) or any corporate backend endpoint effortlessly.
Get Udjat running in your local machine in under 3 minutes:
1. Clone and Install
git clone https://github.com/lfzer0h/udjat.git
cd udjat
./install.sh # Interactively installs dependencies, runs setup, and starts server2. Load Extension in Chrome
- Open
chrome://extensions - Enable Developer mode (top right corner)
- Click on Load unpacked β select the
extension/folder - The Udjat icon will appear in your toolbar.
(For detailed options, Ollama local AI, or Enterprise HTTPS deployment, see Installation and Configuration)
- π Quick Start
- π§ 1. How it Works (Core Concepts)
- π€ 2. AI Models & Providers
- π οΈ 3. Configuration & Management
- ποΈ 4. System Architecture (Deep Dive)
- π°οΈ 5. Expert Reference & Deployment
- βοΈ 6. License
Udjat applies a zero-trust model to browser navigation, using a hybrid architecture that combines local heuristics with cloud or local AI.
Udjat operates on a "Plan A / Plan B" strategy to ensure maximum detection accuracy while being resilient to technical failures.
- Stage 1: Client-Side Capture (Plan A - Primary)
- Capture: The extension waits 1.5s for the page to render and grabs a high-quality screenshot + DOM text.
- Advantage: By capturing natively in your browser, Udjat sees exactly what you see, bypassing "Cloaking" (when malicious sites show a fake "safe" version to datacenter bots).
- Stage 2: Hybrid Fallback (Plan B - Resilience)
- Trigger: If the extension fails to send data (timeout or error), the Backend triggers its internal Isolated Sandbox.
- Action: A headless Chromium instance visits the URL independently to generate the required screenshot and text.
- Stage 3: Multi-modal AI Verdict
- The data (from Plan A or Plan B) is sent to the AI (Gemini, Claude, GPT-4, etc.).
- The AI analyzes brand consistency, urgency, and credential requests to issue a final verdict.
Udjat uses a multi-layered approach to maximize both security and performance, ensuring that AI analysis is only performed when strictly necessary.
-
Layer 1: Static Trust (Whitelist / Allowlist) Before any network activity, Udjat checks if the domain is known to be safe.
- Local (Extension):
STATIC_ALLOWLIST(Google, Microsoft, GitHub, etc.). - Remote (Backend):
safeDomainsCache(Centralized list from GitHub/URL). - Matching: Supports exact match and subdomain inheritance (e.g.,
google.comcoversmail.google.com). - Result: Instant
SAFEverdict with 0ms latency.
- Local (Extension):
-
Layer 2: Heuristic Triage (Backend) If the domain is unknown, the backend analyzes the URL structure for risk signals.
- Markers: Checks for brand impersonation, suspicious TLDs, redirect patterns, and keywords.
- Logic: If 0 signals are found, the site is considered low-risk enough to bypass AI.
- Result:
SAFEverdict without the cost/latency of an AI call.
-
Layer 3: Tri-layer Session Cache To avoid redundant analysis of the same content:
- Extension Cache: 10-minute TTL per URL in Service Worker memory.
- Backend Cache: Map-based process memory for immediate simultaneous requests.
- Browser Storage: Persistent state for bypassed sites.
-
Layer 4: User Exceptions (Bypass & Nag) The final decision layer belongs to the user.
- Bypass: When a site is blocked, the user can choose to "Proceed at own risk".
- One-shot Exception: The bypass is temporary and session-based.
- Nag System: A periodic overlay ensures the user remains aware of the risk.
Udjat applies two detection layers before showing a verdict:
Instant local analysis of the URL before calling AI. Detects:
| Signal | Example |
|---|---|
| High-risk TLD | .online, .xyz, .click, .tk, .icu, .buzz |
| Campaign parameters | utm_campaign=, utm_source=, campanha=, ref= |
| Keywords in domain | portal, secure, login, bank, verify, professional |
| Brand impersonation | domain contains microsoft, paypal, nubank, bradesco... |
| Host is a direct IP | http://185.220.101.45/login |
| Nested subdomains | login.secure.account.evil.com |
| Very long domain | >40 characters (obfuscation technique) |
| Number sequences | bank4829301.site |
If the model was too optimistic (returns SAFE but with score > 45), the factory corrects it to MALICIOUS.
| Score | Meaning | Verdict |
|---|---|---|
| 0β20 | Clearly legitimate site | SAFE |
| 21β45 | Minor signals | SAFE |
| 46β65 | Multiple risk signals | MALICIOUS |
| 66β85 | Clear signs of phishing | MALICIOUS |
| 86β100 | Confirmed phishing | MALICIOUS |
The following table provides an impartial comparison of the models you can configure Udjat to use.
Warning
*** Estimated Detection Rate:** These percentages are rough approximations based on internal testing of obfuscated DOMs and screenshot analysis. Real-world performance heavily depends on the specific, evolving traits of new phishing campaigns. **** Average Costs:** These are generalized estimates. Actual API pricing fluctuates, and real token consumption depends entirely on the size of the website's DOM and the complexity of the viewport screenshot at the time of capture.
| AI Model | Recommended Provider | Est. Detection Rate * | Avg. Requests per $10 USD ** | Key Characteristics |
|---|---|---|---|---|
| Claude 3.5 Sonnet | Anthropic / OpenRouter | ~98.8% | ~300 - 450 | β
State-of-the-art vision reasoning and deobfuscation. β Premium pricing per token. |
| GPT-4o | OpenAI / OpenRouter | ~97.2% | ~400 - 600 | β
Extremely consistent with brilliant semantic recognition. β Relatively expensive for massive user bases. |
| Gemini 2.5 Pro | OpenRouter | ~96.5% | ~500 - 800 | β
Superior reasoning for complex visual cues and brand detection. β Slower inference than the Flash series. |
| GPT-4o-mini | OpenAI / OpenRouter | ~95.5% | ~7,000 - 10,000 | β
Incredible performance-to-cost ratio for high volume. β Slightly less nuance in forensic analysis. |
| Gemini 2.5 Flash | OpenRouter | ~94.8% | ~12,500+ | β
Unbeatable speed and ultra-low cost for real-time triage. β Best for standard phishing; might skip edge-case obfuscation. |
| GLM-4V / Qwen2-VL | Zhipu / DashScope | ~91.2% | ~2,500 - 3,500 | β
Highly cost-efficient with excellent native OCR. β Ocasional structural biases on non-standard domains. |
| Llama 3.3 / LLaVA | Ollama (LocalHost) | ~75% - 85% | Unlimited (Hardware) | β
Absolute privacy (Zero-Trust), data never leaves the local network. β Noticeably lower effectiveness without specific fine-tuning. |
Note
Measurement Standard: Detection rates are estimated based on F1-Score averages across zero-day phishing datasets (multimodal analysis). These numbers represent the model's ability to balance precision (avoiding false positives) and recall (catching real threats).
All providers make direct calls to their official APIs. There are no wrappers, custom proxies, or third-party abstraction layers between Udjat and the API.
- Google Gemini (
providers/gemini.js): Uses official@google/generative-aiSDK. Native JSON response. - OpenAI (
providers/openai.js): Uses officialopenaiSDK. Supports image_url base64 uploads. - Anthropic (
providers/anthropic.js): Uses official@anthropic-ai/sdk. Note the different image source structure. - OpenRouter (
providers/openrouter.js): Uses officialopenaiSDK with custombaseURL. Automatically retries on 429 errors. - Ollama (
providers/ollama.js): Uses officialopenaiSDK pointing tolocalhost:11434. 100% private.
The easiest way to configure the backend:
cd backend
npm run setup # launches the interactive wizardThis wizard generates your .env file step-by-step, masking API keys and validating ports.
- Shortcut: Click the Udjat icon β "Whitelist this domain".
- Management: Open the Options panel (Right-click icon β Options) to view, add, or remove domains.
- Persistence: Saved in
chrome.storage.local.
Udjat allows managing a global list of trusted domains via a remote text file (e.g., hosted on GitHub Raw).
- Configuration: Set
WHITELIST_URLinbackend/.env. - Inheritance: Whitelisting
google.comcovers all subdomains. - Platform Protection: Trust inheritance is explicitly blocked for UGC platforms like
github.ioors3.amazonaws.comto prevent bypasses. - Sync: Auto-refreshes every 24 hours.
- Install Ollama:
curl -fsSL https://ollama.com/install.sh | sh. - Pull a model:
ollama pull llava(Vision recommended). - Configure Udjat: Select "Ollama" in the Setup Wizard.
If you prefer not to use the automated scripts:
cd backend
npm install
npm run setup
npm start- Open
chrome://extensions. - Enable Developer mode.
- Click Load unpacked β select
extension/folder.
Model: Client-Side Capture + AI Triage Proxy
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β BROWSER (Chrome) β
β β
β ββββββββββββββββββββββββββββ βββββββββββββββββββββββββββββ β
β β background.js β β content.js β β
β β (MV3 Service Worker) ββββΊβ (Content Script) β β
β β β β β β
β β onBeforeNavigate: β β - UDJAT_GET_DOM_TEXT β β
β β quick decisions β β extract title+body+forms β
β β (allowlist/cache) β β - Analysis overlay β β
β β β β - Verdict panel β β
β β onCompleted: β β - Nag system β β
β β captureVisibleTab() β β β β
β β GET_DOM_TEXT β βββββββββββββββββββββββββββββ β
β β SHOW_OVERLAY β β
β β callBackend(...) β βββββββββββββββββββββββββββββ β
β ββββββββββββββ¬ββββββββββββββ β options.html / .js β β
β β β - Configure backend URL β β
β ββββββββββββββΌββββββββββββββ β - Enterprise deployment β β
β β popup.html / .js β βββββββββββββββββββββββββββββ β
β β - Backend status β β
β β - Active verdict β β
β β - History Β· Nag config β β
β ββββββββββββββββββββββββββββ β
βββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββββββββββ
β POST /api/analyze
β { url, screenshotBase64, extractedText }
β
βββββββββββββββββββββΌββββββββββββββββββββββββββββββββββββββββββββββ
β BACKEND β AI Triage Proxy (Node.js) β
β β
β Express API (/api/health Β· /api/analyze) β
β βββ 1. Cache Check β
β βββ 2. Heuristic Triage β
β βββ 3. AI Bridge (Gemini, GPT-4o, Claude, Ollama) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
udjat/
βββ backend/
β βββ server.js # Express Entry point
β βββ src/
β β βββ ai/ # Strategic AI providers
β β βββ sandbox/ # Puppeteer fallback sandbox
β β βββ prompt.js # Unified JSON Prompt
βββ extension/
βββ background.js # Capture engine
βββ content.js # UI Overlay & Extraction
βββ options.html # Admin Panel
βββ block.html # Phishing block page
- [onBeforeNavigate]: Quick check (Whitelist/Cache).
- [onCompleted]: Full Analysis.
captureVisibleTab()β clean screenshot.UDJAT_GET_DOM_TEXTβ Title + Body + Forms.UDJAT_SHOW_OVERLAYβ Blocks user interaction.POST /api/analyzeβ Backend triage + AI evaluation.
- Result: Handle verdict (Redirect to block.html OR hide overlay).
| Message | Direction | Action |
|---|---|---|
UDJAT_SHOW_OVERLAY |
SW β CS | Shows analysis spinner |
UDJAT_SHOW_VERDICT |
SW β CS | Shows result (UNKNOWN/degraded) |
UDJAT_START_NAG |
SW β CS | Starts periodic warnings |
UDJAT_BYPASS_AND_GO |
Block β SW | User accepts risk |
- 8-bit Icons: Chrome MV3 only accepts 8-bit PNGs for
setIcon. 16-bit PNGs render fully transparent. - Run-at document_start: Ensuring the overlay appears before the HTML parser finishes.
Checks backend status and active AI provider.
Request: { "url": "https://suspicious.site" }
Response:
{
"verdict": "MALICIOUS",
"score": 82,
"reason": "Brand impersonation + suspicious TLD.",
"provider": "GEMINI",
"latencyMs": 3100
}Set in backend/.env:
AI_PROVIDER: GEMINI, OPENAI, ANTHROPIC, etc.WHITELIST_URL: Path to remote trusted list.HOST/PORT: Server network configuration.
The Udjat backend is a plain HTTP server β it does not handle TLS natively. For deployments that require HTTPS (public servers, corporate networks with SSL inspection), the recommended approach is to place a reverse proxy in front of Express.
Chrome Extension ββHTTPSβββΊ nginx / Caddy ββHTTPβββΊ Express :8000
The extension talks HTTPS to the proxy; the proxy terminates TLS and forwards plain HTTP to the local Express process. No changes are needed to the Udjat source code.
Udjat handles enterprise-scale analysis naturally. You can host a single backend server and point multiple Udjat extensions to it:
- Deploy the backend on a dedicated server (public or VPN-accessible).
- Set up HTTPS: Configure Nginx/Caddy (as shown in section 5.3) to provide a secure endpoint.
- Configure Clients: In the Udjat extension Options Panel, simply replace
http://127.0.0.1:8000with your server's URL (e.g.,https://udjat.yourcompany.com).
This allows a centralized security engine to protect your entire fleet with a single API key and shared intelligence.
- Fail-closed: Any internal failure returns
UNKNOWN(warning) β neverSAFE. - Hybrid Sandbox Fallback: If the extension fails to send data, the backend triggers an integrated Puppeteer Sandbox for independent capture.
- Chromium Reincarnation: To maintain stability, the backend sandbox recycles Chromium every 100 uses to prevent memory leaks.
- No Telemetry: Analysis is private. Data only reaches your backend and chosen AI provider.
- Structured Logging: Ready for SIEM (Splunk/ELK) ingestion.
- Standard JSDoc: The entire codebase follows professional JSDoc standards for easy auditing.
- Rate Limiting: Protects the backend from DoS and budget depletion.
This project is licensed under the MIT License.
ai-phishing antiphishing cybersecurity-agent security-llm zero-day-detection ollama-security multimodal-ai-agent phishing-prevention automated-security-analyst browser-security-extension