Features How it Works GitHub Get Extension
Free & Open Source

Protect your inbox from phishing attacks

Vervain detects domain spoofing, homograph attacks, and sender impersonation in real-time — before you click that dangerous link.

Get Started on GitHub See how it works
100+ Attack variations detected
Real-time Email scanning
100% Free forever
mail.google.com
Features

Everything you need to stay safe

Vervain combines multiple detection methods to provide comprehensive protection against email-based phishing attacks.

Domain Protection

Monitor your primary domain and detect lookalike domains, typosquatting attempts, and homograph attacks in real-time.

Impersonation Detection

Add trusted contacts to detect when someone impersonates a colleague, boss, or business partner using a different email address.

Real-time Scanning

Emails are scanned instantly as they appear in your inbox. Get immediate warnings before you interact with suspicious content.

CSV Import

Bulk import contacts and domains from CSV files. Perfect for teams and organizations with large contact lists.

Gmail Integration

Seamlessly integrates with Gmail. Works silently in the background and only alerts you when there's a genuine threat.

Privacy First

All detection happens locally in your browser. Your emails never leave your device — we don't see or store your data.

How It Works

Protection in three simple steps

Get started with Vervain in under a minute. No account required.

01

Install the Extension

Clone the repo, build with npm, and load the unpacked extension into Chrome.

02

Configure Your Protection

Enter your domain and trusted contacts. Vervain generates hundreds of suspicious variations to watch for.

03

Stay Protected

That's it! Vervain runs silently in the background, scanning every email and alerting you to phishing attempts and impersonation.

Threat Intelligence

Attacks Vervain detects

Phishers use sophisticated techniques to trick you. Vervain knows them all.

google.com g00gle.com

Homograph Attacks

Using similar-looking characters (like 0 for o, or l for 1) to create domains that look identical at first glance.

company.com companyy.com

Typosquatting

Registering domains with common typos that users might accidentally type or not notice in emails.

bank.com bank-secure.com

Domain Additions

Adding words like "secure", "login", or "verify" to legitimate domains to create convincing fakes.

paypal.com paypal.com.fake.xyz

Subdomain Spoofing

Using the real domain as a subdomain of an attacker-controlled domain to fool quick readers.

CEO: John Smith John Smith <random@gmail.com>

User Impersonation

Attackers using your colleague's display name from a completely different email address to request urgent wire transfers, gift cards, or sensitive data.

Installation

Get started in seconds

Clone, build, and load into Chrome. It's that simple.

# Clone the repository $ git clone https://github.com/Remillardj/Vervain.git
# Install dependencies and build $ cd Vervain && npm install && npm run build
# Load in Chrome → chrome://extensions → Load unpacked → Select dist/

Start protecting your inbox today

Vervain is free, open-source, and privacy-focused. Your emails never leave your browser.

View on GitHub