Skip to content

Hx0-DataGuard-V1.0.6-离线安装包

Latest

Choose a tag to compare

@asaotomo asaotomo released this 13 Jun 13:46
e4954b4

🛡️ Hx0 数据卫士 · v1.0.6

Hx0 数据卫士 是一款在浏览器内本地运行的安全辅助工具。它专注于在日常浏览与输入过程中,帮助你快速发现可能存在的敏感信息泄露风险 —— 全程无需将页面内容上传至服务器

1 0 6-sjws-zh

🆕 v1.0.6 更新

相对 1.0.5,本版主要变化如下:

模块 更新内容
MODE · 五档扫描模式 扫描模式整理为快速 / 标准(默认)/ 深度 / 全面 / 狂暴五档强度阶梯,外链数量、读取上限、超时与 DOM 等待等预算参数随档位单调增大,名称即代表覆盖范围。新增狂暴档预算顶满,适合需要最大覆盖的高强度审计;切换时会弹窗确认。手册内附参数对照表,便于按场景选型。
CHUNK · 动态脚本发现 在原有 webpack/Vite lazy chunk、import()、Worker 等来源基础上,新增对 importmap、modulepreload 预加载链接,以及运行时捕获的 .js 请求的识别,减少动态注入脚本漏采。全面 / 狂暴档下,对因体积截断的大 bundle 还会尝试读取尾部片段以发现更多 chunk 引用。
DEC · 编码自动解码 扫描预处理阶段除 Base64 外,新增 Hex、URL 编码、JS 转义(\u / \x)的自动解码,并支持最多 3 层嵌套解码;解码后若命中敏感特征会回灌检测管道,而不只在 UI 展示。扫描器与结果页共用同一套解码原语,行为一致。
UX · 扫描进度与停止 进度条新增页面分析阶段提示,并采用单调递增 + 时间平滑推进,避免长时间卡住或百分比回退。点击「停止扫描」后,会在分块检测、预处理与外链抓取等关键节点尽快检查取消标志,显著缩短停止生效的等待时间。
468e7a3f749680c5e950c5f323b06107

🔍 页面与脚本扫描

对当前网页进行本地静态与行为分析:

  • 敏感模式识别:匹配页面文本中的敏感特征;命中标注具体来源文件,并支持编码命中的自动解码预览。
  • 外链与脚本检测:识别第三方脚本、动态 chunk、Worker 脚本、可疑 API 路径与 SourceMap 线索;支持批量 HTTP 探测(可配置间隔、并发与超时),并优化重写基址后的路径拼接体验。
  • 报告导出:结果汇总于侧栏,支持 HTML / Markdown / JSON 导出,并纳入 SourceMap 统计、状态清单与建议动作,便于自检与审计。

⌨️ 输入防泄漏保护

在聊天框、表单等输入场景中实时监测(登录页默认排除):

功能 描述
输入与发送监测 输入停顿即提醒(展示全部命中);发送时可根据策略进行拦截或仅弹窗提示
剪切板粘贴监测 粘贴前弹出确认框(可在设置中单独开启),命中后可按勾选规则执行一键脱敏
策略自定义 在设置中调整检测强度与白名单,已覆盖常见站点,并针对 AI、办公网盘、在线文档与代码编辑器做了专项适配

⚙️ 规则中心

  • 内置丰富的通用检测规则(含 URL / Hex / Unicode / CTF Flag 等规则项,并继续收敛 CSS、图片 URL 等常见误报)。
  • 支持自定义规则编写、导入与导出,匹配选项可直接勾选配置,无需手写 gi 等正则标志。
  • 可按业务需求灵活收紧或放宽检测范围,并可通过「全部规则」开关一键启用或禁用当前规则集。

📦 安装与更新

⚠️ 建议通过应用商店安装并在商店内更新(Chrome 应用商店 / 未来 Firefox AMO)。
本扩展无需注册账号,会员权益与侧栏「设置」中的 用户 ID 绑定。卸载扩展、清除扩展数据,或改用离线 .crx / .xpi 重新安装,都可能变成新的用户 ID,已购会员不会自动恢复
开通会员后请立即复制保存用户 ID。若权益丢失,请按下列方式联系客服申请补发或迁移:

  • 邮箱hx0studio@foxmail.com

  • 邮件主题Hx0 数据卫士 会员权益补发

  • 请一并提供

    1. 用户 ID(侧栏「设置」中复制;若重装后 ID 变了,请同时附上旧 ID当前新 ID
    2. 付款凭证(订单截图、支付记录或订阅邮件等)
    3. 简要说明(例如:卸载重装、改用离线包、清除扩展数据等)

信息不全可能无法完成核验与补发。

推荐:应用商店(自动更新)

浏览器 说明
Chrome / Edge / 等 Chromium 系 前往 Chrome 应用商店 安装 v1.0.6,由商店自动推送后续更新
Firefox AMO 审核中,上架后将提供商店链接;审核期间可使用下方 .xpi 离线包

备选:离线安装包(.crx / .xpi

浏览器 安装步骤
Chrome / Edge / 等 Chromium 系 1. 下载 Hx0-DataGuard-chrome-*.crx
2. 打开扩展管理页,开启「开发者模式」
3. 将 .crx 拖入页面,点击确认安装
Firefox 1. 下载 Hx0-DataGuard-firefox-*.xpi
2. 地址栏访问 about:addons
3. 点击齿轮图标 → 「从文件安装附加组件」
(也可直接将 .xpi 文件拖入 Firefox 窗口)

离线包不会自动更新,且不适合已开通会员的用户频繁重装。无法访问商店时再使用下方离线包。


🔒 隐私与边界

本地优先,隐私至上

  • 📁 数据存储:所有检测记录与报告默认保存在你的本地设备中。
  • ⚠️ 定位声明:本工具用于个人/团队的安全自检与辅助研判,不能替代专业的渗透测试、代码审计或法律合规认定。

让每一次输入与浏览,都多一份安心。


🛡️ Hx0 Data Guard · v1.0.6

Hx0 Data Guard is a security assistant that runs locally within your browser. It helps you quickly identify potential sensitive data leaks during daily browsing and input activities — with zero page content ever uploaded to our servers.

1 0 6-sjws-en

🆕 What’s New in v1.0.6

Highlights since v1.0.5:

Area Changes
MODE · Scan tiers Scan modes are reorganized into five tiers—Quick / Standard (default) / Deep / Thorough / Rage—with budgets (external script count, read limits, timeouts, DOM wait) that increase monotonically with each tier. Rage maxes out the budget for high-intensity audits that need maximum coverage; switching to Rage shows a confirmation dialog. The manual includes a parameter comparison table for choosing the right tier.
CHUNK · Dynamic scripts Beyond existing webpack/Vite lazy chunks, import(), and Worker sources, the scanner now recognizes import maps, modulepreload links, and runtime-captured .js requests to reduce missed dynamically injected scripts. On Thorough and Rage tiers, truncated large bundles may also fetch a tail slice to discover more chunk references.
DEC · Auto-decoding Pre-scan preprocessing now decodes Hex, URL encoding, and JS escapes (\u / \x) in addition to Base64, with up to three nested decode layers. When decoded text matches sensitive patterns, it is fed back into the detection pipeline—not shown only in the UI. Scanners and result views share the same decode primitives for consistent behavior.
UX · Progress & cancel The progress bar shows the page-analysis stage and advances monotonically with time smoothing to avoid long stalls or percentage rollbacks. After Stop scan, cancel checks run at chunk detection, preprocessing, and external fetch checkpoints so stop takes effect much faster.
image

🔍 Page & Script Scanning

Performs local analysis on the current webpage:

  • Sensitive Pattern Detection: Identifies sensitive data patterns within page text, with clear hit attribution and decoded previews for encoded matches.
  • External Resource Inspection: Detects third-party scripts, dynamic chunks, Worker scripts, suspicious API endpoints, and SourceMap clues; batch HTTP probing with configurable interval, concurrency, timeout, and improved path assembly after base address rewriting.
  • Reporting: Aggregates results in a sidebar panel; export HTML / Markdown / JSON with SourceMap statistics, status inventory, and suggested follow-up actions for self-auditing and archival.

⌨️ Input Leak Prevention

Monitors real-time input in chat boxes, forms, and other fields (excluded on login pages by default):

Feature Description
Input & Send Monitoring Warns on typing pauses (lists all hits); intercepts or alerts based on policy upon sending.
Clipboard Paste Guard Prompts for confirmation before pasting (can be toggled individually in settings), with one-click masking based on selected rules.
Customizable Policies Adjust detection strength and whitelists in Settings. Covers common sites with specific adaptations for AI tools, office suites, cloud documents, and online code editors.

⚙️ Rule Center

  • Comes with built-in generic detection rules (including URL / Hex / Unicode / CTF Flag patterns, with continued noise reduction for CSS and image URLs).
  • Supports custom rule creation, import, and export; match options can be configured with checkboxes instead of manually writing regex flags such as gi.
  • Allows flexible narrowing or broadening of detection scopes based on business needs, with an All rules switch to enable or disable the current rule set in one click.

📦 Install & Update

⚠️ Install from the official store and update there (Chrome Web Store / Firefox AMO when live).
No account sign-up — membership is tied to the User ID in side panel Settings. Uninstalling, clearing extension data, or reinstalling from an offline .crx / .xpi may give you a new User ID, and paid membership will not come back automatically.
Back up your User ID right after subscribing. If membership stops working, contact support as follows:

  • Email: hx0studio@foxmail.com

  • Subject: Hx0 DataGuard — Membership recovery

  • Please include:

    1. User ID (copy from side panel Settings; if it changed after reinstall, send both the old and new ID)
    2. Payment proof (receipt screenshot, order ID, or subscription email)
    3. Brief description (e.g. uninstalled and reinstalled, switched to offline package, cleared extension data)

We may be unable to restore access if required details are missing.

Recommended: App stores (auto-update)

Browser Notes
Chrome / Edge / Chromium-based Install v1.0.6 from the Chrome Web Store; later updates arrive automatically
Firefox Under AMO review; a store link will be posted when approved. Until then, use the .xpi offline package below

Alternative: Offline packages (.crx / .xpi only)

Browser Installation Steps
Chrome / Edge / Chromium-based 1. Download Hx0-DataGuard-chrome-*.crx
2. Open Extensions page and enable "Developer mode"
3. Drag the .crx file into the page and confirm installation
Firefox 1. Download Hx0-DataGuard-firefox-*.xpi
2. Navigate to about:addons
3. Click the gear icon → "Install Add-on From File"
(Alternatively, drag the .xpi file directly into the Firefox window)

Offline packages do not auto-update. If you are a subscriber, avoid frequent reinstalls. Use them only when stores are unavailable.


🔒 Privacy & Boundaries

Local First, Privacy Focused

  • 📁 Data Storage: All detection logs and reports are stored only on your local device by default.
  • ⚠️ Disclaimer: This tool is designed for personal/team security self-assessment and auxiliary analysis. It does not replace professional penetration testing, code audits, or legal compliance certifications.

Make every keystroke and browse a little safer.