LinkCage — a local security tool
Phishing, malware, and exploits get trapped in a cage instead of your real browser. LinkCage opens suspicious links inside a hardened Docker browser — your real one never touches them.
The problem
Phishing, malware, and zero-day exploits arrive as ordinary-looking links — and once your browser renders the page, the damage is done.
LinkCage rebuilds the click. Right-click any link, send it to the cage, and watch it run somewhere it can't reach you.
Step 1 — The Doorbell
A browser extension in Chrome, Edge, and Firefox.
“Someone's at the door. Don't answer it yourself.”
Right-click any link and choose Open in Sandbox. The Connector hands the URL straight to the Engine — your real browser never touches the page, never resolves the domain, never renders a single byte.
Step 2 — The Lock
A local native-messaging host between the door and the vault.
“The lock between the door and the vault.”
A small Python host runs on your machine. It boots the sandbox, drives Chromium inside the container over the Chrome DevTools Protocol, and tears the whole thing down on demand. Nothing leaves your laptop. No third-party services, no telemetry, no cloud.
Step 3 — The Vault
A hardened Docker sandbox where suspicious links go to die.
“Where suspicious links go to die.”
A hardened Docker image with zero fixable CVEs runs an incognito Chromium in its own isolated network. The link renders here, inside a container. When you close the window, the entire container is destroyed — and so is whatever it pulled in.
Before you install
Three things. All free, all standard tools. Most people already have at least one. Take a minute now and the install in the next section becomes a one-liner.
Free · macOS / Windows / Linux
Runs the sandboxed Chromium that opens your suspicious link. Without it, LinkCage has nowhere to send links.
Download the installer for your OS, run it, and accept the defaults. On first launch, Docker Desktop will set up its own engine — give it a minute. You'll know it's ready when the whale icon appears in your menu bar (macOS) or system tray (Windows).
Check it's working:
docker --version
Free · ships on macOS & Linux · download for Windows
Powers the small background helper that talks to Docker and your browser. Already installed on most Macs and Linux machines.
On Windows, download the installer and check "Add Python to PATH" on the first screen — that one checkbox saves you an hour of troubleshooting later. On macOS, Python 3 is preinstalled; if you want a newer version, install via python.org or Homebrew (brew install python).
Check it's working:
python3 --version
Free · pick one or more
Where you right-click links to send them to the cage. LinkCage works in all three.
Most people already have at least one of these. Edge ships with Windows. If you want a fresh install, Chrome's the default pick. The LinkCage extension takes a minute to load — instructions are in the next section.
Already running it? You're set.
Already have all three? Skip ahead. Missing something? Click the download buttons above — none of them take more than a few minutes.
Install
Add the extension from your browser's store, then run one command to wire up the local sandbox.
Step 2 · Install the local runner
# clone the repo (the local sandbox runner)
# macOS: keep it out of ~/Downloads, ~/Desktop, ~/Documents
cd ~
git clone https://github.com/yaxzone/LinkCage.git
cd LinkCage
# detects your browsers, registers native messaging,
# pulls the image, and starts the sandbox
# macOS / Linux
./setup.sh
# Windows
.\setup.ps1No extension ID to copy or paste — the published store IDs are built in. Restart your browser once, then right-click any link and choose "LinkCage: Open in Sandbox".
Get in touch
Questions, feedback, bug reports — drop a line.