Fifteen tools. Zero signups.
Every inline security tool you wish existed in one place. Nothing is stored. Nothing is tracked. Paste, run, copy the fix.
Header Doctor
Security headers graded + specific fixes.
Paste any public URL. Get a per-header verdict, a score, and drop-in nginx/apache/express snippets for every gap.
TLS X-Ray
Full TLS chain + protocol + cipher analysis.
Inspect live certificates: chain, SANs, key strength, expiry, negotiated protocol and cipher. No API keys, no third-party dependencies.
Prompt Injection Sandbox
Stress-test your system prompt against 40+ payloads.
Paste your AI agent's system prompt. We run it against a curated library of known prompt-injection and jailbreak patterns and highlight likely bypasses.
CVE Time Machine
A library's full CVE history, visualized.
Full CVE history timeline for any library with severity distribution and patched version ranges.
Password Entropy Lab
Rainbow-table-grade entropy visualization.
Analyze password strength, entropy bits, cracking time estimates, and compliance with NIST guidelines.
JWT Forensics
Decode + vulnerability scan + signature demo.
Decode JWTs, scan for algorithm confusion, weak keys, and verify signature mechanics.
Docker Hardening Grader
Paste Dockerfile → score + auto-fix.
Grade Dockerfiles for security, detect base image vulnerabilities, analyze layers, and get remediation.
K8s Policy Auditor
OPA-powered manifest audit.
Audit Kubernetes manifests for RBAC, network policies, resource quotas, and Pod security policies.
Nginx Config Scanner
Misconfig detector with explanations.
Detect Nginx misconfigurations, SSL/TLS issues, insecure upstreams, and path traversal risks.
Secret Pattern Scanner
Find hardcoded credentials in pasted code.
Scan code for API keys, private keys, database credentials, and cloud tokens with severity ratings.
GitHub Actions Auditor
Workflow security grade.
Grade GitHub Actions workflows for action pinning, secrets, branch protection, and OIDC token usage.
DNS Takeover Scanner
Subdomain hijack risk map.
Check DNS records for dangling CNAMEs, third-party service bindings, and subdomain hijack vectors.
NIS2/EUVD Gap Scanner
Compliance checklist + evidence.
Generate NIS2 Directive & EUVD compliance checklists with gap analysis and remediation roadmap.
Runbook Generator
Incident description → full Markdown runbook.
Generate incident response runbooks with escalation paths, communication templates, and review sections.
AI Jailbreak Tester
EU AI Act bias + robustness testing.
Test AI models for EU AI Act compliance, bias, robustness, fairness, and harmful content boundaries.