Enter any URL for a complete security report. All client-side, no data stored.
Website security audit: DNS, email security (SPF/DKIM/DMARC), SRI, mixed content, form security, iframe analysis, base tag, HTML comments, tech stack, page metadata. Prioritized PDF-ready report.
flagship5 attack classes: alg:none, kid injection, secret cracking, algorithm confusion.
pentestDiscover full GraphQL schemas: types, queries, mutations. API recon essential.
reconDetect unclaimed services on AWS S3, GitHub Pages, Heroku, and 20+ others.
subdomainSPF, DKIM, DMARC, BIMI analysis. Score A+ to F with detailed recommendations.
dnsDeep Content-Security-Policy analysis with actionable recommendations.
headersSearch CVE database by keyword, product, or vendor via CIRCL API.
vulnsFull audit: DNS, SSL, headers, CORS, WAF, methods, redirects.
SPF, DKIM, DMARC, BIMI. Grade A+ to F.
Decode headers, payloads, inspect claims client-side.
alg:none, kid injection, secret cracking, confusion.
Identify 40+ hash types by format and length.
CVE database search by keyword or vendor.
CVSS v3.1 base scores with severity rating.
Secure, HttpOnly, SameSite flags and risks.
Discover types, queries, mutations, subscriptions.
Deep CSP directive analysis and recommendations.
Generate SHA hashes for CSP strict-dynamic policies.
Decode, edit, and forge JWTs interactively.
Live testing with security-focused presets.
Hex, decimal, binary, ASCII, Base64 conversion.
LLM token count with cost estimation.
Encode/decode standard and URL-safe base64.
Extract and filter URLs by domain and scheme.
Generate CSP, CORS, HSTS headers for Apache/Nginx/Express.