← Home/SECURITY TOOLS

Find out what your defenses miss.

Free, safe-by-design self-assessments. Audit your browser in one click, or fire a controlled probe at your own infrastructure — DNS-exfil patterns and credential-stuffing bursts that can never succeed — and see whether anything actually notices. Get the full report by email.

Browser Security Audit

runs in your browser

Inspects your current browser session for security and privacy weaknesses — transport security, context isolation, fingerprinting surface, storage exposure, and leak vectors. Nothing leaves your machine.

DNS Exfiltration Probe

authorized · safe

Simulates data exfiltration over DNS — your browser resolves a burst of unique, encoded subdomains under dns-exfil.net (infrastructure we own). No real data leaves; the encoded payload is random. If your network has DNS monitoring or DLP, these lookups should light it up. Then check your logs for the token below.

Brute-Force Detection Test

authorized · your perimeter

First we discover what your network exposes to the internet. Then you choose a service, and we queue a controlled credential-stuffing burst against it — obviously-fake credentials that can never match a real account, sent from rotating proxy infrastructure (never a single fixed IP). It’s built to trip an IDS, EDR, fail2ban, or WAF without any chance of compromise. If nothing alerts, that’s your finding.

Your public IP:

detecting…

Safe by design: credentials are hardcoded non-matches, the only target is a service you pick on your own IP, traffic originates from our proxy range, and nothing is logged in plaintext.

LLM Prompt-Injection Probe

runs in your browser

Paste a prompt, document, web page, or tool output that an AI assistant might ingest. We scan it for injection and jailbreak patterns — instruction overrides, role hijacks, tool-call smuggling, exfil directives, and hidden / zero-width unicode — the same class our extension flags for AI agents.