Free, safe-by-design self-assessments. Audit your browser in one click, or fire a controlled probe at your own infrastructure — DNS-exfil patterns and credential-stuffing bursts that can never succeed — and see whether anything actually notices. Get the full report by email.
Inspects your current browser session for security and privacy weaknesses — transport security, context isolation, fingerprinting surface, storage exposure, and leak vectors. Nothing leaves your machine.
Simulates data exfiltration over DNS — your browser resolves a burst of unique, encoded subdomains under dns-exfil.net (infrastructure we own). No real data leaves; the encoded payload is random. If your network has DNS monitoring or DLP, these lookups should light it up. Then check your logs for the token below.
First we discover what your network exposes to the internet. Then you choose a service, and we queue a controlled credential-stuffing burst against it — obviously-fake credentials that can never match a real account, sent from rotating proxy infrastructure (never a single fixed IP). It’s built to trip an IDS, EDR, fail2ban, or WAF without any chance of compromise. If nothing alerts, that’s your finding.
Your public IP:
Safe by design: credentials are hardcoded non-matches, the only target is a service you pick on your own IP, traffic originates from our proxy range, and nothing is logged in plaintext.
Paste a prompt, document, web page, or tool output that an AI assistant might ingest. We scan it for injection and jailbreak patterns — instruction overrides, role hijacks, tool-call smuggling, exfil directives, and hidden / zero-width unicode — the same class our extension flags for AI agents.