Check if an indicator is malicious, investigate phishing, triage CVEs, convert detection rules — 60+ tools that run entirely in your browser. No data leaves your machine.
Paste an IP, domain, URL, or hash and get an instant verdict from 24 sources.
8 categories · 115+ tools
Check IPs, domains, URLs, and hashes across 24+ sources. Get consensus verdicts in seconds.
Triage samples, parse stealer logs, extract capabilities, and submit to sandboxes.
Analyze phishing, audit SPF/DKIM/DMARC, check BEC risk, and inspect email headers.
Audit AWS, GCP, Azure IAM policies. Analyze CloudTrail, K8s RBAC, and security groups.
Author, convert, and test detection rules. Sigma, KQL, YARA, SPL — all in one place.
Parse EVTX logs, registry hives, PCAPs, prefetch files, and iOS backups.
Check domain reputation, WHOIS, DNS, certificates, URL safety, and open directories.
MITRE ATT&CK, Diamond Model, Kill Chain, OWASP, STIX/TAXII — visual frameworks for analysis.
What are you trying to do? Check an indicator? Investigate phishing? Triage a CVE?
Use the search bar or category cards above to find the right tool for your job.
Everything runs in your browser. No signup, no data leaves your machine.
4 case studies · real incidents
Cross-source consensus on the IOC checker re-classified ~12% of "suspicious, escalate" cases as single-feed false alarms.
The audit rules in Email Defense came directly from the failure modes seen in this rollout.
Author in the lab, prove the rule fires, export to the SIEM dialect you actually run. One detection-engineering loop.
The same validators that power the public IOC checker also gate every IOC the autonomous pipeline emits.
CRUCIBLE is a free, browser-side collection of 60-plus utilities for incident response, digital forensics, and detection engineering. It bundles IOC enrichment across 24 sources, CVE triage with CVSS-EPSS-KEV scoring, Sigma-to-KQL-SPL-YARA rule conversion, SPF-DKIM-DMARC audits, a STIX 2.1 workbench, and a MITRE ATT&CK matrix. Everything runs in your browser, nothing leaves your machine.
Open a tool, paste an IOC, hash, URL, rule, or email header, and the page calls public APIs directly from your browser. CRUCIBLE aggregates verdicts, normalises output, and renders results inline. There is no account, no proxy, no telemetry. Results arrive in seconds because the page fans out to all sources in parallel.
Yes. CRUCIBLE is free, with no signup, no rate-limit login, and no data egress from your browser. It runs on Cloudflare Workers for the static surface and a small set of cached feeds. Each per-tool call hits the public API of the underlying source. A sponsorship page covers hosting and is optional, no credit card, no trial clock.
VirusTotal aggregates 70-plus antivirus engines plus a sandbox and is the strongest single-sample verdict service available. CRUCIBLE is not a VirusTotal replacement; it is a browser-side companion focused on the analyst workflow around a sample. Use VirusTotal for hash-based verdicts. Use CRUCIBLE for cross-source IOC correlation, rule conversion, and email-header triage.