Privacy-first · No upload · No login · Local analysis only

DFIR & security toolkit

Scanners, decoders, forensic parsers, lookups and frameworks that run entirely in your browser. Sub-200ms IOC checks across 22 sources, no signup, no key.

122 tools · by Pranith Jain · about · live feeds: /threatintel

Toolkit · 100% client-side

no upload

Tools

in-browser, client-side

IOC providers

checked in parallel

Data sources

feeds & lookups

Credits

no signup, no key

122 tools · client-side · build 2026-06-13

IOC Check

Streaming verdicts across 24 providers in parallel.

Email Defense

SPF / DKIM / DMARC / BIMI audit with failure modes called out.

Rule Converter

Sigma ↔ KQL ↔ SPL ↔ YARA via one canonical IR.

CVE Prioritizer

CVSS + EPSS + KEV + ransomware-use in one call.

Search the toolkit

Searches 122 tools by name, path, description, and use-case. ↑↓ to navigate, Enter to open.Power-user shortcut: ⌘K opens the same search as an overlay from anywhere on the site.

Start here

Three picks, one prescribed sequence. Skip the grid below if any of these match what's on your screen right now.

Pick a workbench

recent lookups

Core DFIR

Triage & analysis — IOC checks, malware triage, file analysis, artifact parsers.

Investigation

Infrastructure & identity — domain/network, assets, email security, vulnerabilities.

Intelligence

Detection & standards — rule converters, STIX/TAXII, IR playbooks, hunting tools.

Recon & OSINT

Identity, network intel, image analysis, dark web, privacy checks.

Specialized

AI security, cloud, API, data security, GRC, case management, deception, platform.

GRC & Posture

Compliance, maturity assessments, tabletop exercises, kill chain, OWASP.

AI Security

LLM red-teaming, prompt injection, MCP audit, agent attack surface, ATLAS.

Used in real cases (4)

Phishing program at scale (250+ incidents, −25% FPs)/projects/phishing-program-at-scale
Cross-source consensus on the IOC checker is what re-classified ~12% of "suspicious, escalate" cases as single-feed false alarms. Email Defense pre-filtered the SPF/DKIM/DMARC posture of new vendor domains before any reply went out.
IOC & Hash Checker Email Defense
DMARC enforcement across 1,300+ domains/projects/dmarc-enforcement-1300-domains
The audit rules in Email Defense came directly from the failure modes seen in this rollout. Same code paths now live as the public scanner.
Email Defense / BEC Score
Building the toolkit itself: lab → converter loop/projects/dfir-toolkit-design
The lab and converter are not independent tools; they are one detection-engineering loop. Author in the lab, prove the rule fires, export to the SIEM dialect you actually run. This is the pairing that justified shipping both.
Detection Lab Rule Converter
Autonomous CTI pipeline (layer-1 + layer-2 IOC defence)/projects/threat-intel-platform-build
The same VT / AbuseIPDB / abuse.ch validators that power the public IOC checker also gate every IOC the autonomous case-study pipeline emits before it reaches a draft. The defence layer is shared, not duplicated.
IOC & Hash Checker

Utilities & converters (6). Encoders, hashes, timestamps

These are duplicative of well-known online tools (CyberChef, epochconverter, etc.) — kept here for offline / client-side analysis when you can't send data outside your environment. Not where the toolkit's depth is.

Data Sources

Commercial (key required)

VirusTotalAbuseIPDBShodanOTXURLScanHybrid Analysis

abuse.ch (one shared free key)

ThreatFoxURLhausMalwareBazaar

Public lists & DoH (no signup)

SpamhausTor ExitOpenPhishPhishStatsCINS ArmyCIRCL HashlookupCloudflare DoHQuad9BitwireBlocklist.deBinary DefenseIpsumPhishing ArmyTweetFeedcrt.shRDAP