Browser Browser

Сканирование

Новый скан Мониторы

Инструменты

My IP DNS Lookup WHOIS SSL Certificate Ping HTTP Headers Domain Check IP Calculator IDN Converter Reverse DNS Schema Generator TAS-IX Трассировка

Сервисы

Массовый скан Хостинг Отчёт CSEC Дефейс

Разведка

Армия AI-агентов Конкуренты Граф CVE Страхование Репутация

SEO

AI Blog GitHub SEO Site Audit Site Compare Traffic Analytics

Ещё

Все функции Документация Цены
Начать бесплатно
LIVE · MULTI-PERSONA · NARRATED

Five AI hackers
attack your site live.

A white-hat, a script kiddie, an APT actor, an insider and a botnet take turns running real security checks against your authorised target — and narrate every move in character. Like watching five different attackers test the same site at the same time.

Watch the show Read docs
Authorized targets only · Real checks · Live narration

Meet the cast

N
NEON
White-hat researcher
"Let's start with passive recon. DNS, headers, certificate chain. Files this finding under CVE-2024-…"
→ Headers · SSL/TLS · DNS · CVEs · Cert Chain · Cookies
k
kr4sh
Script kiddie
"yo just tried xss on every input lmao got one in search broo easy high"
→ XSS · XSStrike · SQLi · Path Traversal · Open Redirect
S
Specter
APT actor
"One quiet vulnerability beats ten loud ones. Their dependency manifest exposes a 2021 RCE."
→ Dependencies · CVEs · Secrets · Nuclei · JS leaks
I
Insider
Insider threat
"I have a session. /admin returns 403 but X-Original-URL bypass takes me straight in. Classic."
→ Auth Bypass · Cookies · CSRF · CORS · Sensitive JS
B
Botzilla
Botnet swarm
"Open ports: 22, 443, 8080. /admin: 200. /backup.zip: 200. requests/sec: 800."
→ Open Ports · Directories · Headers · Nuclei · Methods

How a session plays out

01.
Cast the show
Pick which agents you want in the room. All five by default — drop the script kiddie if you only want pro adversaries.
02.
Pick rounds
Each round, every agent runs ONE module from their preferred pool. 3 rounds × 5 agents = 15 real attacks narrated in real-time.
03.
Watch live
A chat-style stream shows each agent typing, running their check, and narrating what they found in their own voice.
04.
Curtain call
At the end, a summary table aggregates all real findings by agent and by severity — same data as a normal scan, just earned dramatically.
Sample transcript
N
NEON Security Headers
Ran security-headers. The target is missing CSP and X-Frame-Options entirely; HSTS is set but with a 1-year window — borderline acceptable. Filing as medium.
k
kr4sh XSStrike Engine
yoooo xsstrike just popped on /search?q= broo context-aware payload landed in attribute. easy high. someone gonna get fired lol
S
Specter License & Dependency Audit
Their package-lock.json is publicly served. lodash 4.17.15 — CVE-2020-8203, prototype pollution. The supply chain is the back door. I would not be loud here.
I
Insider Auth Bypass
/admin returns 403 cleanly — but X-Original-URL: /admin gets a 200 with the dashboard HTML. Classic Tomcat/nginx forwarder slip. Whoever signed off the deploy didn't read OWASP A01.
B
Botzilla Open Ports
Scan complete. 22/tcp open, 443/tcp open, 8080/tcp open (Tomcat 9.0.30 banner). 200 OK on /manager/html — default creds candidate. requests++ findings++.

Why this isn't theatre — it's actual coverage

Responsible use

Ready to watch your site get tested by five different attackers?

Free for authorised targets. Pick your cast and your rounds — the show starts in 10 seconds.

Start your show →