Browser Browser

Сканирование

Новый скан Мониторы

Инструменты

My IP DNS Lookup WHOIS SSL Certificate Ping HTTP Headers Domain Check IP Calculator IDN Converter Reverse DNS Schema Generator TAS-IX Трассировка

Сервисы

Массовый скан Хостинг Отчёт CSEC Дефейс

Разведка

Армия AI-агентов Конкуренты Граф CVE Страхование Репутация

SEO

AI Blog GitHub SEO Site Audit Site Compare Traffic Analytics

Ещё

Все функции Документация Цены
Начать бесплатно
Полный каталог платформы

Всё, что мы умеем — в одном месте

30+ инструментов в 6 категориях — от сканирования уязвимостей до AI-агентов. Каждая функция с реальными примерами. Всё бесплатно, кроме AI-функций на токенах OpenAI.

30+
Функции
27
Модули сканирования
6
Категории
$0
Чтобы начать
Обзор · Overview

Dashboard & Documentation

Your command center and reference manual

Панель (Dashboard)
Overview
Unified command center — all your scans, monitors, alerts and intelligence reports in one scrollable feed. Real-time WebSocket updates.
Active scans3 running
Monitors12 · all OK
Alerts today2 medium
Risk scoreA · 94/100
  • Widgets: active scans, recent findings, risk score
  • Live feed of check completions
  • Quick actions: new scan, add monitor, export report
Open Dashboard →
Документация (Docs)
Overview
Complete reference for every tool, check module, API endpoint and integration. Searchable, with copy-paste examples.
# Getting Started
# 21 Scan Modules
# API Reference
# Webhook Integration
# SDK (Python, JS, Go)
  • Step-by-step guides for every feature
  • Real code examples with syntax highlighting
  • API reference with request/response schemas
Read docs →
Сканирование · Scanning

Vulnerability Scanner & Monitors

Find weaknesses and watch them over time

Новый скан (New Scan)
Scanning
Paste any URL and run 27 security checks in parallel: SQLi, XSS, open ports, SSL/TLS, headers, CORS, CSRF, CVEs and more. Full results in under 60 seconds.
✓ Security Headers6 checks
✓ SSL/TLSTLS 1.3
! CORSwildcard
✗ SQL Injection1 found
✓ XSSclean
  • 21 rule-based modules + optional AI analysis
  • Live WebSocket stream of each check
  • HTML / JSON / PDF / SARIF export
Run a scan →
Мониторы (Monitors)
Scanning
Set-and-forget scheduled scans. Get email alerts when new vulnerabilities appear or existing issues are fixed. Daily / weekly / monthly cadence.
example.com● daily
api.myapp.io● weekly
shop.biz! 2 new
-- alert sent 3h ago --
  • Schedule daily, weekly or monthly re-scans
  • Diff alerts: only notify when findings change
  • Email + webhook notifications
Set up monitors →
Сетевые утилиты · Network Tools

12 Free Network Diagnostic Tools

Instant answers for IP, DNS, SSL, latency and domain questions

My IP Address
Network Tools
Detect your public IP, ISP, country, city, timezone and ASN. No signup required.
IP84.54.76.202
ISPUZTELECOM
Location🇺🇿 Tashkent
ASAS8193
Check my IP →
DNS Lookup
Network Tools
Query A, AAAA, MX, NS, TXT, CNAME, SOA and PTR records for any domain. Server-side so no CORS errors.
A142.250.190.14
AAAA2607:f8b0::200e
MX10 smtp.google
NSns1.google.com
Query DNS →
WHOIS Lookup
Network Tools
Domain registration info: registrar, owner, creation & expiry dates, nameservers. Supports .uz and 200+ TLDs.
RegistrarUZNIC
Created2018-03-14
Expires2026-03-14
StatusActive
Run WHOIS →
SSL Certificate
Network Tools
Check TLS certificate validity, issuer, expiry, cipher, key length and SAN entries. Warns 30 days before expiry.
IssuerLet's Encrypt R3
Expires87 days
ProtocolTLS 1.3
KeyRSA 2048
Check SSL →
Ping / Latency
Network Tools
Measure round-trip time to any host. 4 probes per call with min/avg/max and loss %. TCP fallback for ICMP-filtered hosts.
1.1.1.112 ms
icmp_seq=1 time=11.8
icmp_seq=2 time=12.1
4/4 · 0% loss
Run ping →
HTTP Headers
Network Tools
Inspect every response header: status, security headers, cache policy, server info. Color-coded by category.
status200 OK
HSTS
CSP
X-FrameDENY
Check headers →
Domain Availability
Network Tools
Check if a domain is available across 6 TLDs: .uz .com .net .org .co.uz .com.uz. Parallel real-time checks.
myapp.uzFREE
myapp.comTAKEN
myapp.netFREE
myapp.orgFREE
Check domain →
IP Calculator
Network Tools
CIDR → network, broadcast, first/last host, subnet mask, wildcard, usable host count. Pure client-side math.
CIDR192.168.1.0/24
Network192.168.1.0
Broadcast192.168.1.255
Hosts254
Calculate →
IDN Converter
Network Tools
Unicode domains ↔ Punycode. Essential for phishing detection and IDN homograph analysis.
Unicodeпример.рф
Punycodexn--e1afmkfd.xn--p1ai
-- bidirectional conversion --
Convert IDN →
Reverse DNS
Network Tools
Find the hostname behind an IP. Essential for server identification, email auth (SPF) and abuse reports.
IP8.8.8.8
PTRdns.google
TTL21599
Lookup PTR →
TAS-IX Checker
Network Tools
Check if an IP, CIDR or domain is inside the Uzbekistan TAS-IX peering exchange. 565+ prefixes, daily updates.
176.96.243.5✓ IN
ProviderUZTELECOM
ASNAS8193
Prefix/24
Check TAS-IX →
Трассировка (Traceroute)
Network Tools
Visualize the network path: every hop, ASN, country, RTT. Understand ISP → IXP → Tier-1 → destination.
1 uztelecom0.4 ms
3 AS6939 Frankfurt42
4 AS174 Amsterdam61
9 destination112
Run traceroute →
Сервисы · Services

Bulk Operations & Monitoring Services

At-scale scanning, uptime monitoring and compliance reports

Массовый скан (Bulk Scan)
Services
Scan up to 100 domains in one job. Parallel workers, unified report, per-domain status. Great for agencies auditing client portfolios.
client1.com✓ A 92
client2.ioB 74
client3.netD 38
47/100 complete · 12 findings
  • Paste a list of up to 100 domains
  • Parallel workers scan in background
  • Combined CSV / JSON report
Start bulk scan →
Хостинг (Hosting)
Services
Uptime & health monitor for your hosting infrastructure. HTTP(S), response time, SSL expiry, 4xx/5xx alerts.
api.myapp.io● 200 · 48ms
shop.biz● 200 · 91ms
admin.xyz● 503
avg uptime 99.94%
  • Monitor unlimited domains
  • HTTP status + response-time alerts
  • SSL certificate expiry warnings
Watch uptime →
Отчёт CSEC
Services
Executive security report for C-suite stakeholders. ROI calculator, trends, money saved, compliance mapping (ISO 27001, GDPR, PCI DSS).
Saved$247,000
Scans156 this Q
Avg riskA (91/100)
ISO 27001✓ 92%
  • ROI of security findings (money saved)
  • Trend charts: risk score over time
  • PDF export for board meetings
View CSEC →
Дефейс (Defacement Monitor)
Services
Hash-based homepage change detection. Get alerted the moment your site's content is modified — critical for brand & compliance.
homepage /unchanged
/about! changed 2m ago
SHA-256mismatch
alert email sent
  • SHA-256 hash of HTML body, polled every 5 min
  • Visual diff to confirm false positives
  • Instant email/webhook on mismatch
Monitor defacement →
Разведка · Intelligence Hub

AI Agents, Competitors & Risk Intelligence

Know your attack surface better than your attackers do

Армия AI-агентов
Intelligence
27 specialized security agents (XSS, SQLi, recon, auth, network, exploit-chain, review) that you can dispatch against any target. Paid — uses OpenAI tokens.
xss-agent● ready
sqli-agent● ready
recon-agent⚙ running
27 agents · 5 categories
  • Deploy individual agents or run full chain
  • Each agent has specialized prompts & tools
  • Requires Pro plan (OpenAI tokens consumed)
Deploy agents →
Конкуренты (Competitors)
Intelligence
Side-by-side security comparison with your top 5 competitors. See where you win and where you're losing on the 21-module scale.
you.comA · 92
rival1.comB · 78
rival2.comA · 89
rival3.comC · 61
  • Group up to 5 competitor domains
  • One-click parallel scan of everyone
  • Delta report: where they beat you
Compare →
Граф CVE (CVE Graph)
Intelligence
Interactive D3.js force graph visualizing your assets → detected versions → known CVEs. Click to drill into severity & exploit availability.
nginx 1.18.03 CVEs
openssh 7.61 CVE
php 8.1.2clean
graph: 47 nodes, 62 edges
  • Nodes: assets, versions, CVEs
  • Edges colored by CVSS severity
  • Export graph as PNG/SVG/JSON
Open graph →
Страхование (Insurance)
Intelligence
Cyber-insurance premium calculator. Enter coverage, asset value, industry — get an instant quote based on your current risk posture.
Coverage$500,000
Risk scoreA (92)
Discount-28%
Premium$4,320/yr
  • Premium formula based on your scan results
  • See how much higher score → lower premium
  • PDF quote for your insurer
Get quote →
Репутация (Reputation Monitor)
Intelligence
Domain & email leak monitor. Checks haveibeenpwned, pastes, dark-web indexes for credentials & PII tied to your assets.
Domainmyapp.io
Leaks2 found
Emails127 pwned
Pastes3 recent
  • Continuous HIBP + paste site monitoring
  • Alert when new leaks reference your domain
  • Dark-web credential exposure stats
Monitor reputation →
Developer · CLI & API

Automate from your terminal

Everything we do is accessible via CLI, REST API and threat intel feeds.

Browser CLI
Developer
Run scans, tools and threat intel straight from your terminal. Zero-dependency Node.js package, Grok-style UX, works everywhere.
$ npm install -g @browser-uz/cli
$ browser login bru_xxx
$ browser scan example.com
Grade: 🛡 A · solid
  • One-line install via npm
  • Same results you see on dashboard
  • Perfect for CI/CD pipelines
Read CLI docs →
REST API
Developer
10 endpoints, Bearer auth, 60 req/min. Scan, tools, history, EPSS, breach checker — all JSON, all documented.
POST/api/cli/scan
GET/api/cli/history
POST/api/cli/tools/dns
GET/api/cli/epss/<cve>
  • Manage keys in Dashboard → API Keys
  • Rate limit 60/min per key
  • SHA-256 key hash, key plaintext shown once
API reference →
EPSS Exploit Probability
Threat Intel
Every CVE we find is enriched with EPSS — the industry-standard 0–100% probability that the vulnerability will be exploited in the next 30 days.
CVE-2024-309487.3%
CVE-2023-123412.1%
CVE-2022-56780.4%
Source: FIRST.org EPSS API
  • Real-time probability lookup
  • Shown inline on scan findings
  • CLI: browser epss CVE-YYYY-N
Try via CLI →
Breach Tracker
Threat Intel
Self-serve impact checker for major security incidents. Paste your domain, get "affected / clean" with remediation actions.
Vercel token leakApr 2026
npm supply chainMar 2026
+ any future incident
Browse tracker →
AI Security Scanner
Developer
OWASP LLM Top 10 + Agentic AI Top 10 — detects exposed AI configs, prompt injection markers and leaked MCP/Claude memory.
.cursorrulesexposed
.claude/CLAUDE.mdreadable
llm.txtinfo
11 AI config paths checked
Frameworks →
Vibe Check
Developer
Instant emoji-grade for every scan: from 🛡️ A+ "bulletproof" to ☠️ F "dumpster fire". Shareable, memorable, motivating.
🛡️ A+bulletproof
✨ Asolid
😬 Cmeh
☠️ Fdumpster fire
Get your vibe →
SEO & Content

AI-Powered SEO Toolkit

Write, audit and compare — all backed by LLMs. Paid tier (uses OpenAI/Groq).

AI Blog Generator
SEO
4000-word SEO articles with images, FAQ, schema, auto-publish to WordPress/Webflow/Shopify. 9-step pipeline: research → draft → fact-check → humanize.
Step 7/9Humanize
Words4,127
SEO score94/100
GPT-4o-mini · 3 min/article
Generate article →
GitHub SEO Audit
SEO
Score your repo on 9 ranking factors: name, about, topics, README structure, freshness, stars. AI suggests optimal topics.
browser-uz/scanner78/100
Topics6/10
README8/10
AI: add "vulnerability-scanner"
Audit repo →
Site SEO Audit
SEO
15 Google-guideline checks: HTTPS, title, meta, H1, alt text, canonical, robots, sitemap, structured data, E-E-A-T signals.
example.comB+ grade
HTTPS
H1! 2 found
E-E-A-Tweak
Audit site →
Site Compare
SEO
Side-by-side SEO comparison of your site vs a competitor. Metrics: score, keywords, backlinks, content depth, schema coverage.
you.comA · 91
rival.comB · 78
Keywords+47%
Backlinks-120
Compare sites →
Traffic Analytics
SEO
Estimated organic traffic, top keywords, referring domains. Built on Common Crawl + RDAP + Whois + SERP signals.
Est. visits127k / mo
Top keyword"vuln scanner"
Referrers42 domains
Growth+18% MoM
View traffic →
Just shipped · 2026

Recent additions

The latest features added to Browser — pulled from best-in-class open-source projects.

Nuclei Scanner
12,958 vulnerability templates
Industry-standard scanner from projectdiscovery — 3,587 CVEs, 945 misconfigurations, 580 exposures, 294 default credentials, 72 subdomain takeovers and 11,000+ more checks. Runs automatically on every scan.
Profiles6
Templates12,958
CVE coverage2010–2024
LicenseMIT
  • 6 scan profiles: quick / standard / deep / cve_only / automatic / dast
  • Smart 'automatic' mode: wappalyzer detects tech, runs only relevant templates
  • REST API for custom scans: POST /api/nuclei/scan
Try it →
Source Code Analyzer
Semgrep + Bandit · 5000+ rules
Static analysis (SAST) for your own code. Upload a ZIP or paste a public GitHub URL — Semgrep and Bandit find SQLi, XSS, IDOR, hardcoded secrets, race conditions, deserialization bugs, weak crypto across 30+ languages. AST-only — no code execution, files deleted after scan.
EnginesSemgrep + Bandit
Rules5000+
Languages30+
PrivacyFiles auto-deleted
  • Upload ZIP (≤100 MB) OR paste github.com / gitlab.com / bitbucket.org URL
  • Detects 12 CWE-classified categories: SQLi, XSS, IDOR, SSRF, XXE, secrets, weak crypto, race conditions, deserialization
  • Each finding has severity, file:line, code snippet, CWE ID and remediation
Try it →
XSStrike Engine
Context-aware XSS · WAF evasion
Detects XSS the way an attacker would — parses your response with multiple HTML/JS parsers, infers the exact injection context, and crafts payloads guaranteed to break out of THAT context. Plus WAF detection & evasion, DOM XSS, Blind XSS and hidden-parameter discovery. Each finding ships with a context-specific fix.
EngineXSStrike (s0md3v)
ModesReflected · DOM · Blind · WAF-evasion
LicenseGPL-3.0 (external CLI)
CoverageContext-aware payload
  • Multi-parser response analysis: HTML element, attribute, JS string, JS comment context detection
  • WAF detection (Cloudflare, AWS WAF, ModSecurity, Sucuri, Imperva) + evasion payloads
  • Crawler with parameter discovery + outdated JS library detection (jQuery/Angular CVEs)
Try it →
Attack-Simulation Theatre
5 AI personas · live narrated pentest
Five distinct AI hackers — a white-hat, a script kiddie, an APT actor, an insider, and a botnet — take turns running REAL security checks against your authorised target and narrate every step in character. Same 27-module engine as a normal scan, just narrated as a live chat between attackers. Great for showing security risk to non-technical stakeholders.
PersonasNEON · kr4sh · Specter · Insider · Botzilla
Engine27 real scanner modules
Formatlive WebSocket chat stream
OutputReal findings + narration
  • Pick personas, pick rounds (1-5), enter URL → live theatre starts on WebSocket
  • Each agent runs ONE module per round from their preferred toolkit, narrates in character via OpenAI
  • Curtain call: aggregated findings by severity + by agent, same data as a normal scan
Watch the show →
GitHub PR Review Bot
Security review on every PR
Install the Browser GitHub App on your repos. Every pull request gets an automatic security review — Semgrep + Bandit run on the changed files only, and findings are posted as inline review comments on the exact lines. CWE-classified, severity-tagged, with a one-line recommendation per issue. Closed PRs stay clean.
Triggerpull_request.opened / synchronize
EnginesSemgrep + Bandit on diff
OutputInline GitHub review comments
PermissionsPull requests R/W · Contents R
  • Webhook signature verified with HMAC-SHA256 — no spoofing possible
  • Only changed source files (.py/.js/.ts/.go/.rb/.java/.php/+) are analysed — fast, focused
  • Top 48 findings inline + summary comment for the rest. Every finding links back to /docs#code-analyzer
Install the bot →
Server Audit
Lynis · cryptominer · DDoS · cron detector
One-shot security and load audit of your Linux server. Run our read-only one-liner over SSH, we collect top processes, network connections, cron jobs, log tails, and run Lynis (200+ hardening checks) plus cryptominer signature matching, DDoS-rate IP detection, and suspicious cron patterns. Single-use 1-hour token. Free. Never reads /etc/shadow or SSH keys.
EngineLynis 3.1.4 + agent.sh
Checks200+ Lynis · cryptominer · DDoS · cron · ports
ModeRead-only · single-use · 1h token
CostFree
  • Generate a 1-hour token in your dashboard, then run curl -sS '...' | bash on your server
  • Detects: cryptominers (xmrig, kdevtmpfsi, kinsing, …), backdoor ports, suspicious cron, DDoS IPs, hardening misconfigs
  • Never reads /etc/shadow contents, SSH private keys, or .env values — only metadata
Audit my server →
Email Recon
theHarvester · 40+ passive sources
Map your phishing exposure before attackers do. We mine 40+ public sources (Bing, DuckDuckGo, crt.sh, dnsdumpster, OTX, github-code, urlscan, certspotter, …) for employee email addresses, subdomains and hostnames tied to your domain. Findings come with severity, CWE-200 classification and remediation steps. Free. Passive — your servers see ZERO traffic from us.
Enginelaramies/theHarvester (GPL-2.0)
Sources24 free + 6 API-key (BYOK)
Mode100% passive · no probes hit your servers
OutputEmails · subdomains · IPs · indexed URLs
  • Severity: 30+ emails = HIGH (rich phishing dataset), 10+ = MEDIUM, >30 forgotten subdomains = LOW
  • Per-finding remediation: DMARC/SPF/DKIM rollout, MFA, phishing-simulation training on the surfaced list
  • Bring-your-own-API-keys for Shodan, SecurityTrails, Hunter, Fofa, BinaryEdge — wider coverage
Map my exposure →
Hall of Fame
Real bugs · real targets · anonymised
A curated public showcase of vulnerabilities the platform has surfaced. Target names are blurred (responsible disclosure), but severity, CWE and CVE references stay so you can see the real risk caught.
Browse the hall →
403/401 Auth Bypass
40 canonical bypass techniques
Detects misconfigured access control. When an endpoint returns 403/401, we try 40 known bypass tricks — path tampering (/admin/..;/), header injection (X-Forwarded-For: 127.0.0.1, X-Original-URL), URL encoding, method swapping. Reports the ones that flip to 200. Detection-only: we never read bypassed response bodies.
Techniques~40
Categoriespath · header · encoding · method
ModeDetection-only
ComplianceOWASP A01 · PCI R7 · ISO A.8.3 · NIST PR.AA
  • Triggered automatically against any 403/401 endpoint found during recon
  • Probes /admin, /api, /internal, /dashboard, /wp-admin and 8 more
  • A confirmed bypass auto-fails OWASP A01:2021 + 3 more frameworks
Try it →
Browserfisher
945 rules · 485 live validators
Browserfisher detects leaked AWS/GCP/OpenAI/Stripe/Slack credentials in your public JS bundles, source-maps and HAR captures. Live validators ping the issuing API to confirm the key is actually active — eliminating ~90% of false positives.
Detection rules945
Live validators485
Cloud / AI / SaaS42 providers
LicenseApache-2.0
  • Detects: AWS/GCP/Azure, OpenAI/Anthropic, Stripe/PayPal, Slack/Twilio, MongoDB/Postgres, PEM/SSH/PGP keys
  • Runs as 22nd module on every scan + inside HAR analyzer + standalone API
  • Validated leaks auto-fail PCI-DSS R3, ISO 27001 A.8.24, GDPR Art.32, NIST CSF PR.DS
Try it →
Schema Markup Generator
JSON-LD for rich results
Generate schema.org JSON-LD for 10 schema types in seconds. Helps Google show your site with star ratings, FAQ accordions, breadcrumbs and sitelinks searchbox — CTR can grow 20-30%.
Schema types10
ValidationGoogle + schema.org
Outputcopy & paste
Costfree
  • Organization, Article, FAQPage, Product, LocalBusiness
  • HowTo, Event, SoftwareApplication, BreadcrumbList, WebSite
  • One-click validation links to Google Rich Results Test
Open generator →
Enhanced SEO Audit
27 checks
6 new checks added from python-seo-analyzer: OG tags completeness, heading hierarchy, anchor quality (detect 'click here'), keywords meta spam check, content density (top-5 keywords), title length thresholds.
Total checks21
Score range0–100
SERP features6 detectors
No auth3/h free
Audit your site →
CORE-EEAT Rubric
80-item content quality benchmark
Full Google E-E-A-T evaluation framework adapted for AI-era SEO. 8 categories × 10 items: Contextual Clarity, Organization, Referenceability, Exclusivity, Experience, Expertise, Authority, Trust. 33 checks are automatable, the rest need human/AI judgment.
Total items80
Categories8
Automatable33 / 80
LicenseApache-2.0
Read docs →

Всё бесплатно. AI-функции — платные.

30+ инструментов, 27 модулей сканирования, безлимитные мониторы — всё бесплатно. Только функции на токенах OpenAI/Groq требуют Pro.

Создать бесплатный аккаунт