// tools
Tools for the community
Free offensive-security utilities built by our research team. They run 100% in your browser — nothing is sent to any server.
Free · privacy-first · no sign-up
- Web
JWT / JOSE Attack Lab
Decode, edit and re-sign JWTs in the browser, with the classic attacks: alg:none, RS256→HS256 confusion, kid and jwk/jku injection.
Open tool → - Cheatsheet
SSTI cheatsheet
Server-Side Template Injection payloads by engine: detection, file read and RCE. Filter, search and copy.
Open tool → - Web
SSRF Helper
Generate every IP/host representation and allowlist-bypass payload, with an explanation of each technique.
Open tool → - Web
Report Generator
Turn a finding into a Markdown report with CVSS 4.0, ready for your pentest.
Open tool → - Web
Security Headers Analyzer
Paste the response headers and get an A+..F grade with per-stack fixes (Nginx/Apache/Node/Cloudflare).
Open tool → - Web
CVSS Calculator
Score severity in any CVSS version — 2.0, 3.0, 3.1 and 4.0 — with live vector and rating.
Open tool →
Need to go beyond the tools?
The tools show what's visible from the outside. IntruderLabs runs the pentest that finds and proves the real flaws — under your brand, with a white-label report.
Talk to us →