NeoShield Security logo NeoShield Security Quantum X

// library

Security micro-tools

Hardened, self-contained, no external dependencies. Each enforces security headers, input validation, rate limiting, and logging.

JWT Security Auditor

Deep audit of a JSON Web Token: alg=none / alg-confusion, kid/jku/x5u header-injection surface, missing or over-long expiry, and sensitive data leaked into the payload. 100% offline; token never stored, logged, or signature-checked.

jwtappsecauthenticationoffline

Phishing URL & Homograph Analyzer

Deconstruct a suspicious link and score homograph (IDN/punycode), look-alike TLD, "@" credential trick, raw-IP/hex host, and brand-impersonation risk. Static and offline — never visits or stores the URL. Accepts defanged input.

phishingurlhomographoffline

Typosquat & Lookalike Domain Finder

Brand-protection generator: produces the look-alike domains attackers register (homoglyphs, typos, hyphenation, TLD swaps, combo-squats) each scored for deceptiveness. Offline generation; no domain is contacted, nothing stored.

brand-protectiontyposquatphishingoffline

Sensitive Data Exposure Classifier

Scan text/logs/JSON for PII, PHI, payment data, and leaked secrets, mapped to GDPR/PCI-DSS/HIPAA exposure with a remediation checklist. Cards are Luhn-validated; matches masked; 100% offline; nothing stored or logged.

piidlpcomplianceoffline

Ransomware Readiness Assessment

Weighted control self-assessment (CISA #StopRansomware / NIST CSF aligned) producing a readiness score, residual blast-radius estimate, and prioritised gap list. Answers scored in-memory only; never stored or logged.

ransomwareresiliencenistassessment

AI Config Hardening Auditor

CIS-aligned hardening review of sshd, nginx/Apache, Dockerfile, compose, .env, Kubernetes, IAM, or CSP. Powered by Claude with an offline fallback. Config never stored.

hardeningcisconfigclaude

Secret / Credential Leak Scanner

Detect exposed API keys, tokens, private keys, and passwords in pasted code/config. Matches are masked; 100% offline; nothing stored or logged.

secretscredentialsleakappsec

SHA-256 / Hash Generator

Generate MD5/SHA-1/SHA-256/SHA-512 digests and HMACs for text.

hashintegritychecksumsha256

Password Entropy Analyzer

Estimate password strength, entropy bits, and crack time.

passwordentropystrength

Local Port Scanner (safe)

Non-invasive TCP connect check of this server's own common ports.

portscannernetworkself-check

Log Anomaly Detector

Heuristic analysis of pasted logs for attacks and anomalies.

loganomalysiemdetection

IP Reputation Checker

Classify an IP and query public DNSBL blocklists.

ipreputationdnsblthreat-intel

HTTP Security Header Checker

Grade a public site's HTTP security headers (SSRF-guarded).

headerscsphstsweb

NVD CVE Lookup + Mitigation

Lookup CVE details from the public NVD CVE 2.0 API and produce defensive remediation guidance.

cvenvdvulnerabilitymitigation

CISA KEV Exploitation Checker

Check whether a CVE appears in CISA Known Exploited Vulnerabilities and show required action.

cisakevexploitedvulnerability

Domain DNS Security Auditor

Review SPF, DMARC, MX, NS, and TXT records for basic domain security posture.

dnsdmarcspfemail-security

Email Header Phishing Analyzer

Analyze pasted email headers for SPF/DKIM/DMARC results, routing anomalies, and phishing indicators.

emailphishingheadersdmarc

Sigma Detection Rule Builder

Generate defensive Sigma-style detection logic from event fields without creating offensive code.

sigmadetectionsiemblue-team

MITRE ATT&CK Technique Mapper

Map defensive observations to common MITRE ATT&CK tactics and mitigation ideas.

mitreattackmappingsoc

Published instances

TitleToolHosted URLViewsCreated
Webhook Attack Finder dynamic_spec /tool.php?id=1008 10 2026-06-30