Try Claude
DNS & DomainDNS, WHOIS, SSL & domain checks
AI Tools for Security Systems Engineers
AI tools that help security systems engineers assess vulnerabilities, research emerging threats, evaluate security technologies, audit client infrastructure, and document security architectures.
Get started for free
Works in Chat, Cowork and Code
Critical: Unauthenticated admin API
/api/admin/users returns full user list with no auth — OWASP A01 (Broken Access Control)
High: JWT weak signing
Tokens use HS256 with discoverable secret — authentication bypass possible (OWASP A02)
Medium: Reflected XSS
3 XSS vulnerabilities in search parameters — input sanitization missing
Low: Missing security headers
HSTS, CSP, and X-Frame-Options not set — headers required for production hardening
Web application penetration testing
Conduct automated black-box penetration tests on web applications and APIs before deployment or as part of a regular security program. Identify OWASP Top 10 vulnerabilities, authentication weaknesses, injection flaws, and misconfigurations across the attack surface.
Run a penetration test on our pre-production web app at https://staging.myapp.io. Focus on authentication, API endpoints, SQL injection, and session management. Generate a detailed findings report.
Pentest complete. Critical: Unauthenticated admin API endpoint at /api/admin/users returns full user list (OWASP A01). High: JWT tokens use weak HS256 with discoverable secret (A02). Medium: 3 reflected XSS vulnerabilities in search parameters. Low: Missing security headers (HSTS, CSP, X-Frame-Options). Full findings report with PoC payloads and remediation steps generated.
ToolRouter run_scan
Critical: Unauthenticated admin API
/api/admin/users returns full user list — Broken Access Control (OWASP A01)
High: JWT weak secret
HS256 with discoverable secret — authentication bypass possible (OWASP A02)
Medium: Reflected XSS
3 XSS vulnerabilities in search parameters — input sanitization required
Low: Missing headers
HSTS, CSP, X-Frame-Options not set — add to production hardening checklist
ToolRouter scan_url
SSL/TLS
TLS 1.2 only · certificate valid 60 days · no mixed content
Open ports
Port 8080 accessible externally — dev server should not be exposed
Security headers
CSP absent · X-Frame-Options missing · HSTS not set
Threat intel
Domain clean across all threat feeds · not blacklisted
CVE monitoring and patch prioritization
Monitor the vulnerability database for new CVEs affecting your clients' technology stacks. Triage by CVSS score, exploit availability, and active exploitation status to produce clear patch prioritization recommendations with business risk context.
Pull all critical and high CVEs from the past 30 days affecting our client's stack: Windows Server 2019, Exchange, Apache 2.4.x, and MySQL 8.0. Prioritize by exploit availability and active exploitation.
Found 11 critical/high CVEs. Immediate action (actively exploited): CVE-2024-26234 (Windows Proxy Driver spoofing, CVSS 6.7, in wild), CVE-2024-29986 (Exchange EWS info disclosure, CVSS 7.5). Patch within 30 days: 6 Apache CVEs (highest CVSS 9.1, no public exploit yet). MySQL: 2 medium CVEs, no urgency. Patch schedule with business impact estimates generated.
ToolRouter search_cves
Immediate: CVE-2024-26234
Windows Proxy Driver spoofing (CVSS 6.7) — actively exploited in the wild · patch this week
Immediate: CVE-2024-29986
Exchange EWS info disclosure (CVSS 7.5) — patch in April Patch Tuesday · apply now
Within 30 days: Apache
6 Apache 2.4.x CVEs (highest CVSS 9.1) — no public exploit yet · schedule patching
MySQL 8.0
2 medium CVEs — no immediate urgency · include in next quarterly update
External attack surface assessment
Map and assess the full external attack surface of a client organization. Discover all internet-facing assets, subdomains, exposed services, and misconfigurations that attackers could exploit — without touching internal systems.
Perform an external attack surface assessment for targetcorp.com. I need all subdomains, exposed services, SSL/TLS issues, email security configuration, and any obviously misconfigured assets.
Attack surface assessment: 34 subdomains discovered (17 with active services). Issues found: dev.targetcorp.com exposing staging application (unauthenticated), mail.targetcorp.com running outdated Postfix, SSL cert expiring in 12 days on api subdomain. Email: no DMARC policy (email spoofing risk), weak SPF record allows 3 unauthorized senders. Full asset inventory with risk ratings generated.
ToolRouter scan_url
Subdomains
34 subdomains discovered · 17 with active services · dev.targetcorp.com unauthenticated staging app
SSL/TLS
api.targetcorp.com certificate expiring in 12 days · no auto-renewal configured
Exposed service
mail.targetcorp.com: outdated Postfix version with 2 known CVEs
Email security
No DMARC policy · SPF allows 3 unauthorized senders · email spoofing risk
ToolRouter lookup_domain
DMARC
No DMARC record — domain can be spoofed for phishing campaigns
SPF
SPF exists but overly permissive — 3 unauthorized sending sources allowed
DNSSEC
Not enabled — DNS spoofing protection absent
DKIM
DKIM signing configured on primary MX — email signing functional
Security architecture research and design
Research security frameworks, architecture patterns, and technology solutions to design or review security architectures. Stay current on zero-trust, SASE, cloud security, and emerging threat models to deliver informed recommendations.
Research the NIST Cybersecurity Framework 2.0 changes and how they impact security architecture design for critical infrastructure organizations. What are the key new requirements and recommended implementation patterns?
CSF 2.0 key changes: new Govern function added (6th function, compliance and risk management). Supply chain risk management elevated to core. Identity and access management now spans all functions. For critical infrastructure: NIST SP 800-82r3 (ICS/OT security) now aligned with CSF 2.0. Key architectural implication: zero-trust principles now embedded in CSF 2.0 implementation tiers, not just supplemental guidance.
ToolRouter research
New Govern function
6th function added — compliance, risk management, and supply chain risk now formalized at framework level
Supply chain risk
Elevated to core framework requirement · third-party risk management now mandatory in implementation tiers
Zero-trust alignment
Zero-trust principles embedded in CSF 2.0 tiers — no longer supplemental, now foundational
ICS/OT alignment
NIST SP 800-82r3 (ICS/OT security) fully aligned with CSF 2.0 — critical infrastructure overlap addressed
Supply chain and dependency security
Audit software dependencies, open-source packages, and third-party components for known vulnerabilities and security advisories. Identify risky packages before they reach production environments.
Audit the npm dependencies for our client's Node.js application. Check for packages with known CVEs, actively maintained status, and any packages flagged for suspicious behavior or typosquatting.
Dependency audit complete (347 packages). Critical: lodash 4.17.14 (CVE-2021-23337, prototype pollution, CVSS 7.2 — upgrade to 4.17.21). High: 2 transitive dependencies with unpatched SSRF vulnerabilities. Flagged: 1 package with suspicious postinstall script connecting to external IP. 14 packages abandoned (no updates in 24+ months). Remediation list generated with upgrade paths.
ToolRouter audit_packages
Critical: lodash
CVE-2021-23337 (CVSS 7.2) — prototype pollution · running 4.17.14 · upgrade to 4.17.21+
High: transitive dependencies
2 transitive dependencies with unpatched SSRF vulnerabilities in their chains
Suspicious package
1 package with postinstall script connecting to external IP — investigate immediately
Abandoned packages
14 packages with no updates in 24+ months — increased supply chain risk
ToolRouter search_cves
CVE-2021-23337 (lodash)
CVSS 7.2 · prototype pollution via merge functions · fix: upgrade to 4.17.21
SSRF transitive CVEs
2 CVEs in indirect dependencies · vector: HTTP request forgery in server-side code
Active exploitation
lodash prototype pollution CVEs widely exploited in web app attacks — prioritize fix
Remediation path
All 3 critical CVEs have fix versions available · upgrade paths documented
Security assessment report writing
Generate professional security assessment reports, executive summaries, and remediation plans from technical findings. Communicate risk clearly to both technical teams and executive stakeholders who need to understand business impact.
Write an executive summary for a penetration test report on a 300-person financial services firm. Critical findings: unauthenticated API exposure, weak MFA, outdated firewall. Need to convey urgency to the CISO and board without using technical jargon.
Executive summary drafted (400 words). Opens with risk headline ("Three findings expose customer data and regulatory compliance") — business language, not CVEs. Quantifies impact: unauthenticated API could expose 45,000 customer records; MFA gap aligns with 81% of data breaches (Verizon DBIR). Closes with 30-60-90 day remediation timeline showing path to compliance. Board-ready language throughout.
ToolRouter repurpose_content
3 pages
Ready-to-use prompts
Web app penetration test
Run a black-box penetration test on [URL]. Test for OWASP Top 10: injection flaws, authentication issues, XSS, SSRF, and security misconfiguration. Generate a findings report with severity ratings.
CVE monitoring
Search for all critical and high CVEs from the past [X] days affecting [technology stack]. Prioritize by CVSS score and active exploitation status. Flag anything requiring immediate patching.
External attack surface scan
Scan [domain] for external attack surface exposure: discover subdomains, check SSL/TLS configuration, identify exposed services, and flag any obvious misconfigurations or unauthenticated assets.
DNS security audit
Audit DNS security configuration for [domain]: check SPF, DKIM, DMARC, DNSSEC, CAA records, zone transfer security, and identify any email spoofing or hijacking vulnerabilities.
Dependency audit
Audit the [npm/pip/maven] dependencies in [package list or lock file content] for known CVEs, deprecated packages, and suspicious packages. Generate a prioritized remediation list.
Security architecture research
Research [security architecture pattern: zero-trust/SASE/microsegmentation] implementation best practices for a [environment type] with [user count] users. Include framework references and vendor options.
Specific CVE lookup
Look up CVE-[YEAR]-[NUMBER]. Get the CVSS score, affected products and versions, available patches, and whether there is known active exploitation or public proof-of-concept exploit code.
Write pentest executive summary
Write an executive summary for a security assessment with these findings: [list findings]. Audience: [CISO/board/technical manager]. Convey business risk and urgency without excessive technical jargon. [X] words.
Tools to power your best work
Security ScannerScan URLs, IPs, domains and files for threats
Vulnerability DatabaseSearch CVEs & track new advisories
Academic ResearchSearch papers, authors, citations
Content RepurposerTurn any content into posts, scripts, and articles
Penetration TestingAI-powered black-box pen testing
Deep ResearchAI research reports with citations
Supply Chain RiskPackage, dependency & exploit risk
165+ tools.
One conversation.
Everything security systems engineers need from AI, connected to the assistant you already use. No extra apps, no switching tabs.
Full security assessment engagement
Complete external security assessment workflow from reconnaissance through deliverable.
Monthly vulnerability management cycle
Recurring vulnerability monitoring and patch advisory for managed security clients.
Security architecture review
Research and document recommendations for a security architecture review engagement.
Frequently Asked Questions
Can I run penetration tests on any target using these tools?
Penetration testing tools must only be used on systems you own or have explicit written authorization to test. Always obtain a signed scope-of-work and rules of engagement before testing any client system. Unauthorized security testing is illegal under the Computer Fraud and Abuse Act and equivalent laws in most jurisdictions.
How comprehensive are the automated penetration test results?
The Penetration Testing tool performs black-box web application testing covering OWASP Top 10 and common vulnerability classes. It provides excellent coverage for known vulnerability patterns and is ideal for routine testing and pre-deployment checks. For complex engagements requiring manual exploitation, lateral movement, and social engineering, certified human penetration testers are essential.
How up-to-date is the vulnerability database?
The Vulnerability Database covers the full CVE catalog from MITRE/NVD with daily updates. CVSS scores, affected products, and patch availability are included. For zero-day vulnerabilities and vendor-specific advisories before NVD publication, supplement with direct vendor advisory feeds (Cisco Talos, Microsoft Security Update Guide, etc.).
Can these tools help with cloud security assessments?
Security Scanner and Pentest cover external-facing cloud workloads (web apps, APIs, exposed services). For cloud-native security configuration reviews (IAM policies, S3 bucket permissions, security group rules), cloud provider native tools (AWS Security Hub, Azure Defender) are needed. Deep Research can help you understand cloud security best practices and frameworks like CIS Benchmarks.
What compliance frameworks do these tools support?
Deep Research can map findings to specific compliance requirements across frameworks including NIST CSF, NIST SP 800-53, CIS Controls, ISO 27001, SOC 2, PCI DSS, and HIPAA. The Security Scanner and Pentest tools generate findings that can be categorized by compliance impact. Always have qualified compliance professionals review findings for formal attestation.
Give your AI superpowers.
Get started for free
Works in Chat, Cowork and Code