AI Tools for Software Engineers

AI tools that help software engineers research libraries, audit security, generate diagrams, and ship faster.

Get started for free

Works in Chat, Cowork and Code

Penetration Testing

CRITICAL: Reflected XSS on /search

Unsanitized query parameter rendered in response — script injection confirmed · fix: encode output, add CSP header

CRITICAL: No rate limiting on /api/login

Brute-force attack possible — 1000 req/min tested with no throttle or lockout · fix: add rate limiter + CAPTCHA

MEDIUM: Missing CSRF protection on /api/settings

State-changing POST endpoint accepts cross-origin requests · fix: add SameSite=Strict cookie + CSRF token

MEDIUM: CORS misconfiguration

Access-Control-Allow-Origin: * on authenticated endpoints · fix: restrict to known origins

Summary

2 critical + 5 medium issues · 0 false positives · remediation steps included for each finding

Pre-launch security audit

Run automated penetration tests against your staging environment before shipping to production. Catch XSS, SQL injection, open redirects, and misconfigured CORS before attackers do.

Penetration Testing

Run a pentest on staging.myapp.com — we're launching next week and need to make sure there are no critical vulnerabilities.

Scan complete. Found 2 critical issues: reflected XSS on /search and missing rate limiting on /api/login. 5 medium issues also flagged.

ToolRouter run_pentest

CRITICAL: Reflected XSS on /search

Unsanitized query param rendered in response · script injection confirmed · fix: encode output, add CSP header

CRITICAL: Missing rate limit on /api/login

Brute-force possible · 1000 req/min with no throttle · fix: rate limiter + lockout after 5 attempts

MEDIUM: 5 additional findings

CSRF, CORS misconfiguration, missing security headers, open redirect · all with remediation steps

Dependency vulnerability scanning

Audit your project's dependency tree for known CVEs and exploitable packages. Get severity ratings, affected versions, and recommended upgrades before vulnerabilities reach production.

Supply Chain Risk

Vulnerability Database

Check if express@4.18.2 or any of its transitive dependencies have known vulnerabilities.

Found 1 high-severity CVE in express@4.18.2 (path traversal via static file serving). Upgrade to 4.19.2+ to patch.

ToolRouter analyze_package

HIGH: CVE-2024-45296 (path-traversal via static file serving)

path-to-regexp@0.1.7 in express@4.18.2 — upgrade to express@4.19.2+ to patch

Transitive deps scanned

187 transitive dependencies · 1 high + 2 medium CVEs found · full dependency tree included

ToolRouter search_cves

Severity

HIGH · CVSS 7.5 · CWE-1333 (Inefficient Regular Expression Complexity)

Fix

path-to-regexp@0.1.10 · express@4.19.2+ · no workaround available

Architecture documentation

Generate clean system architecture, sequence, and entity-relationship diagrams from text descriptions. Keep documentation in sync with your actual architecture without spending hours in drawing tools.

Diagram Generator

Generate a sequence diagram showing the OAuth 2.0 authorization code flow between our React app, API gateway, and Google identity provider.

Here is your sequence diagram showing all 7 steps of the OAuth flow, from initial redirect through token exchange to authenticated API call.

ToolRouter render_diagram

Diagram generated

React App → API Gateway → Google OAuth · 7-step flow: redirect, auth code, token exchange, access token, API call

Steps rendered

1. User clicks Login → 2. Redirect to Google OAuth · 3. User authenticates · 4. Auth code returned · 5. Code exchanged for tokens · 6. ID token validated · 7. Authenticated API call

Library docs and API lookup

Pull up-to-date documentation, code examples, and API references for any library or framework. Stop searching through outdated Stack Overflow answers when you can get current docs instantly.

Library Docs

Show me the docs for Prisma's createMany with a skipDuplicates example using PostgreSQL.

Here are the Prisma createMany docs with skipDuplicates support. Includes a PostgreSQL-specific example with nested relations.

ToolRouter search_docs

createMany with skipDuplicates

await prisma.user.createMany({ data: [...], skipDuplicates: true }) · PostgreSQL only · skips records matching unique constraint

PostgreSQL-specific note

skipDuplicates uses ON CONFLICT DO NOTHING internally · not supported on MySQL or SQLite

Source

prisma.io/docs · Prisma Client API Reference · retrieved live · version 5.x

Responsive design verification

Capture screenshots of any page at multiple viewport widths in one go. Verify responsive breakpoints, catch layout shifts, and share visual evidence in PRs without manual browser resizing.

Web Screenshot

Take screenshots of our pricing page at desktop (1440px), tablet (768px), and mobile (375px) widths.

Captured 3 screenshots. The mobile view shows a table overflow issue — the pricing comparison table breaks at 375px.

ToolRouter take_screenshot

1440px — Desktop: layout correct, all columns visible

768px — Tablet: 2-column grid, no overflow detected

375px — Mobile: ISSUE — pricing comparison table overflows container · horizontal scroll triggered

DNS and domain troubleshooting

Debug DNS propagation issues, verify SSL certificate status, and check domain configuration. Essential when setting up new environments or troubleshooting connectivity problems.

DNS & Domain

Check the DNS records, SSL cert status, and DNSSEC config for api.ourproduct.com — customers in Europe are reporting connection failures.

SSL certificate expires in 3 days (Apr 6, 2026). DNSSEC is not configured. A-record points to a US-only CDN edge — likely causing EU latency.

ToolRouter dns_lookup

SSL Certificate

Expires Apr 6, 2026 — 3 days remaining · URGENT: renew immediately to avoid service outage

DNSSEC

Not configured · DNS hijacking possible without DNSSEC · recommended to enable

A Record

Points to US-only CDN edge (Cloudflare Dallas) · no EU PoP configured — source of EU latency complaints

Recommendation

Renew SSL today · add EU CDN edge node · evaluate DNSSEC setup

Ready-to-use prompts

Pentest staging site

Run a penetration test on https://staging.example.com. Focus on OWASP Top 10 vulnerabilities including XSS, CSRF, SQL injection, and authentication bypass.

Audit npm dependencies

Analyze the npm package "next@14.2.3" for known CVEs in its dependency tree. List severity, affected versions, and fix versions.

Generate ER diagram

Generate an entity-relationship diagram for a SaaS billing system with tables: users, teams, subscriptions, invoices, payments, and usage_records. Show foreign key relationships.

Look up library docs

Get the latest documentation and examples for the Zod library's z.discriminatedUnion() method, including TypeScript inference behavior.

Check SSL and DNS

Check DNS records, SSL certificate validity, and HTTPS redirect behavior for api.mycompany.com.

Search CVE database

Search for all CVEs disclosed in the past 30 days affecting Node.js or OpenSSL with a CVSS score of 7.0 or higher.

Screenshot at breakpoints

Take screenshots of https://myapp.com/dashboard at widths 1440px, 1024px, 768px, and 375px. Return all four images.

Research competitor tech stack

Analyze the tech stack, page performance, and SEO health of competitor.com. Include framework detection, load times, and Core Web Vitals.

Tools to power your best work

Open DNS & Domain

DNS & DomainDNS, WHOIS, SSL & domain checks

Open Page Speed Test

Page Speed TestPerformance, SEO & Web Vitals

Open Vulnerability Database

Vulnerability DatabaseSearch CVEs & track new advisories

Open Penetration Testing

Penetration TestingAI-powered black-box pen testing

Open Deep Research

Deep ResearchAI research reports with citations

Open Web Screenshot

Web ScreenshotScreenshot any page at any viewport

Open Library Docs

Library DocsUp-to-date docs and code examples for any library

Open Diagram Generator

Diagram GeneratorRender Mermaid, PlantUML & more

Open Supply Chain Risk

Supply Chain RiskPackage, dependency & exploit risk

165+ tools.
One conversation.

Everything software engineers need from AI, connected to the assistant you already use. No extra apps, no switching tabs.

Pre-release security checklist

Run a comprehensive security audit before deploying a new release. Check dependencies for CVEs, run a black-box pentest on staging, and verify DNS and SSL configuration.

Supply Chain RiskScan dependency tree for known vulnerabilities

Penetration TestingRun penetration test against staging environment

DNS & DomainVerify SSL certificate validity and DNS configuration

Technical documentation sprint

Generate architecture documentation from your system description. Produce diagrams, verify current library APIs, and create visual references.

Diagram GeneratorGenerate system architecture and sequence diagrams

Library DocsPull current API docs for key dependencies

Web ScreenshotCapture UI screenshots for visual documentation

Incident response investigation

When a security incident occurs, quickly assess the vulnerability, check if your infrastructure is affected, and gather evidence.

Vulnerability DatabaseLook up the CVE details and affected versions

Supply Chain RiskCheck if your dependencies include the affected package

Deep ResearchResearch mitigation strategies and patch timeline

Frequently Asked Questions

Can the penetration testing tool find real vulnerabilities?

Yes. The Penetration Testing tool runs real black-box security scans against your target URL, testing for OWASP Top 10 vulnerabilities including XSS, SQL injection, CSRF, and misconfigurations. It reports actual findings with severity ratings and reproduction steps.

How does dependency scanning differ from npm audit?

Supply Chain Risk goes beyond npm audit by analyzing transitive dependencies, checking for typosquatting packages, evaluating maintainer risk signals, and cross-referencing multiple CVE databases. It catches issues that npm audit misses.

What diagram types can I generate?

The Diagram Generator supports Mermaid and PlantUML syntax, covering flowcharts, sequence diagrams, entity-relationship diagrams, class diagrams, state machines, Gantt charts, and architecture diagrams. Output is rendered as a clean image.

Are the library docs always up to date?

Library Docs fetches documentation directly from package sources and official docs sites, so you get the latest published version. It is significantly more current than cached search engine results or outdated forum posts.

Can I use these tools in CI/CD pipelines?

Yes. All ToolRouter tools are accessible via API, so you can integrate Penetration Testing, Supply Chain Risk, and Page Speed into your CI pipeline. Use the ToolRouter API with your key to automate security and performance checks on every deploy.

Is the pentest safe to run against production?

The Penetration Testing tool performs non-destructive scanning suitable for staging environments. While it does not intentionally damage systems, we recommend running against staging first. For production scans, ensure your team is aware and monitoring.

More AI tools by profession

AI Tools for Frontend Developers AI Tools for DevOps Engineers AI Tools for Cybersecurity Analysts AI Tools for QA Engineers AI Tools for Full Stack Developers

Give your AI superpowers.