A security testing tool for bug bounty hunting and web application testing.
Custom HTTP status codes and headers
/status?code=418&header=X-Test:123
Raw HTTP responses with custom data
/raw?code=200&body=hello&length=100
Custom redirects with various formats
/redirect?code=301&location=https://example.com/redirect?format=json/redirect?csp=default-src%20'self'
Redirect chains for testing redirect loops
/loop?chain=https://1.com,https://2.com,https://3.com&code=302
CORS testing endpoint
/cors?origin=https://evil.com&methods=GET,POST
SSRF testing endpoint
/ssrf
XSS testing endpoint
/xss?payload=<script>alert(1)</script>&mode=reflected
Generate malformed responses for fuzzing
/malformed?type=header/malformed?type=body/malformed?type=status
Generate responses that might crash parsers
/crash?type=infinite/crash?type=memory&size=1000000/crash?type=json
Live HTML/JS preview tool (CodeMirror-based). Enter HTML/JS and see it rendered below in real time.
/mirror
Health check endpoint for container orchestration
/health