Security Lab

Public-safe tools and small security workflows.

Lightweight utilities that make security checks easier to inspect and understand. Not employer tools. Not client work. Public-safe examples of how I think through exposure, validation, identity, credentials, and vulnerability context.

These tools are lightweight, public-safe utilities. They are not employer tools or client work. They show how I think about exposure, validation, application behavior, credential hygiene, and vulnerability context. Each one reflects a real security concept made inspectable through a browser-based tool.

> Exposure and hardening

Domain Security Scanner

SPF, DMARC, DNSSEC, CAA, open ports, CVEs, and threat intelligence for any domain. Risk score out of 100.

Google DNS Shodan URLScan.io

Security Headers Checker

HTTP security headers, HSTS preload status, DNSSEC, CAA, and DNS email security for any domain.

HSTS Preload DNS-over-HTTPS

> Investigation and validation

Email Header Analyzer

Trace the full delivery path of any email. Extracts SPF, DKIM, and DMARC results. Flags phishing indicators including Reply-To mismatches and suspicious routing.

Client-side only No data transmitted

CVE Intelligence Lookup

Look up any CVE. CVSS score, attack vector in plain English, severity, affected products, and references.

NVD Public API No API key required

> Application and identity

JWT Decoder and Analyzer

Decode any JSON Web Token and flag security issues — alg:none, weak algorithms, expired tokens, sensitive payload field names, and missing claims.

Client-side only Token never transmitted

> Credential hygiene

Password Breach Checker

Checks if a password appears in known breaches using k-anonymity. SHA-1 hash computed locally — only the first 5 characters are sent to the API.

HaveIBeenPwned k-anonymity API

Secure Password Generator

Generates cryptographically secure passwords and passphrases using crypto.getRandomValues(). Shows entropy in bits.

Client-side Browser CSPRNG

> Planned builds

Vulnerability Prioritization Workbench

Combines CVSS, EPSS, CISA KEV status, internet exposure, asset criticality, compensating controls, and remediation effort to produce a practical priority and owner-ready remediation summary.

Planned build

Conditional Access Policy Simulator

A mock Entra ID simulator showing how access decisions change based on user type, device compliance, location, sign-in risk, MFA status, and policy conditions.

Planned build

AI Workflow Guardrail Studio

A guided evaluation for AI-enabled workflows that checks data sensitivity, tool approval, human review, logging, vendor risk, and guardrail gaps.

Planned build

Repository Security Baseline Builder

Generates a GitHub repository security baseline for branch protection, CODEOWNERS, secret scanning, dependency controls, Actions hardening, and artifact integrity.

Planned build

Security Finding Builder

Turns a validated risk into a clean, owner-ready security finding with technical description, executive summary, remediation steps, owner assignment, and retest criteria.

Planned build

Public-safe by design

These tools are public-safe demonstrations. They are not internal employer tools, not built from proprietary work, and do not connect to private systems. All data is either public, anonymized, or processed entirely in-browser.