OPEN SOURCE THREAT INTELLIGENCE

Security tools
for everyone

IRONROOT is a free, open threat intelligence platform. 20+ tools — DNS recon, breach scanning, CVE tracking, cryptographic utilities — all running client-side with real APIs. No accounts. No API keys. No data stored.

12.4BRECORDS IN BREACH DB
2,847ATTACKS / MIN
234K+KNOWN CVES
0YOUR SCANS

What is IRONROOT?

IRONROOT is a unified threat intelligence dashboard that bundles the most useful cybersecurity tools into a single, free web application. Everything runs in your browser — no backend servers process your queries, and nothing is logged or stored externally.

100% Client-Side

All processing happens in your browser. Your data never touches our servers. Queries go directly from your browser to public APIs.

No API Keys

Every tool uses free, public APIs that require no signup or authentication. Google DNS, IANA RDAP, crt.sh, NIST NVD, ip-api — all open.

20+ Security Tools

DNS intelligence, WHOIS lookup, subdomain enumeration, breach scanning, SSL inspection, CVE search, hash generation, and more.

No Account Required

Use every tool without signing up. Optionally create an account to save preferences and track assets across sessions via localStorage.

Available Tools

Organized into five categories. Click any tool name to jump directly to it.

DNS IntelligenceQuery A, AAAA, MX, NS, TXT, CNAME, SOA, and DMARC records via Google DNS-over-HTTPSGOOGLE DNS
WHOIS / RDAPDomain registration, expiry dates, registrar info, and nameservers via IANA RDAP bootstrapIANA RDAP
Subdomain FinderEnumerate subdomains using Certificate Transparency logs from crt.shCRT.SH
Technology DetectIdentify hosting, CDN, email, and DNS providers from DNS record analysisDNS ANALYSIS
IP GeolocationLocation, ISP, ASN, and VPN/proxy detection for any IP addressIP-API
Breach ScannerCheck if an email appears in 12+ known data breaches (simulated local database)LOCAL DB
SSL / TLS InspectorCheck certificate validity, issuer, and expiry from CT transparency logsCRT.SH
Header AuditGrade security headers (CSP, HSTS, X-Frame-Options) with A-F scoringDIRECT
URL / Phishing CheckHeuristic analysis for phishing patterns, suspicious TLDs, and malware indicatorsLOCAL
Reverse DNSPTR record lookup for IP addresses via Google DNSGOOGLE DNS
ASN LookupAutonomous System details — owner, network block, and countryIP-API
Subnet CalculatorCIDR notation to network range, broadcast, usable hosts, and wildcard maskLOCAL
Hash GeneratorMD5, SHA-1, SHA-256, SHA-512 hashing with Web Crypto APIWEB CRYPTO
Password Strength10-point analysis with entropy calculation and crack time estimationLOCAL
JWT DecoderDecode header, payload, signature, and expiry from JSON Web TokensLOCAL
Base64 / URL EncodeEncode and decode Base64 strings and URL componentsLOCAL
User-Agent ParserParse UA strings for OS, browser, device, and bot detectionLOCAL
Regex TesterLive regex matching with match positions and capture groupsLOCAL
Epoch ConverterConvert between Unix timestamps and human-readable datesLOCAL

APIs & Data Sources

IRONROOT connects to these free, public APIs. No keys or authentication required for any of them.

Google DNS

DNS-over-HTTPS for all record type queries. Fast, reliable, global.

OPERATIONAL

IANA RDAP

Registration Data Access Protocol for WHOIS-style domain lookups.

OPERATIONAL

crt.sh

Certificate Transparency log aggregator for subdomain enum and SSL checks.

OPERATIONAL

ip-api.com

IP geolocation, ASN, ISP, and proxy/VPN detection.

OPERATIONAL

NIST NVD

National Vulnerability Database for CVE search and tracking.

OPERATIONAL

Web Crypto API

Browser-native cryptographic hashing (SHA-1, SHA-256, SHA-512).

BUILT-IN

FAQ

Common questions about how IRONROOT works.

Is my data safe?

Yes. IRONROOT runs entirely in your browser. When you query a domain or IP, the request goes directly from your browser to the public API — our servers are never involved. Saved preferences use your browser's localStorage only.

Are the breach results real?

The breach scanner uses a simulated local database for demonstration. It does not query actual breach databases like Have I Been Pwned. Results are deterministic (same email = same results) but not real breach data.

Why do some tools say "CORS blocked"?

Some APIs (like direct HTTP header inspection) can't be accessed from a browser due to Cross-Origin Resource Sharing restrictions. This is a browser security feature, not a bug. The tool will explain when this happens.

Do I need an account?

No. Every tool works without an account. Creating an account lets you save monitored assets and track scan history across sessions, but it's entirely optional and stored locally.

Can I self-host this?

Yes. IRONROOT is a single HTML file with no build step, no dependencies, and no backend. Download it and open it in any browser, or host it on any static file server.

Live Threat Feed

Simulated real-time global attack data for demonstration purposes.

LIVE FEED

Scanner Suite

All tools free. No API keys. No authentication required.

ALL 20
RECON
VULN
NETWORK
CRYPTO
UTILITY
DNS IntelligenceGOOGLE DNS
A, AAAA, MX, NS, TXT, CNAME, SOA, DMARC records via DNS-over-HTTPS.
resolving
WHOIS / RDAPIANA RDAP
Registration, expiry, registrar, nameservers via RDAP protocol.
querying
Subdomain FinderCRT.SH
Subdomain enumeration via Certificate Transparency logs.
searching CT
Technology DetectDNS ANALYSIS
Detect hosting, CDN, email, DNS providers from DNS records.
analyzing
IP GeolocationIP-API
Location, ISP, ASN, VPN/proxy detection. Leave blank for your IP.
geolocating
Breach ScannerBREACH DB
Check email against 12+ known data breaches.
scanning
SSL / TLS InspectorCRT.SH
Certificate validity, issuer, expiry from CT transparency logs.
inspecting
Header AuditDIRECT
Grade security headers: CSP, HSTS, X-Frame-Options. A-F score.
auditing
URL / Phishing CheckLOCAL
Heuristic phishing, malware, suspicious URL pattern analysis.
Reverse DNSGOOGLE DNS
PTR record lookup for IP addresses.
resolving
ASN LookupIP-API
Autonomous System details: owner, network, country.
querying
Subnet CalculatorLOCAL
CIDR to network range, broadcast, usable hosts, wildcard.
Hash GeneratorWEB CRYPTO
MD5, SHA-1, SHA-256, SHA-384, SHA-512.
Password StrengthLOCAL
Entropy, crack time, pattern detection. 10-point analysis. Offline.
JWT DecoderLOCAL
Decode header, payload, expiry, claims from JSON Web Tokens.
Base64LOCAL
Encode or decode Base64 strings.
URL EncodeLOCAL
Encode or decode URL components.
User-Agent ParserLOCAL
Parse UA strings. OS, browser, device detection. Blank = yours.
Regex TesterLOCAL
Live regex matching with index positions.
Epoch ConverterLOCAL
Unix timestamp to human date and back.

CVE Feed

NIST National Vulnerability Database. Live API, no key.

querying NVD

Dashboard

Security overview

ASSETS

no assets

ALERTS

no alerts

SCAN LOG

no scans

AI Intel

Security posture analysis

run scans first

Sign In

No account? Create

Create Account

Add Asset