We offer these as a service to the community. Our tools come with no commitment to maintenance and no claims to warranty. Use at your own risk.


Implemented as a cross-platform library developed in C and C++, UCAPI hinders visual spoofing attacks by recognizing the visually confusable characters and similar strings from a wide variation of languages being employed. Partially based on Unicode TR39, UCAPI can provide software vendors with safety options not currently available in Win32 or .NET libraries.


A plugin for the free Fiddler HTTP proxy, Watcher passively audits a web application to find security bugs and compliance issues automatically. Safe for production use, Watcher acts as an assistant to the developer by quickly identifying issues that commonly lead to security problems in web apps. No configuration required.


An XSS testing plugin for the free Fiddler HTTP proxy, x5s actively injects tiny probes of ASCII and Unicode into every user-controlled input of a Web-application in order to elicit and identify character transformations and encoding issues that could lead to XSS vulnerability. x5s is automatic and easy to run.

Path fuzzer

Put file systems or applications through brutal folder and file name read testing to identify what crumbles. Path fuzzer mutates names and file extensions with fuzzed strings, floating point integers, non-printable characters, illegal characters (> < : " / \ |), reserved names (COM1, AUX) and more. It runs effortlessly without setup but does offer configuration options.