Enter a public URL
Paste any public website you own or have permission to assess.
Dissect performs structured passive analysis of public web targets — headers, cookies, forms, auth surfaces, scripts, and sensitive paths — delivered as executive and technical reports.
Enter a public URL. Results open as a structured security report.
Paste any public website you own or have permission to assess.
Dissect fetches the page and inspects headers, cookies, forms, links, and scripts — without attacking the target.
Get an Executive summary for stakeholders and a Technical report for deeper review. Export JSON anytime.
Six analysis modules run against a single page without sending exploit payloads.
CSP, HSTS, X-Frame-Options, X-Content-Type-Options, and session header review with scoring.
Secure, HttpOnly, and SameSite attribute validation for every Set-Cookie header.
Form classification, hidden field analysis, suspicious parameters, and auth UI detection.
Internal/external link mapping and interesting endpoint discovery from page structure.
Mixed-content script delivery, version disclosure, and client-side dependency signals.
Admin, backup, config, and repository artifact candidates exposed through links.
Yes. The public beta is free for testing. Features and availability may change as the product evolves.
Results are saved server-side for your current session so you can view Executive and Technical reports. They are not published or shared with other users. Starting a new scan replaces the previous result.
Dissect only accepts public HTTP/HTTPS URLs. Localhost, private network addresses, direct IP targets, and unresolved hostnames are rejected to prevent misuse.
Not in v1. The scanner performs unauthenticated passive analysis of publicly reachable HTML pages only.
Dissect surfaces passive exposure indicators — missing headers, cookie flags, form risks, and similar signals. These are starting points for manual review, not guaranteed vulnerabilities.
Found a bug, misleading result, or UI issue on mobile or desktop? Send a report with the target URL and what you expected.