Test your DLP, NGFW, IPS, and MITRE ATT&CK defences β all from your browser.
ITSecTools is a free, browser-based security validation toolkit that lets you test whether your security controls are actually working β DLP policies, firewall rules, IPS signatures, and complete MITRE ATT&CK kill chains. No installation, no login, no data stored.
π Try it now β itsectools.com
| Tool | What It Does | Link |
|---|---|---|
| β‘ DLP Validator | Multi-protocol file testing, evasion payloads, file label scanning | Open β |
| π§ Regex Engine Tools | Build & translate DLP regex across 10 vendor engines | Open β |
| π₯ NGFW Validation | IPS signature testing, advanced evasion, C2C beacon simulation | Open β |
| π― MITRE ATT&CK Simulator | 4-phase sequential kill chain execution | Open β |
| π‘ Threat Gen | EICAR, heuristic malware, ransomware test files | Open β |
| π‘ Network Pulse | Latency, jitter, packet loss, PMTU, AI security insights | Open β |
The most comprehensive free DLP testing tool available. Test your data loss prevention policies across every channel and evasion technique.
- Upload files over HTTP (port 80), HTTPS (port 443), and FTP (port 21) β all from the browser
- Download dynamically generated test files containing PII, PCI, and PHI data in PDF, DOCX, XLSX, CSV
- Every file is unique β prevents static hash fingerprinting
- HTTP and HTTPS POST Simulation for testing inline text inspection and data-in-motion exfiltration
- The only free DLP testing tool that detects and reports when an Endpoint DLP agent blocks file uploads at the browser level β even in inline/proxy mode
- Clearly distinguishes endpoint-level blocks from network/proxy DLP blocks with actionable output messages
- Compatible with Forcepoint DLP, Symantec Endpoint DLP, and other endpoint agents
- No other free tool (including dlptest.com) offers this visibility
- Downloads dynamically generated documents over HTTPS to test DLP configured in proxy/inline mode
- Validates whether the proxy DLP engine can parse DOCX, PDF, XLSX, and CSV to detect embedded sensitive data
- Each download is dynamically generated with fresh data to prevent static hash fingerprinting
- DOCX/XLSX β Parses ZIP archive structure to extract MIP classification labels from
docProps/custom.xml - PDF β Reads classification properties from PDF metadata dictionaries
- Content-Level DLP β Scans for PII (SSN), PCI (credit cards), keyword-based classification
- File Hashing β MD5 and SHA-256 for integrity verification
- Color-coded results: π΄ Confidential/Secret Β· π΅ Internal/Restricted Β· π’ Public
| Payload Type | What It Tests |
|---|---|
| Renamed File Extensions | Valid DOCX saved as .jpg/.png β tests true file typing (magic number detection) |
| Base64 Encoder/Decoder | Obfuscated sensitive strings β tests inline Base64 decoding |
| Password-Protected ZIP | AES-encrypted archives β tests fail-close vs. fail-open policies |
| Nested Archives | 1β10 layers of ZIP compression β tests maximum extraction depth |
Build and translate DLP regex patterns across 10 vendor engines.
- Paste compliance test data β auto-analyze into segments β customize 27 match types β generate vendor-optimized regex
- Plain English explanation of every generated pattern
- Translate any regex across vendor-specific syntax (PCRE, RE2, Java, cloud-native)
- Instant match testing with failure diagnostics that pinpoint exactly which token broke
| Vendor | Engine |
|---|---|
| Forcepoint DLP | PCRE |
| Forcepoint DSPM | Cloud |
| Symantec DLP (Broadcom) | Custom |
| Palo Alto Networks | RE2 |
| Zscaler | RE2 |
| Netskope | RE2 |
| Trellix DLP | Java |
| Fortinet | PCRE |
| Microsoft Purview | .NET |
| Proofpoint | Smart Identifiers |
Test your Next-Generation Firewall with real attack payloads.
β οΈ Prerequisite: SSL Decryption (DPI-SSL) must be enabled foritsectools.comβ without it, the firewall can't inspect the encrypted payloads.
- SQL Injection (SQLi) β
' OR 1=1; --in HTTP query strings - Cross-Site Scripting (XSS) β
<script>alert(1)</script>injection - Directory Traversal β
../../etc/passwdpath traversal
- Log4j JNDI Injection β
${jndi:ldap://...}in HTTP headers (CVE-2021-44228) - Hex-Encoded SQLi β SQL injection entirely in URL encoding
- Shellshock RCE β Bash function injection in custom headers (CVE-2014-6271)
- OOB Data Exfiltration β
/etc/passwdin outbound query parameters - Web Shell Beacon β Linux enumeration commands to external server
- Python Reverse Shell Stager β Malware payload fetch with Python user-agent
Execute a 4-phase sequential kill chain mapped to the MITRE ATT&CK framework. One click runs all stages β if your controls break the chain at any point, the attacker fails.
| Stage | MITRE ID | Technique | What It Simulates |
|---|---|---|---|
| 1οΈβ£ Initial Access | T1190 | Exploit Public-Facing Application | Log4j JNDI/LDAP payload in HTTP headers |
| 2οΈβ£ Execution | T1059.001 | PowerShell | Download cradle attempting to fetch malicious .ps1 |
| 3οΈβ£ Credential Access | T1003.001 | OS Credential Dumping | Mimikatz strings transmitted over the wire |
| 4οΈβ£ Exfiltration | T1048.003 | Exfiltration Over Unencrypted Protocol | Cleartext data extraction via query strings |
Safe malware simulation for testing endpoint and network security solutions.
| File Type | Description | Extensions |
|---|---|---|
| EICAR Standard Test | Industry-standard antivirus detection test | .com, .txt, .zip |
| Heuristic Malware | Tests behavioral analysis engines | .exe, .pdf, .doc |
| Ransomware Simulator | Tests ransomware protection policies | .vbs |
All samples are benign simulators β no real malicious code is executed.
Real-time network telemetry and security analysis.
- Public IP Detection β Shows your external IP address
- Nearest Edge Server β Identifies your closest CDN/edge node
- Latency (RTT) β Round-trip time measurement
- Jitter β Latency variance analysis
- Packet Loss β Connection reliability measurement
- PMTU Discovery β Binary search path MTU detection
- Connection Quality Score β Overall network health grade
- AI Security Insights β Automated security recommendations based on telemetry
| Principle | Details |
|---|---|
| Free | All tools, no limits, no subscription |
| No Login | No account creation required |
| No Data Stored | Files and data are never stored, logged, or transmitted to third parties |
| Ephemeral Processing | Analysis occurs locally in the browser or via stateless serverless functions |
| Safe Simulation | All threat samples are benign simulators designed for detection testing only |
- DLP Validator Guide
- NGFW Testing Guide
- MITRE ATT&CK Guide
- Threat Generation Guide
- Network Pulse Guide
- Regex Engine Tools Guide
- ITSecTools vs DLPTest.com
- Best Free NGFW & Firewall Testing Tools
- Best Free Web Security Testing Tools
- π Website: itsectools.com
- π Help Center: itsectools.com/help
- π§ Contact: itsectools.com/contact
- π₯ YouTube: @ITSecTools
- πΌ LinkedIn: ITSecTools
Built for security professionals. Free for everyone.