Testing tools for security teams, developers, and QA
hexbuffer helps inspect traffic, test APIs, automate workflows, and document findings faster with AI-powered analysis
What Can You Do?
Modern web security testing is fragmented. hexbuffer brings it all into one workspace.
HTTP & WS History
Capture, inspect, and filter HTTP traffic and live WebSocket frames in real time.
Intercept & Tamper
Pause traffic mid-flight. Edit raw request/response headers and bodies before they resolve.
Repeater & Scripting
Replay requests, re-execute sockets, and run custom sandboxed JavaScript pre-request and test scripts.
Invoker Fuzzer
Run concurrent fuzzer campaigns with marked request payload positions and processing pipelines.
Workflow Automation
Build visual node-based automation pipelines using triggers, conditions, and actions.
Browser Crawler
Automated BFS crawler that maps target directories and surfaces AI-categorized severity insights.
Documents & Evidence
Write markdown reports using specialized templates and link captured HTTP transactions as evidence.
OOB Listener
Generate temporary lookup domains to capture out-of-band DNS, HTTP, and SMTP transactions.
Debugger & Regression
Triage chronological proxy logs and build/run automated UI test integration suites.
AI Assistant
Get contextual suggested payloads, endpoint summaries, and remediation advice.
How Is It Different?
hexbuffer combines real-time traffic interception, manual request crafting, automated attacks, AI-driven reconnaissance (AI feature currently under development), and professional report building in a single desktop application. No web-based tool sprawl. No juggling five different windows. Just open hexbuffer and get to work.
Who Is It For?
Built for anyone who needs to inspect, test, and document web applications.
Penetration Testers
A complete workstation that replaces a patchwork of tools.
Bug Bounty Hunters
Find, verify, and document vulnerabilities faster.
Security Researchers
Deep traffic analysis combined with AI-assisted discovery.
Developers & QA
Debug APIs and test endpoint behavior manually.
Try hexbuffer on your next target.
A desktop app for web app recon, traffic inspection, and security testing — all in one place.
macOS available now — Windows coming soon