Testing, Recon, and Reporting

Testing tools for security teams, developers, and QA

hexbuffer helps inspect traffic, test APIs, automate workflows, and document findings faster with AI-powered analysis

What Can You Do?

Modern web security testing is fragmented. hexbuffer brings it all into one workspace.

HTTP & WS History

Capture, inspect, and filter HTTP traffic and live WebSocket frames in real time.

Intercept & Tamper

Pause traffic mid-flight. Edit raw request/response headers and bodies before they resolve.

Repeater & Scripting

Replay requests, re-execute sockets, and run custom sandboxed JavaScript pre-request and test scripts.

Invoker Fuzzer

Run concurrent fuzzer campaigns with marked request payload positions and processing pipelines.

Workflow Automation

Build visual node-based automation pipelines using triggers, conditions, and actions.

Browser Crawler

Automated BFS crawler that maps target directories and surfaces AI-categorized severity insights.

Documents & Evidence

Write markdown reports using specialized templates and link captured HTTP transactions as evidence.

OOB Listener

Generate temporary lookup domains to capture out-of-band DNS, HTTP, and SMTP transactions.

Debugger & Regression

Triage chronological proxy logs and build/run automated UI test integration suites.

AI Assistant

Get contextual suggested payloads, endpoint summaries, and remediation advice.

How Is It Different?

hexbuffer combines real-time traffic interception, manual request crafting, automated attacks, AI-driven reconnaissance (AI feature currently under development), and professional report building in a single desktop application. No web-based tool sprawl. No juggling five different windows. Just open hexbuffer and get to work.

Who Is It For?

Built for anyone who needs to inspect, test, and document web applications.

Penetration Testers

A complete workstation that replaces a patchwork of tools.

Bug Bounty Hunters

Find, verify, and document vulnerabilities faster.

Security Researchers

Deep traffic analysis combined with AI-assisted discovery.

Developers & QA

Debug APIs and test endpoint behavior manually.

Try hexbuffer on your next target.

A desktop app for web app recon, traffic inspection, and security testing — all in one place.

Always improvingOpen to feedback
Download for macOS

macOS available now — Windows coming soon