An ephemeral, real-time browser with a built-in 20-section developer & security workbench.
Nothing you browse is written to disk. Every page loads live from the server. And a full lab of dev/SEO/security/accessibility tools rides along in the sidebar.
Phoenix is a Chromium (Electron) browser built for web developers, QA engineers, SEO specialists, and authorized penetration testers. It combines three things in one window:
- An ephemeral browser — a RAM-only session that stores zero cookies to disk and disables the HTTP cache, so every load is fetched live (perfect for testing sites you're actively developing).
- A 20-section workbench — inspect, console, network, security, SEO, performance, accessibility, PWA, storage, privacy, forms, visual testing, automation, reports and an AI analyst — each auditing the page you're on.
- A 35-tool recon/OSINT lab — DNS, WHOIS, SSL, tech-stack, WordPress, subdomains, API discovery, secret scanning and more, running in the Node core (no CORS limits, no API keys).
⚠️ Authorized use only. The offensive modules (port scan, content discovery, login analysis, default-cred reference, etc.) are for assets you own or have written permission to test. You are responsible for how you use this tool.
- Download
Phoenix Browser-Setup-x.y.z.exefrom the Releases page. - Run it. Because the build is unsigned, Windows SmartScreen shows “Windows protected your PC” → click More info → Run anyway.
- Launch from the Desktop / Start-Menu shortcut.
Silent / fleet install:
"Phoenix Browser-Setup-x.y.z.exe" /SDownload Phoenix Browser-Portable-x.y.z.exe and double-click. No install, no admin rights.
git clone https://github.com/<you>/phoenix-browser.git
cd phoenix-browser
npm install
npm start # run in dev
npm run dist # build the Windows installer + portable exe into dist/Requires Node 18+.
| Section | What it does |
|---|---|
| 🌐 Browser | Ephemeral tabs · real-time (no cache) · address-bar commands · wipe-on-close |
| 🔍 Inspect | Element picker, DOM stats (duplicate IDs, missing alt, empty buttons), native Chrome DevTools |
| 🖥 Console | Live console + error capture, level filters, snippet runner |
| 🕸 Network | Resource-timing waterfall, weight breakdown, slow/large/3rd-party/uncompressed detection, HAR-ish export |
| 🛡 Security | Passive scan: headers, TLS, cookies, CORS, exposed .git/.env, JS secret leaks → posture score |
| 🔑 Passwords / Auth | Auth-method fingerprint, login/CSRF analysis, password strength + entropy + HIBP k-anonymity breach check, SPF/DMARC |
| 📈 SEO | On-page audit, Google SERP + mobile preview, keywords, robots/sitemap |
| ⚡ Performance | Web Vitals (LCP/CLS/TTFB/FCP), render-blocking + optimization suggestions |
| 📱 Responsive | Device frames (mobile/tablet/desktop/custom), rotate, overflow check, screenshots |
| ♿ Accessibility | WCAG checks — contrast, alt, labels, ARIA, heading order, focus → a11y score |
| 📦 PWA / Web App | Manifest, service workers, installability score, framework detection |
| 🗄 Storage | Cookies / localStorage / sessionStorage / IndexedDB + token & sensitive-data detection + clear |
| 🕵 Privacy | Tracker & third-party detection, consent-banner + fingerprinting checks |
| 📝 Forms | Per-form security, labels, CSRF, autocomplete, upload-field analysis |
| 🎨 Visual Testing | Full-page screenshot, grid & contrast overlays, color picker, box-model inspect |
| ⏺ Automation | Record clicks/typing/navigation → export Playwright / Puppeteer / Selenium |
| 🜂 Hacking Lab | 35 recon/OSINT tools (see below) |
| 📊 Reports | Aggregate score dashboard + export HTML / JSON / Markdown |
| 🤖 AI Analyst | Explain findings, summarise pages, generate meta/fixes — pluggable Azure/Ollama endpoint + offline mode |
| ⚙ Settings | Search engine, AI backend, scan intensity, data controls |
Every audit section auto-runs when you open it and shows a live ◎ host chip so you always know what's being analysed. Results roll up into the Reports dashboard.
DNS · WHOIS · IP/ASN · Subdomains (crt.sh) · WAF/CDN · Wayback · Rank/Intel · Tech Stack · WordPress · WP Plugins · Headers · API Endpoints · GraphQL introspection · JS Recon (secret scan) · CORS · Auth Methods · Login/CSRF · Default Creds · SPF/DMARC · Vuln Flags · CVE Lookup (NVD) · SSL/TLS · Cookies · HTTP Methods · Port Scan · Content Discovery · SEO Audit · Keywords · Broken Links · Mixed Content · Perf/TTFB · Robots/Sitemap · JWT Decode · Raw HTTP Request builder · Page/URL scrapers
Type a command instead of a URL:
seo example.com scan example.com dns example.com
whois example.com headers example.com ssl example.com
security example.com ports example.com cve example.com
| SEO audit + SERP preview | Accessibility |
|---|---|
![]() |
![]() |
| Performance / Web Vitals | Network waterfall |
|---|---|
![]() |
![]() |
| Privacy & trackers | Reports dashboard |
|---|---|
![]() |
![]() |
| Storage inspector | Hacking Lab (live DNS) |
|---|---|
![]() |
![]() |
(All screenshots are Phoenix analysing example.com.)
- RAM-only session — a non-persistent Chromium partition; nothing is written to disk and everything is wiped on close and on launch.
- No HTTP cache —
Cache-Control: no-cache, no-storeon every request → real-time data every load. - Toggles: block all cookies · kill service workers · allow self-signed certs · wipe-before-every-navigation.
Ctrl+Shift+Delwipes cookies, cache, storage & service workers instantly.- All analysis (WHOIS, DNS, SSL, tech-stack, etc.) uses free, keyless public endpoints (rdap.org, ip-api.com, crt.sh, NVD, archive.org). No telemetry, no accounts.
Ctrl+T / Ctrl+W |
new / close tab |
Ctrl+L |
focus address bar |
Ctrl+R / Ctrl+Shift+R |
reload / hard reload |
F2 |
toggle Hacking Lab |
Ctrl+Shift+S |
scrape current page |
Ctrl+Shift+Del |
wipe session |
F12 |
native DevTools |
Electron 33 (Chromium 130) · Node core tools (dns/tls/net/http + cheerio) · a modular workbench where each section is an isolated src/modules/*.js registered against a shared PhoenixCore API. No external services required to run.
MIT — see LICENSE. Provided as-is, for lawful and authorized use only.
Built by Uminber Designs · part of the Phoenix / Airlight toolset.








