Skip to content

ud-devops/phoenix-browser

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

🜂 Phoenix Browser

An ephemeral, real-time browser with a built-in 20-section developer & security workbench.

Nothing you browse is written to disk. Every page loads live from the server. And a full lab of dev/SEO/security/accessibility tools rides along in the sidebar.

Security audit


What it is

Phoenix is a Chromium (Electron) browser built for web developers, QA engineers, SEO specialists, and authorized penetration testers. It combines three things in one window:

  1. An ephemeral browser — a RAM-only session that stores zero cookies to disk and disables the HTTP cache, so every load is fetched live (perfect for testing sites you're actively developing).
  2. A 20-section workbench — inspect, console, network, security, SEO, performance, accessibility, PWA, storage, privacy, forms, visual testing, automation, reports and an AI analyst — each auditing the page you're on.
  3. A 35-tool recon/OSINT lab — DNS, WHOIS, SSL, tech-stack, WordPress, subdomains, API discovery, secret scanning and more, running in the Node core (no CORS limits, no API keys).

⚠️ Authorized use only. The offensive modules (port scan, content discovery, login analysis, default-cred reference, etc.) are for assets you own or have written permission to test. You are responsible for how you use this tool.


Install (Windows)

Option 1 — Installer (recommended)

  1. Download Phoenix Browser-Setup-x.y.z.exe from the Releases page.
  2. Run it. Because the build is unsigned, Windows SmartScreen shows “Windows protected your PC” → click More info → Run anyway.
  3. Launch from the Desktop / Start-Menu shortcut.

Silent / fleet install:

"Phoenix Browser-Setup-x.y.z.exe" /S

Option 2 — Portable

Download Phoenix Browser-Portable-x.y.z.exe and double-click. No install, no admin rights.

Option 3 — Build from source

git clone https://github.com/<you>/phoenix-browser.git
cd phoenix-browser
npm install
npm start          # run in dev
npm run dist       # build the Windows installer + portable exe into dist/

Requires Node 18+.


The 20 sections

Section What it does
🌐 Browser Ephemeral tabs · real-time (no cache) · address-bar commands · wipe-on-close
🔍 Inspect Element picker, DOM stats (duplicate IDs, missing alt, empty buttons), native Chrome DevTools
🖥 Console Live console + error capture, level filters, snippet runner
🕸 Network Resource-timing waterfall, weight breakdown, slow/large/3rd-party/uncompressed detection, HAR-ish export
🛡 Security Passive scan: headers, TLS, cookies, CORS, exposed .git/.env, JS secret leaks → posture score
🔑 Passwords / Auth Auth-method fingerprint, login/CSRF analysis, password strength + entropy + HIBP k-anonymity breach check, SPF/DMARC
📈 SEO On-page audit, Google SERP + mobile preview, keywords, robots/sitemap
Performance Web Vitals (LCP/CLS/TTFB/FCP), render-blocking + optimization suggestions
📱 Responsive Device frames (mobile/tablet/desktop/custom), rotate, overflow check, screenshots
Accessibility WCAG checks — contrast, alt, labels, ARIA, heading order, focus → a11y score
📦 PWA / Web App Manifest, service workers, installability score, framework detection
🗄 Storage Cookies / localStorage / sessionStorage / IndexedDB + token & sensitive-data detection + clear
🕵 Privacy Tracker & third-party detection, consent-banner + fingerprinting checks
📝 Forms Per-form security, labels, CSRF, autocomplete, upload-field analysis
🎨 Visual Testing Full-page screenshot, grid & contrast overlays, color picker, box-model inspect
Automation Record clicks/typing/navigation → export Playwright / Puppeteer / Selenium
🜂 Hacking Lab 35 recon/OSINT tools (see below)
📊 Reports Aggregate score dashboard + export HTML / JSON / Markdown
🤖 AI Analyst Explain findings, summarise pages, generate meta/fixes — pluggable Azure/Ollama endpoint + offline mode
Settings Search engine, AI backend, scan intensity, data controls

Every audit section auto-runs when you open it and shows a live ◎ host chip so you always know what's being analysed. Results roll up into the Reports dashboard.

Hacking Lab tools (🜂)

DNS · WHOIS · IP/ASN · Subdomains (crt.sh) · WAF/CDN · Wayback · Rank/Intel · Tech Stack · WordPress · WP Plugins · Headers · API Endpoints · GraphQL introspection · JS Recon (secret scan) · CORS · Auth Methods · Login/CSRF · Default Creds · SPF/DMARC · Vuln Flags · CVE Lookup (NVD) · SSL/TLS · Cookies · HTTP Methods · Port Scan · Content Discovery · SEO Audit · Keywords · Broken Links · Mixed Content · Perf/TTFB · Robots/Sitemap · JWT Decode · Raw HTTP Request builder · Page/URL scrapers

Address-bar commands

Type a command instead of a URL:

seo example.com        scan example.com       dns example.com
whois example.com      headers example.com    ssl example.com
security example.com   ports example.com      cve example.com

Screenshots

SEO audit + SERP preview Accessibility
SEO A11y
Performance / Web Vitals Network waterfall
Perf Network
Privacy & trackers Reports dashboard
Privacy Reports
Storage inspector Hacking Lab (live DNS)
Storage Lab

(All screenshots are Phoenix analysing example.com.)


Privacy & the ephemeral engine

  • RAM-only session — a non-persistent Chromium partition; nothing is written to disk and everything is wiped on close and on launch.
  • No HTTP cacheCache-Control: no-cache, no-store on every request → real-time data every load.
  • Toggles: block all cookies · kill service workers · allow self-signed certs · wipe-before-every-navigation.
  • Ctrl+Shift+Del wipes cookies, cache, storage & service workers instantly.
  • All analysis (WHOIS, DNS, SSL, tech-stack, etc.) uses free, keyless public endpoints (rdap.org, ip-api.com, crt.sh, NVD, archive.org). No telemetry, no accounts.

Keyboard shortcuts

Ctrl+T / Ctrl+W new / close tab
Ctrl+L focus address bar
Ctrl+R / Ctrl+Shift+R reload / hard reload
F2 toggle Hacking Lab
Ctrl+Shift+S scrape current page
Ctrl+Shift+Del wipe session
F12 native DevTools

Tech

Electron 33 (Chromium 130) · Node core tools (dns/tls/net/http + cheerio) · a modular workbench where each section is an isolated src/modules/*.js registered against a shared PhoenixCore API. No external services required to run.

License

MIT — see LICENSE. Provided as-is, for lawful and authorized use only.

Built by Uminber Designs · part of the Phoenix / Airlight toolset.

About

Ephemeral browser + 20-section dev/security workbench (Electron). Real-time, no cookies to disk, 35-tool recon lab.

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors