Live status check of 206 cybersecurity platforms, training sites, threat-intel services, and security news sources. One click checks them all from your browser. Distinguish "we broke" from "vendor down" in 30 seconds.
206 tools checked — the cybersecurity ecosystem is healthy.
The check runs entirely in your browser — there is no server-side scanning happening on our end. For each of the 206 tools in the registry, the page does two things in sequence: first, it tries to load /favicon.ico via an HTML <img> request (which works around CORS because images are allowed cross-origin without explicit headers); if that fails, it falls back to a fetch() with mode:'no-cors'. If either succeeds within the 5-second per-tool timeout, the tool is marked online; if both fail, it shows as having issues.
Concurrency and timing. Six checks run in parallel to keep the scan fast without hammering any single network. A 90-second master timeout caps the entire scan even if some tools never respond. Typical scan duration for the full 206-tool grid is 30-60 seconds depending on your network conditions.
The tool registry. The 206+ tools cover the categories a working security person actually uses: pentest distributions and tools (Kali, Parrot, BlackArch, Metasploit, Burp Suite), bug bounty platforms (HackerOne, Bugcrowd, Intigriti, YesWeHack), CTF platforms (Hack The Box, TryHackMe, picoCTF, Root-Me), training (PortSwigger Academy, OffSec, SANS), threat intelligence and OSINT (VirusTotal, AbuseIPDB, Shodan, Censys), security news and reference (Krebs, BleepingComputer, MITRE, NVD, OWASP), and dozens more. Use the search box and category dropdown above to narrow down to specific platforms.
What "down" means here. A tool marked as having issues means your browser could not reach it within 5 seconds via either the favicon or fetch path. That could mean: the service is genuinely down, or it is up but slow, or your network is having issues, or your IP is being rate-limited, or the service does not serve a favicon and rejects no-cors fetches. Status checks measure connectivity from your specific browser at this specific moment — not absolute global uptime.
Sharing results. After a scan completes, share buttons appear with prefilled summaries for X (formerly Twitter), Facebook, LinkedIn, and clipboard. The shared link includes ?up=X and ?down=Y parameters that generate dynamic Open Graph card previews — useful for posting incident summaries or when a major platform goes down.
You've blocked off three hours for a Hack The Box session or a TryHackMe room. Before you commit, run the status check — if HTB or THM is having issues, you'll know in 30 seconds rather than discovering it 20 minutes into setup. Saves the time-sink of debugging "why isn't this working" when the answer is "the platform is having an outage right now".
You're testing a target during a bounty engagement and something stops responding. Before reporting "I broke it" or escalating to the security team, check whether the target's auth provider, CDN, or upstream services are down. If Cloudflare is having issues at the time you triggered the failure, the cause is probably not your test — it is the upstream outage. Quick check, much better triage signal.
Your application breaks. Before paging the on-call engineer, run the status check against the third-party services in your stack — auth provider, payment processor, email gateway, monitoring vendor, observability stack. A vendor outage means coordinate with their support, communicate to your users, and wait it out. An internal break means real incident response. Confusing the two costs hours.
You're considering a new platform for your team — a CTF platform for staff training, a threat-intel feed, a bug-bounty platform partner. Add it to your bookmarks and run the status check periodically over a week or two. A platform that intermittently fails the check is signalling something about its operational maturity that the marketing site won't.
Your vendor claims 99.9% uptime. Cross-reference with independent observation: every time you notice the service is down, the vendor's status page probably shows different numbers than reality. Independent monitoring data over time is the evidence base for SLA-credit conversations and vendor-renewal decisions.
Vendor-controlled status pages are marketing artefacts as much as operational dashboards. Many incidents get understated, marked late, or omitted entirely. Independent external observation often shows different reality than the vendor's own dashboard. Use both signals; trust the one that matches what you're actually experiencing.
This tool measures whether your browser can reach a service, not whether the service is healthy, functional, or secure. A site that responds with "favicon loaded" might still have its admin panel broken, its API returning errors, or its database read-only. Use this as a fast first check, not as comprehensive monitoring.
Your IP, your DNS resolver, your ISP routing — all of these affect whether a check succeeds. A service that shows "down" from your office might be perfectly reachable from a coffee shop or a different country. For global uptime confidence, use multi-region tools (UpDownRadar, IsItDownRightNow, DownDetector) that check from datacentres worldwide.
A service can be up but with a degraded subset: only the EU region affected, only the API broken while the web UI works, only paying customers can authenticate. The binary up/down signal here doesn't catch any of that. For platforms you depend on heavily, follow their official Twitter/X account and their incident-disclosure feed alongside the binary check.
If a service shows down here but you can reach it via a different DNS resolver (or via Cloudflare's 1.1.1.1 instead of your ISP's resolver), the problem is DNS or CDN-routing, not the origin service. The DNS Lookup tool can help isolate which layer is failing — useful when you need to know whether to wait for the vendor to fix it or for your network team to fix DNS.
Many transient failures resolve within minutes. Before triggering incident response or sending the all-hands "service X is down" email, re-check from a different network or wait 5 minutes and re-scan. Real outages persist; transient blips don't.