Free Tools

Free DFIR Tools

Four free cybersecurity tools built for analysts, responders, and defenders. Investigate phishing, scan for exposure, look up domains, and analyse suspicious files — no account, no paywall.

Built in Switzerland by DFIR Lab. Privacy-first by design — your data is never stored or shared.

Phishing Email Checker

Analyse suspicious emails

Paste raw email headers to check for phishing indicators, spoofing attempts, and SPF / DKIM / DMARC authentication failures. Instant results, no account needed.

SPFDKIMDMARCHeader Analysis

Try it free

Exposure Scanner

Map your attack surface

Scan any domain or IP for open ports, SSL/TLS misconfigurations, exposed services, and attack surface indicators. Understand what attackers see before they do.

Port ScanSSL CheckDNSAttack Surface

Try it free

Domain Lookup

Investigate any domain

Full WHOIS records, DNS enumeration, email security posture (SPF/DKIM/DMARC), and reputation scoring — all in a single query. Essential for phishing and fraud investigations.

WHOISDNS RecordsReputationEmail Security

Try it free

File Analyzer

Static analysis for suspicious files

Upload scripts, documents, or executables for static analysis. Detects obfuscation, suspicious patterns, embedded URLs, and indicators of compromise without executing the file.

Static AnalysisObfuscationIOC DetectionSafe Sandbox

Try it free

Swiss-built. Privacy-first.

Every tool on this page is built and operated by DFIR Lab — a security research project based in Switzerland. We don't require accounts, we don't log queries, and we don't sell your data.

Need higher rate limits, API access, or team features? The DFIR Platform extends these tools with a free tier and pay-as-you-go API.

Try DFIR Platform Free Browse the DFIR Wiki