open source · self-hosted · built in Rust

The raw data
behind the grade.

Five inspectors for DNS, TLS, HTTP headers, email, and IP. Each one standalone. Each one queryable from browser, curl, or CI.

Use one when you need it, compose them in CI, or mix with your own pipeline. Open source, self-hostable, no account needed. The same checks lens runs to produce a grade — exposed individually, with full detail.

ip.netray.info

IP Lookup

// IP, profiled.
ifconfig-rs

Enter any IP — or nothing, to see your own. Get geolocation, ASN, reverse DNS, and network classification: cloud provider, VPN, Tor exit node, or known botnet. Works from the browser or curl.

  • Geolocation, ASN & reverse DNS for any address
  • Cloud provider, VPN, Tor & botnet detection
  • JSON, YAML, TOML, CSV — plain text for scripts
  • Batch lookups and field filtering for automation
Show my IP →
Open tool ↗
dns.netray.info

DNS Inspector

// DNS, refracted.
prism

Query multiple DNS resolvers at once and stream results as they arrive. Spot resolver disagreements, trace delegation chains, and audit your domain's full DNS health in one shot.

  • Query, Check, Trace, Compare, Auth, DNSSEC modes
  • Cloudflare, Google, Quad9, Mullvad & more
  • dig-inspired query language with tab completion
  • Streaming results — no waiting for all resolvers
Open tool ↗
tls.netray.info

TLS Inspector

// TLS, unwrapped.
tlsight

Catches what openssl s_client buries in noise. Full certificate chain, protocol version, cipher strength, and DNS cross-validation — including broken and expired certs.

  • Full chain: expiry, algorithm, completeness
  • DANE/TLSA validation & CAA record cross-check
  • Multi-IP consistency — detects CDN cert mismatches
  • Intentionally inspects broken & expired certs
Open tool ↗
http.netray.info

HTTP Inspector

// HTTP, x-rayed.
spectra

Inspect CSP, HSTS, CORS, cookies, and security headers for any URL. Three concurrent probes — HTTPS chain, HTTP port-80 upgrade, and CORS with an evil origin — give you the full picture in one request.

  • Content Security Policy analysis and scoring
  • HSTS validation including preload eligibility
  • CORS probing with simulated cross-origin requests
  • Cookie attribute audit and security header scoring
Open tool ↗

Learn

Guides on the protocols and concepts behind the tools.

DNS / Email Email Authentication: SPF, DKIM, and DMARC How the three email authentication protocols work together, why they matter, and how to debug delivery failures. Read → TLS TLS Certificate Chain Explained What leaf, intermediate, and root certificates are, how chain validation works, and why incomplete chains break things. Read → DNS DNSSEC: How to Enable and Verify It How DNSSEC signs DNS responses, how to enable it, and how to verify the chain of trust is intact. Read → TLS / HTTP HSTS Preloading: A Practical Guide How HTTP Strict Transport Security works, how to configure it correctly, and what preloading means for your domain. Read → IP What Your IP Address Reveals Geolocation, ASN, network classification, and how IP reputation systems categorise cloud, VPN, Tor, and residential addresses. Read → lens How Lens Scores a Domain Scoring algorithm, section weights, email security for sending vs. receiving domains, and how to test DKIM selectors. Read → HTTP Security Security Headers Overview CSP, HSTS, X-Frame-Options, Permissions-Policy — the baseline set every site needs. Read the guide →
View all guides →