Terms and conditions

By using our service and accessing this site you agree to the conditions specified here and our privacy policy. "We", "Our", "Us" all refer to the webmasters of this site, SPUZ. "User", "You", "Visitor" all refer to the person(s) agreeing to these conditions and the person(s) accessing our site.

We are NOT responsible for any damages or crimes resulted by using our service. Our site runs several scripts against a visitor's browser in order to alert against vulnerabilities. This process can sometimes alert the user against false positives, the test results may not always be 100% accurate. We are NOT responsible for any damages that may have occurred against a user's computer system and/or browser by using our service.

By using our site, you FORFEIT any cost(s) of damage which may have occurred at any time while present on this site. Our test results may sometimes give the visitor the opportunity to test against exploits in which the user may be vulnerable to. We audit the exploits to make sure they're no longer malicious, but in the event in which something goes wrong, we are NOT responsible. The demo exploits on this site are never executed automatically, the visitor must press the button labeled "Execute" in order for them to be executed against the visitor's machine.

If you have found a flaw in our system, feel free to disclose it at our security.txt.
We will do our best to patch it as soon as possible.

Privacy policy

By using our service and accessing this site you agree to the conditions specified here and our terms and conditions. "We", "Our", "Us" all refer to the webmasters of this site, SPUZ. "User", "You", "Visitor" all refer to the person(s) agreeing to these conditions and the person(s) accessing our site.

When you run our scripts against your browser, computer system, and network, our system begins collecting and analyzing the data from numerous locations specified in the end test results. After the results have been computed, we do NOT collect any information from those results with the exception of access logs. Access logs contain the time, IP address, and user agent string. This is something that is practical on all webservers.

For clarity, we do NOT collect any data from the test results. In order to supply you with the most accurate test results, we use external, third-party APIs to obtain key pieces of information about your system environment. These external services may collect data such as your IP address. We do not supply any of these third-party API systems with your information with the intent of abuse or profit. We ONLY use them to obtain the necessary data for accurate test results.

An example of one (but not all) APIs that we utilize is TorProject's exit node list to cross reference whether or not the user is communicating to this server through Tor. We respect your privacy and appreciate your understanding that Sploit, in order to work properly, requires these methods of transmitting and analyzing data.

In order to reduce API costs, we store the data to every API response from all our listed APIs. The data stored will have a 12 hour expiration time stamp, during that time, any additional request made, our system will fetch the requested data from our own servers. This will reduce any unnecessary API calls that request the same exact data for more than once each 12 hour duration.

We also collect the number of times a test is initiated per API. This allows us to estimate our own API costs to see how much money we need to invest to keep our services alive and also gives us analytical insight.


Our browser vulnerability detection system is one-of-a-kind. Where have you seen a site that tells you exactly which CVE your browser is vulnerable to in real-time?

As of right now, our site does not support mobile platforms. However, we do plan on adding that functionality for iOS and Android devices later on.

If you have any suggestions or ideas you want present on this site, let us know! Either through email: admin[*]sploit.io (where "[*]" is "@") or on our twitter located here.

Custom Test

API Usage

Our service takes advantage of numerous APIs in order to stay functional. Perhaps in the future we will provide an API of our own for services who want to ensure their client's browsers are safe for their own service. That decision will be decided later on in 2018.

Here's a list of all the APIs that we currently use, and the data we send to these services in order to get accurate results.

  • GetIPIntel.net for Proxy / VPN / Bad IP detection | (Data sent: IP address)
  • Check.Torproject.org for Tor Exit Node detection | (Data sent: IP address)
  • IPinfo.io for Hostname and Geolocation data | (Data sent: IP address)
  • Maps.Google.com for displaying location | (Data sent: IP and GPS coordinates)

If you do not wish to have your data sent to these data providers for the sole purpose of serving you accurate test results, please do not use our services.