See your web security the way an attacker does. Then fix it.
Three tools in one browser tab. Grade a site's security headers, TLS and cookies A to F, inspect and lint a JWT, and analyze or build a Content-Security-Policy. No accounts, no attacks, just the checks and the exact fixes.
Authorized use only. The posture scanner reads a URL's own public response headers (what any browser already receives) and never attacks or probes a target. Only scan sites you own or have explicit permission to test. Benteng is for defense, hardening, and learning.
Blue team
Defend and verify
Grade your own site's headers, lint tokens, harden a CSP. See what an attacker sees in your response, and fix it.
Red team
Recon on authorized targets
The posture scan reads only public response headers, the same ones a browser gets. Point it at systems you own or are authorized to test.
Learn
Understand the why
Every finding explains the risk and the exact fix, so it doubles as an appsec primer, not just a pass or fail.
Grade a site's security headers, TLS, and cookies
The JWT inspector and CSP tools run fully in your browser, nothing is uploaded. The posture scanner fetches only response headers server-side (SSRF-guarded, rate-limited) and stores nothing. Benteng · a Palu Gada tool.