One sign-in.
Everything opens.

An MCP server for your AI assistant, a browser toolkit, a URL scanner, and an investigation course. One account. Free.

Experience ghostkit+

Google OAuth, we never see your password.

Every investigation used to start the same way. A mess of tabs, half-remembered shortcuts, and the right tool always one click too far. I wanted a single surface where the next step was always the next click. So I built this.

Paul, building ghostkit

The lead feature · MCP Server

Investigate from your AI chat.

Ask Claude to decode a token. Claude calls gk_jwt_decoder and hands you back the claims. Same for 35 other tools, without leaving the conversation.

Set up the MCP server
36
MCP tools, from JWT decode to URL analysis
Claude · Cursor · Windsurf
Works with any MCP client
ghostkit.net/api/mcp
One URL, no local install

Everything else you'd otherwise keep in fifteen tabs.

39

Toolkit

Investigate locally, never upload.

Decoders, deobfuscators, hash and key generators, formatters. All processing stays in your tab.

Open the toolkit
10+

Recon

Vet any URL before you trust it.

Headers, DNS, WHOIS, TLS, threat intel, and phishing signals rolled into one 0-100 score.

Run a scan
5

Learn

From first look to takedown.

Five parts that walk an investigation end to end, with every chapter linked to the tool that does the work.

Start reading

Sign in. Start investigating.

Free forever, no credit card, no questionnaire. Google sign-in and you're in.

Experience ghostkit+
Comparing (/4):

Tool Comparison

Feature
Type
Pricing
Platforms
Description