Exploit Lab
Open a capsule
Paste a capsule fingerprint to open its per-step breakdown.
Capsules in your tenant
Every capsule sealed against this tenant by any caller (portal, CLI, SDK). Tenant scoping is enforced server-side — cross-tenant reads return 404 indistinguishably.
Loading…
Recently viewed in this browser
No capsules opened in this browser yet. Open a fingerprint above or click one from the tenant list — it will show up here.
Capabilities
The Lab is an HTTP service. Every capability below has a matching endpoint; the CLI and SDK both talk to the same routes.
- POST
/api/v1/lab/exploit/runRun exploit
Execute an attack path against a fork runtime. Returns a sealed capsule with per-step side-effects and a reproducer.
- POST
/api/v1/lab/governance/simulate-compromiseSimulate governance compromise
Compromise a privileged role and exercise every registered capability under threshold-policy rules; blast radius reported per action.
- POST
/api/v1/lab/zk/forge-proofForge ZK proof
Run the soundness fuzzer over an R1CS constraint set; reports witnesses that satisfy constraints while forging target outputs.
- POST
/api/v1/lab/cross-runtime/admin-impactCross-runtime admin impact
Propagate a compromised admin key across EVM/SVM bindings and bridge edges. Returns the full blast-radius graph.
- POST
/api/v1/lab/paths/suggestSuggest attack paths
Synthesize runnable attack paths from a batch of findings. Each suggestion is ready to hand to /exploit/run.
- GET
/api/v1/lab/capsules/{fingerprint}Fetch capsule
Retrieve a previously sealed capsule by fingerprint. Tenant-scoped — cross-tenant reads return 404 indistinguishably.
Sign in to access the Exploit Lab
Use the Sign In button in the navigation bar.