The Exploit Lab landing page. It exposes a capsule lookup form, a
tenant form for fallback tenant scoping, a tenant capsule list, a
per-browser recent list, and a Capabilities panel summarising the
five Lab endpoints (Run exploit, Simulate governance compromise,
Forge ZK proof, Cross-runtime admin impact, Suggest attack paths,
Fetch capsule).
Why it exists
Capsules are sealed records of an exploit path run against a fork
runtime. They are produced by the Lab API; this page is the portal
entry point for working with them — opening a capsule by
fingerprint, scoping to a tenant, and seeing what has recently
been sealed.
Who uses it
Auditor — opens the capsule attached to a finding to
reproduce an exploit.
Researcher — reviews tenant-scoped capsules and the Lab’s
capabilities.
How to open it
Sidebar → Red Team → Exploit Lab.
Direct URL — /exploit-lab.
Using the page
Open a capsule — paste a fingerprint and submit to open
/exploit-capsule?fp=<fingerprint>.
Capsules in your tenant — server-scoped list of capsules
sealed under the current tenant. The tenant is derived
server-side from your signed-in identity (JWT) — there is no
client-supplied tenant input. Use Refresh to re-fetch.
Recently viewed in this browser — client-side list of
capsules opened in the current browser. Use Clear to reset
the list.
Capabilities — reference panel listing the five Lab
endpoints.
Inputs and outputs
Input
Source
Required
Fingerprint
Lookup form
yes for Open capsule
Output
Format
Destination
Capsule detail page
URL
/exploit-capsule?fp=…
Controls reference
Open capsule — opens the capsule by fingerprint.
Refresh — refreshes the tenant capsule list.
Clear — clears the per-browser recent list.
Limits
Requires a signed-in account for the tenant-scoped endpoints.
Tenant scoping is enforced server-side; cross-tenant reads return
404 indistinguishably.
The recent list is stored per-browser and does not sync across
devices.
Troubleshooting
Symptom or error
Cause
Action
Inline error after Open capsule
Fingerprint does not resolve or is not in this tenant
Verify the fingerprint and, if needed, set the correct tenant.