The idea

“Securoxen is a personal cybersecurity SaaS targeting individuals and small teams who are exposed online but don't have a security team. Two active tools, one dashboard. --- Tool 1 — Exposure Monitor You add identifiers (email, username, phone, domain, IP, etc.) and Securoxen scans them across 5 breach databases: HIBP, LeakCheck, LeakPeek, Dehashed, Snusbase. It also monitors the dark web via match_engine.py and GitHub for leaked credentials. The key differentiator vs HIBP: it doesn't just tell you "you were breached" — it traces causality (what domain, what attack vector, when) and shows the severity. The landing page's "Standard Detection vs Securoxen Alert" comparison is exactly this point. Breach results are stored per-scan so you see history, not just current state. Differential scanning means you only get alerted on new findings, not the same breach every scan. Plan gating controls how many sources run: Free gets HIBP only, Shield gets 3 sources, Sentinel gets all 5 plus dark web scraping. --- Tool 2 — Phishing Analyzer You paste a suspicious email or URL. It runs through: AI analysis (Gemini), Google Safe Browsing, header authentication checks (SPF/DKIM/DMARC), domain reputation, attachment risk. Returns a verdict (safe/suspicious/dangerous) with explanation. There's also a real-time browser extension endpoint (/analyze-realtime) — meaning an extension can send links as you browse for on-the-fly checking. --- Dashboard Not a feature itself — it's the risk aggregator. It pulls metrics from both tools, generates an AI narrative (Gemini) summarising your current threat posture, and links you to the two tools. First-time users land here and get pushed to Exposure Monitor to run their first scan. --- Supporting infrastructure - Auth: email/password + WebAuthn passkeys + OAuth (Google/GitHub) - Billing: Stripe, 3 tiers — Free ($0), Shield ($9 AUD/mo), Sentinel ($19 AUD/mo) - History: unified timeline of all scans and events across both tools - Notifications: in-app alerts when new breaches or threats are found - Drops: a /drop/:dropId route exists — this looks like a secure file/data drop feature, but it's not prominently surfaced in the UI yet - Settings: profile, appearance, billing, notification preferences, OAuth connections --- What's missing or unfinished - Password Manager — backend has SRP/master-password auth endpoints but zero frontend vault UI. It was planned but never shipped. The infrastructure is there if you want to build it. - Dark web scraper — the Scrapy spider was deleted today because it wasn't wired up. match_engine.py handles dark web findings but via a different path (likely API-based rather than actual scraping). - Drops — /api/v1/drops is a full backend feature (create, delete, public submit) but the frontend only has a /drop/:dropId route — no "create a drop" UI. Unclear if it's meant for internal use or a future product feature. - Browser extension — the backend endpoint exists (/analyze-realtime) but there's no extension in the repo. Either it's a separate repo or not shipped yet. --- Positioning as-is The landing page frames Securoxen as "detection + causality + fix" vs tools that just detect. The target audiences (from audience-section.tsx) are people with real exposure risk — professionals, people with public-facing identities, crypto users. The ZK trust section frames the privacy angle. The weakest point right now: the gap between what the landing promises (1-click remediation, causality traced) and what the app actually delivers when you log in — the dashboard is lean and the remediation is more "here's what happened" than "here's the button to fix it."”