Unpinched
Instant triage for PinchTab and agentic browser-bridge exposure.
When PinchTab was disclosed, incident responders had no fast way to check whether it was in their environment — standard EDR and SIEM had no signatures. Unpinched answers one question in 30 seconds: is it here?
- Status
- Active
- Language
- Go
- License
- Apache 2.0
- Platforms
- macOS · Linux · Windows
- Install
- go install github.com/helixar-ai/unpinched@latest
What it scans
PinchTab leaves artifacts but no signature. Unpinched sweeps all four in one pass, across macOS, Linux, and Windows.
Ports & API
Ports 8080–8090, 3000, 4000, 9222, 9229 for PinchTab HTTP listeners and bridge endpoints.
Processes
Running pinchtab, pinchtab-server, and browser-bridge executables on every OS.
CDP bridge
localhost:9222 for the unauthenticated Chrome DevTools endpoint the attack relies on.
Filesystem
Known install paths for PinchTab config files, binaries, and runtime artifacts.
One command, a clear answer
A single binary and a yes/no verdict in under 30 seconds. Add --json for SIEM/SOAR.
$ unpinched scanScanning ports, processes, CDP, filesystem…⚠ CDP bridge detected on :9222 (unauthenticated)✗ Risk level: HIGH$ unpinched scan --json # machine-readable for SIEM/SOAR
More from Helixar Labs
All projectsVerifiable human delegation for agentic AI.
HDP extended to physical AI: robots, vehicles, surgical systems.
Scan, harden, sign and attest build artifacts before they ship.