See also

This site doesn’t try to do everything. Below are other public services that fill adjacent gaps. Most are free, all are widely used, and any of them might be a better fit than catastrophic.io for a given test.

TLS, SSL, and certificate chaos

badssl.com

The de-facto reference for testing how clients handle bad certificates, revoked certs, hostname mismatches, weak ciphers, and other TLS adversity. Free, comprehensive, maintained, and the best-in-class option for this category since 2014.

We don’t host TLS chaos because catastrophic.io runs behind an edge TLS terminator — we couldn’t serve a deliberately broken certificate even if we wanted to. badssl handles it better than we ever could.

HTTP introspection

httpbin.org

Postman’s diagnostic mirror. Honest endpoints (/get, /post, /headers, /ip, /status/{code}, /delay/{n}) that echo back what you sent so you can verify your client constructed the request you expected.

Use httpbin when you want to debug your client (“did my request include the auth header?”). Use catastrophic.io when you want to stress your client (“does it handle a 503 with a lying Retry-After?”).

Well-formed REST mocks

jsonplaceholder.typicode.com

Stable fake REST API with /users, /posts, /comments, /todos, /photos. Every call returns the same data. POST/PUT/PATCH/DELETE pretend to mutate but persist nothing. Widely used in tutorials, prototypes, and frontend development.

reqres.in

Similar to jsonplaceholder, with the addition of fake login/register endpoints, pagination support, and a ?delay=N query parameter on any endpoint.

We have a related counterpart at not.catastrophic.io — well-formed responses paired with the chaos versions on this site. But for general “I need a stable mock REST API for tutorial code” work, jsonplaceholder is the standard.

Web app vulnerability scanners

public-firing-range.appspot.com

Google’s deliberately-vulnerable web app, designed for testing security scanners against XSS, RCE, DOM-based bugs, and other categories of web application security flaws. The reference target for security tooling authors.

Adjacent in philosophy (“a deliberately broken site you point tools at”) but scoped to web application security rather than HTTP correctness.

Diagnostic echo

postman-echo.com

Postman’s other test endpoint set. Similar to httpbin in spirit but with slightly different surface area. Useful as a backup when httpbin is down.

What catastrophic.io is for

Stress-testing HTTP clients, agents, scanners, and crawlers against adversity that most production systems will eventually encounter:

• Lying status codes, broken bodies, malformed JSON
• Latency, partial streams, premature EOF
• Misleading caching directives, contradictory headers
• Fabricated discovery documents that pass schema validation
• Chaotic well-known files at canonical paths (on bots.catastrophic.io)
• Well-formed counterparts to every chaos endpoint, for build-then-flip development (on not.catastrophic.io)

If your test fits any of those, you’re in the right place. If it doesn’t, one of the resources above probably does it better.