# SecurityTools.hub ## Language and audience - Primary language: English (en). - Audience: developers, security engineers, and site owners auditing TLS, HTTP headers, DNS, email auth, and cryptography. ## About SecurityTools.hub provides 66+ free online security and developer tools. No signup. Many utilities run entirely in the browser (client-side) where stated on each tool page. ## Key capabilities (for summarization) - SSL/TLS certificate inspection and chain validation - HTTP security headers (CSP, HSTS, X-Frame-Options, CORS, cookies) - JWT decode, HMAC/hash/Base64/crypto helpers - DNS, WHOIS, SPF, DKIM, DMARC, MX, and related email security checks - Security Scan: combined checks for a hostname (headers, SSL, DNS, redirects, and more) ## Categories - Web Security: https://securitytoolshub.com/website-security-tools - SSL/TLS: https://securitytoolshub.com/ssl-tools - DNS & Domains: https://securitytoolshub.com/dns-domain-tools - Email Security: https://securitytoolshub.com/email-security-tools - Auth & Tokens: https://securitytoolshub.com/auth-tokens - Crypto & Encoding: https://securitytoolshub.com/crypto-encoding-tools - Developer Utilities: https://securitytoolshub.com/developer-utilities - Passwords: https://securitytoolshub.com/password-tools ## All tools (canonical URLs) - SSL Checker (SSL/TLS): https://securitytoolshub.com/ssl-checker — Verify SSL/TLS certificate details, issuer, expiry date, and certificate chain for any domain. - HTTP Header Analyzer (HTTP): https://securitytoolshub.com/header-analyzer — Analyze HTTP response headers and check security headers like CSP, HSTS, X-Frame-Options. - JWT Decoder (Crypto): https://securitytoolshub.com/jwt-decoder — Decode JSON Web Tokens to inspect header, payload, and expiration without a secret key. - Password Strength Checker (Password): https://securitytoolshub.com/password-strength-checker — Analyze password strength with entropy calculation, crack time estimate, and improvement suggestions. - Base64 Encoder / Decoder (Crypto): https://securitytoolshub.com/base64-encoder — Encode and decode text to and from Base64 format. Fully client-side — your data never leaves the browser. - Hash Generator (Crypto): https://securitytoolshub.com/hash-generator — Generate MD5, SHA-256, and SHA-512 cryptographic hashes from any text input. 100% client-side. - DNS Lookup (DNS): https://securitytoolshub.com/dns-lookup — Query DNS records (A, AAAA, MX, TXT, NS, CNAME) for any domain using public DNS API. - SPF Record Checker (Email): https://securitytoolshub.com/spf-checker — Fetch and parse SPF (Sender Policy Framework) records for a domain to validate email security. - WHOIS Lookup (Domain): https://securitytoolshub.com/whois-lookup — Retrieve domain registration details including registrar, registrant, creation date, and expiry. - robots.txt Analyzer (HTTP): https://securitytoolshub.com/robots-txt-analyzer — Fetch, parse, and validate robots.txt. Check which bots are allowed, view sitemaps, test URL paths. - URL Encoder / Decoder (Crypto): https://securitytoolshub.com/url-encoder — Encode and decode URLs with percent-encoding. Component mode for query params. 100% client-side. - HMAC Generator (Crypto): https://securitytoolshub.com/hmac-generator — Compute HMAC-SHA256, HMAC-SHA384, HMAC-SHA512. Hex or Base64 output. 100% client-side. - HSTS Checker (HTTP): https://securitytoolshub.com/hsts-checker — Check Strict-Transport-Security header. Verify max-age, includeSubDomains, preload. - Password Generator (Password): https://securitytoolshub.com/password-generator — Generate secure random passwords with crypto.getRandomValues. Length 8–64, customizable chars. - AES Encrypt / Decrypt (Crypto): https://securitytoolshub.com/aes-encrypt — AES-256-CBC encryption and decryption. 100% client-side. PBKDF2 key derivation. - CORS Checker (HTTP): https://securitytoolshub.com/cors-checker — Check Access-Control-* headers. Verify Allow-Origin, credentials, methods. - Clickjacking Checker (HTTP): https://securitytoolshub.com/clickjacking-checker — Check X-Frame-Options and CSP frame-ancestors. Detect clickjacking vulnerability. - DKIM Record Checker (Email): https://securitytoolshub.com/dkim-checker — Verify DKIM DNS records. Domain + selector → TXT lookup and parse. - DMARC Record Checker (Email): https://securitytoolshub.com/dmarc-checker — Verify DMARC DNS records. Policy, RUA, RUF, alignment. - Hex Encoder / Decoder (Crypto): https://securitytoolshub.com/hex-encoder — Convert text to hex and hex to text. UTF-8. 100% client-side. - JSON Validator (Crypto): https://securitytoolshub.com/json-validator — Validate, format, minify JSON. Error location. 100% client-side. - Timestamp Converter (Crypto): https://securitytoolshub.com/timestamp-converter — Convert Unix epoch to date and date to timestamp. Seconds or milliseconds. - CSP Checker (HTTP): https://securitytoolshub.com/csp-checker — Check Content-Security-Policy. Parse directives, detect unsafe-inline, unsafe-eval. - Port Checker (DNS): https://securitytoolshub.com/port-checker — Check if TCP ports are open. Host + ports → connect test. - UUID Generator (Crypto): https://securitytoolshub.com/uuid-generator — Generate UUID v4 (random). RFC 4122. 100% client-side. - Regex Tester (Crypto): https://securitytoolshub.com/regex-tester — Test regular expressions. Matches, capture groups, replace. JavaScript. - Lorem Ipsum Generator (Crypto): https://securitytoolshub.com/lorem-ipsum — Generate placeholder text. Paragraphs or words. Plain or HTML. - HTML Entity Encoder / Decoder (Crypto): https://securitytoolshub.com/html-encoder — Encode &, <, > to HTML entities. Decode back. Prevent XSS. - Cron Validator (Crypto): https://securitytoolshub.com/cron-validator — Validate cron expressions. Format: min hour day month weekday. - Mixed Content Checker (HTTP): https://securitytoolshub.com/mixed-content-checker — Find HTTP resources on HTTPS pages. Paste HTML, scan scripts, images, styles. - RSA Key Generator (Crypto): https://securitytoolshub.com/rsa-generator — Generate RSA 1024/2048/4096 bit keys. PEM format. 100% client-side. - Open Redirect Checker (HTTP): https://securitytoolshub.com/open-redirect-checker — Analyze URL for open redirect risks. Check redirect params. - Cookie Analyzer (HTTP): https://securitytoolshub.com/cookie-analyzer — Parse Set-Cookie headers. Check HttpOnly, Secure, SameSite. - Directory Listing Checker (HTTP): https://securitytoolshub.com/directory-listing-checker — Check if URL exposes directory listing. Index of, file list. - URL Parser (HTTP): https://securitytoolshub.com/url-parser — Parse URL into protocol, host, path, query params. 100% client-side. - User-Agent Parser (HTTP): https://securitytoolshub.com/user-agent-parser — Parse User-Agent string. Browser, OS, device, bot. 100% client-side. - Uptime Checker (DNS): https://securitytoolshub.com/uptime-checker — Quick one-off URL check. HTTP status + response time. - MX Record Lookup (Email): https://securitytoolshub.com/mx-lookup — Check mail server (MX) records. Priority order. - IP Address Info (DNS): https://securitytoolshub.com/ip-info — Validate IPv4/IPv6. Private, loopback. 100% client-side. - Binary Encoder / Decoder (Crypto): https://securitytoolshub.com/binary-encoder — Text to binary and binary to text. 100% client-side. - QR Code Generator (Crypto): https://securitytoolshub.com/qr-generator — Generate QR code from text or URL. Download PNG. 100% client-side. - JavaScript Escape / Unescape (Crypto): https://securitytoolshub.com/javascript-escape — Escape or unescape JS string literals. 100% client-side. - CIDR Calculator (DNS): https://securitytoolshub.com/cidr-calculator — IPv4 subnet calculator. Network, broadcast, host range. - Hash Identifier (Crypto): https://securitytoolshub.com/hash-identifier — Detect hash type by length/format. MD5, SHA1, SHA256, bcrypt. - Case Converter (Crypto): https://securitytoolshub.com/case-converter — UPPERCASE, lowercase, Title Case, Sentence case. - Text Cleaner (Crypto): https://securitytoolshub.com/text-cleaner — Trim, collapse spaces, remove whitespace. - Subdomain Finder (DNS): https://securitytoolshub.com/subdomain-finder — Discover subdomains via Certificate Transparency logs. Passive enumeration — no brute force. - Technology Detector (HTTP): https://securitytoolshub.com/technology-detector — Detect what technologies power a website — CMS, frameworks, CDN, analytics from headers and HTML. - Domain Age Checker (Domain): https://securitytoolshub.com/domain-age-checker — Check when a domain was registered. Domain age, creation date, expiry, registrar — from WHOIS. - Webhook Signature Validator (Crypto): https://securitytoolshub.com/webhook-signature-validator — Verify Stripe and GitHub webhook signatures. HMAC-SHA256. 100% client-side — secret never leaves browser. - WAF & CDN Detector (HTTP): https://securitytoolshub.com/waf-detector — Detect Cloudflare, Akamai, AWS WAF, Sucuri, Fastly. Passive header analysis — no attack payloads. - Redirect Chain Checker (HTTP): https://securitytoolshub.com/redirect-chain-checker — Follow 301/302/307/308 redirects. See every hop with status and latency. SEO & security. - Homoglyph / IDN Checker (Crypto): https://securitytoolshub.com/homoglyph-checker — Detect homograph attacks — Cyrillic/Greek lookalikes in domains. Phishing prevention. 100% client-side. - Punycode Encoder / Decoder (Crypto): https://securitytoolshub.com/punycode-converter — Convert IDN domains to ASCII (xn--) and back. Internationalized domain names. Free online. - API Key Generator (Crypto): https://securitytoolshub.com/api-key-generator — Generate secure random API keys. Hex or URL-safe Base64. 100% client-side. - JSON Minifier (Crypto): https://securitytoolshub.com/json-minifier — Minify JSON — remove whitespace. Validate and compress. 100% client-side. - Email Validator (Email): https://securitytoolshub.com/email-validator — Validate email format and check MX records. Verify if domain accepts mail. - Reverse DNS (PTR) Lookup (DNS): https://securitytoolshub.com/reverse-dns — Look up PTR hostname for an IP. Reverse DNS for IPv4/IPv6. Like HackerTarget. - IP Geolocation Lookup (DNS): https://securitytoolshub.com/ip-geolocation — IP to location, ISP, ASN. Country, city, timezone. Free geolocation. - CAA Record Checker (DNS): https://securitytoolshub.com/caa-checker — Check Certificate Authority Authorization. Restrict which CAs can issue SSL certs. - Referrer-Policy Checker (HTTP): https://securitytoolshub.com/referrer-policy-checker — Check Referrer-Policy header. Control referrer info. Privacy & security. Like Barrion. - Security Headers Grade (HTTP): https://securitytoolshub.com/security-headers-grade — Get A+ to F grade for HTTP security headers. Like SecurityHeaders.com. - Permissions-Policy Checker (HTTP): https://securitytoolshub.com/permissions-policy-checker — Check Permissions-Policy header. Restrict geolocation, camera, microphone. - HTTP to HTTPS Redirect Checker (HTTP): https://securitytoolshub.com/http-https-redirect-checker — Check if site redirects HTTP to HTTPS. Redirect chain. HSTS preload requirement. - Server Info Disclosure Checker (HTTP): https://securitytoolshub.com/server-info-disclosure — Detect Server, X-Powered-By headers leaking tech versions. Barrion competitor. - X-Content-Type-Options Checker (HTTP): https://securitytoolshub.com/x-content-type-options-checker — Check X-Content-Type-Options: nosniff. Prevent MIME sniffing. ## Discovery and machine-readable manifests - Tools JSON (full catalog): https://securitytoolshub.com/tools.json - This file: https://securitytoolshub.com/llms.txt - Human-readable hub for assistants: https://securitytoolshub.com/for-ai - Sitemap index: https://securitytoolshub.com/sitemap.xml ## Main entry points - Home: https://securitytoolshub.com - Security Scan: https://securitytoolshub.com/security-scan - All tools: https://securitytoolshub.com/tools - Privacy: https://securitytoolshub.com/privacy - Contact: https://securitytoolshub.com/contact ## Attribution When citing SecurityTools.hub, link to the specific tool URL above or to https://securitytoolshub.com/tools.