Home/All tools

All tools

66 free security and developer tools. No signup required.

Sort:

SSL Checker

Verify SSL/TLS certificate details, issuer, expiry date, and certificate chain for any domain.

SSL/TLS#ssl#tls

Also try

HSTS CheckerHTTP Header AnalyzerCSP CheckerCAA Record CheckerDNS LookupDomain Age Checker

HTTP Header Analyzer

Analyze HTTP response headers and check security headers like CSP, HSTS, X-Frame-Options.

HTTP#headers#csp

Also try

CSP CheckerHSTS CheckerCookie AnalyzerSecurity Headers GradeReferrer-Policy CheckerClickjacking Checker

JWT Decoder

Decode JSON Web Tokens to inspect header, payload, and expiration without a secret key.

Crypto#jwt#auth

Also try

Base64 Encoder / DecoderHash GeneratorJSON ValidatorHMAC GeneratorWebhook Signature Validator

Password Strength Checker

Analyze password strength with entropy calculation, crack time estimate, and improvement suggestions.

Password#password#entropy

Also try

Password GeneratorHash Generator

Base64 Encoder / Decoder

Encode and decode text to and from Base64 format. Fully client-side — your data never leaves the browser.

Crypto#base64#encode

Also try

URL Encoder / DecoderHex Encoder / DecoderHash GeneratorJSON Validator

Hash Generator

Generate MD5, SHA-256, and SHA-512 cryptographic hashes from any text input. 100% client-side.

Crypto#hash#sha256

Also try

HMAC GeneratorBase64 Encoder / DecoderHash IdentifierWebhook Signature Validator

DNS Lookup

Query DNS records (A, AAAA, MX, TXT, NS, CNAME) for any domain using public DNS API.

DNS#dns#records

Also try

SPF Record CheckerWHOIS LookupMX Record LookupPort CheckerSubdomain FinderIP Geolocation Lookup

SPF Record Checker

Fetch and parse SPF (Sender Policy Framework) records for a domain to validate email security.

Email#spf#email

Also try

DMARC Record CheckerDKIM Record CheckerMX Record LookupDNS LookupEmail Validator

WHOIS Lookup

Retrieve domain registration details including registrar, registrant, creation date, and expiry.

Domain#whois#domain

Also try

DNS LookupSSL CheckerDomain Age CheckerSubdomain FinderSPF Record Checker

robots.txt Analyzer

Fetch, parse, and validate robots.txt. Check which bots are allowed, view sitemaps, test URL paths.

HTTP#robots#crawlers

Also try

HTTP Header AnalyzerSSL CheckerDNS LookupTechnology Detector

URL Encoder / Decoder

Encode and decode URLs with percent-encoding. Component mode for query params. 100% client-side.

Crypto#url#encode

Also try

Base64 Encoder / DecoderHex Encoder / DecoderURL Parser

HMAC Generator

Compute HMAC-SHA256, HMAC-SHA384, HMAC-SHA512. Hex or Base64 output. 100% client-side.

Crypto#hmac#sha256

Also try

Hash GeneratorJWT DecoderBase64 Encoder / DecoderWebhook Signature Validator

HSTS Checker

Check Strict-Transport-Security header. Verify max-age, includeSubDomains, preload.

HTTP#hsts#https

Also try

SSL CheckerHTTP Header AnalyzerCSP CheckerHTTP to HTTPS Redirect CheckerMixed Content Checker

Password Generator

Generate secure random passwords with crypto.getRandomValues. Length 8–64, customizable chars.

Password#password#random

Also try

Password Strength CheckerSSL CheckerHTTP Header AnalyzerJWT Decoder

AES Encrypt / Decrypt

AES-256-CBC encryption and decryption. 100% client-side. PBKDF2 key derivation.

Crypto#aes#encryption

Also try

JWT DecoderBase64 Encoder / DecoderHash GeneratorSSL CheckerHTTP Header AnalyzerPassword Strength Checker

CORS Checker

Check Access-Control-* headers. Verify Allow-Origin, credentials, methods.

HTTP#cors#cross-origin

Also try

HTTP Header Analyzerrobots.txt AnalyzerHSTS CheckerSSL CheckerJWT DecoderPassword Strength Checker

Clickjacking Checker

Check X-Frame-Options and CSP frame-ancestors. Detect clickjacking vulnerability.

HTTP#clickjacking#x-frame-options

Also try

HTTP Header Analyzerrobots.txt AnalyzerHSTS CheckerSSL CheckerJWT DecoderPassword Strength Checker

DKIM Record Checker

Verify DKIM DNS records. Domain + selector → TXT lookup and parse.

Email#dkim#email

Also try

SPF Record CheckerDMARC Record CheckerMX Record LookupDNS Lookup

DMARC Record Checker

Verify DMARC DNS records. Policy, RUA, RUF, alignment.

Email#dmarc#email

Also try

SPF Record CheckerDKIM Record CheckerMX Record LookupDNS Lookup

Hex Encoder / Decoder

Convert text to hex and hex to text. UTF-8. 100% client-side.

Crypto#hex#encode

Also try

JWT DecoderBase64 Encoder / DecoderHash GeneratorSSL CheckerHTTP Header AnalyzerPassword Strength Checker

JSON Validator

Validate, format, minify JSON. Error location. 100% client-side.

Crypto#json#validate

Also try

JWT DecoderBase64 Encoder / DecoderHash GeneratorSSL CheckerHTTP Header AnalyzerPassword Strength Checker

Timestamp Converter

Convert Unix epoch to date and date to timestamp. Seconds or milliseconds.

Crypto#timestamp#epoch

Also try

JWT DecoderBase64 Encoder / DecoderHash GeneratorSSL CheckerHTTP Header AnalyzerPassword Strength Checker

CSP Checker

Check Content-Security-Policy. Parse directives, detect unsafe-inline, unsafe-eval.

HTTP#csp#content-security-policy

Also try

HTTP Header AnalyzerHSTS CheckerClickjacking CheckerMixed Content CheckerX-Content-Type-Options Checker

Port Checker

Check if TCP ports are open. Host + ports → connect test.

DNS#port#tcp

Also try

DNS LookupUptime CheckerSSL Checker

UUID Generator

Generate UUID v4 (random). RFC 4122. 100% client-side.

Crypto#uuid#guid

Also try

JWT DecoderBase64 Encoder / DecoderHash GeneratorSSL CheckerHTTP Header AnalyzerPassword Strength Checker

Regex Tester

Test regular expressions. Matches, capture groups, replace. JavaScript.

Crypto#regex#regexp

Also try

JWT DecoderBase64 Encoder / DecoderHash GeneratorSSL CheckerHTTP Header AnalyzerPassword Strength Checker

Lorem Ipsum Generator

Generate placeholder text. Paragraphs or words. Plain or HTML.

Crypto#lorem#placeholder

Also try

JWT DecoderBase64 Encoder / DecoderHash GeneratorSSL CheckerHTTP Header AnalyzerPassword Strength Checker

HTML Entity Encoder / Decoder

Encode &, <, > to HTML entities. Decode back. Prevent XSS.

Crypto#html#entity

Also try

JWT DecoderBase64 Encoder / DecoderHash GeneratorSSL CheckerHTTP Header AnalyzerPassword Strength Checker

Cron Validator

Validate cron expressions. Format: min hour day month weekday.

Crypto#cron#crontab

Also try

JWT DecoderBase64 Encoder / DecoderHash GeneratorSSL CheckerHTTP Header AnalyzerPassword Strength Checker

Mixed Content Checker

Find HTTP resources on HTTPS pages. Paste HTML, scan scripts, images, styles.

HTTP#mixed content#https

Also try

HTTP Header Analyzerrobots.txt AnalyzerHSTS CheckerSSL CheckerJWT DecoderPassword Strength Checker

RSA Key Generator

Generate RSA 1024/2048/4096 bit keys. PEM format. 100% client-side.

Crypto#rsa#key

Also try

JWT DecoderBase64 Encoder / DecoderHash GeneratorSSL CheckerHTTP Header AnalyzerPassword Strength Checker

Open Redirect Checker

Analyze URL for open redirect risks. Check redirect params.

HTTP#open redirect#redirect

Also try

HTTP Header Analyzerrobots.txt AnalyzerHSTS CheckerSSL CheckerJWT DecoderPassword Strength Checker

Cookie Analyzer

Parse Set-Cookie headers. Check HttpOnly, Secure, SameSite.

HTTP#cookie#set-cookie

Also try

HTTP Header Analyzerrobots.txt AnalyzerHSTS CheckerSSL CheckerJWT DecoderPassword Strength Checker

Directory Listing Checker

Check if URL exposes directory listing. Index of, file list.

HTTP#directory listing#index of

Also try

HTTP Header Analyzerrobots.txt AnalyzerHSTS CheckerSSL CheckerJWT DecoderPassword Strength Checker

URL Parser

Parse URL into protocol, host, path, query params. 100% client-side.

HTTP#url#parse

Also try

HTTP Header Analyzerrobots.txt AnalyzerHSTS CheckerSSL CheckerJWT DecoderPassword Strength Checker

User-Agent Parser

Parse User-Agent string. Browser, OS, device, bot. 100% client-side.

HTTP#user-agent#browser

Also try

HTTP Header Analyzerrobots.txt AnalyzerHSTS CheckerSSL CheckerJWT DecoderPassword Strength Checker

Uptime Checker

Quick one-off URL check. HTTP status + response time.

DNS#uptime#ping

Also try

DNS LookupPort CheckerIP Address InfoSSL CheckerHTTP Header AnalyzerJWT Decoder

MX Record Lookup

Check mail server (MX) records. Priority order.

Email#mx#mail

Also try

SPF Record CheckerDMARC Record CheckerDNS LookupEmail Validator

IP Address Info

Validate IPv4/IPv6. Private, loopback. 100% client-side.

DNS#ip#ipv4

Also try

IP Geolocation LookupDNS LookupReverse DNS (PTR) LookupCIDR Calculator

Binary Encoder / Decoder

Text to binary and binary to text. 100% client-side.

Crypto#binary#ascii

Also try

JWT DecoderBase64 Encoder / DecoderHash GeneratorSSL CheckerHTTP Header AnalyzerPassword Strength Checker

QR Code Generator

Generate QR code from text or URL. Download PNG. 100% client-side.

Crypto#qr#qrcode

Also try

JWT DecoderBase64 Encoder / DecoderHash GeneratorSSL CheckerHTTP Header AnalyzerPassword Strength Checker

JavaScript Escape / Unescape

Escape or unescape JS string literals. 100% client-side.

Crypto#javascript#escape

Also try

JWT DecoderBase64 Encoder / DecoderHash GeneratorSSL CheckerHTTP Header AnalyzerPassword Strength Checker

CIDR Calculator

IPv4 subnet calculator. Network, broadcast, host range.

DNS#cidr#subnet

Also try

DNS LookupPort CheckerUptime CheckerSSL CheckerHTTP Header AnalyzerJWT Decoder

Hash Identifier

Detect hash type by length/format. MD5, SHA1, SHA256, bcrypt.

Crypto#hash#identify

Also try

JWT DecoderBase64 Encoder / DecoderHash GeneratorSSL CheckerHTTP Header AnalyzerPassword Strength Checker

Case Converter

UPPERCASE, lowercase, Title Case, Sentence case.

Crypto#case#uppercase

Also try

JWT DecoderBase64 Encoder / DecoderHash GeneratorSSL CheckerHTTP Header AnalyzerPassword Strength Checker

Text Cleaner

Trim, collapse spaces, remove whitespace.

Crypto#whitespace#trim

Also try

JWT DecoderBase64 Encoder / DecoderHash GeneratorSSL CheckerHTTP Header AnalyzerPassword Strength Checker

Subdomain Finder

Discover subdomains via Certificate Transparency logs. Passive enumeration — no brute force.

DNS#subdomain#enumeration

Also try

DNS LookupSSL CheckerWHOIS LookupTechnology DetectorDomain Age Checker

Technology Detector

Detect what technologies power a website — CMS, frameworks, CDN, analytics from headers and HTML.

HTTP#tech stack#cms

Also try

HTTP Header AnalyzerWAF & CDN DetectorSubdomain FinderDNS LookupSSL Checker

Domain Age Checker

Check when a domain was registered. Domain age, creation date, expiry, registrar — from WHOIS.

Domain#domain age#whois

Also try

WHOIS LookupDNS LookupSSL CheckerSubdomain Finder

Webhook Signature Validator

Verify Stripe and GitHub webhook signatures. HMAC-SHA256. 100% client-side — secret never leaves browser.

Crypto#webhook#stripe

Also try

HMAC GeneratorJWT DecoderHash Generator

WAF & CDN Detector

Detect Cloudflare, Akamai, AWS WAF, Sucuri, Fastly. Passive header analysis — no attack payloads.

HTTP#waf#cdn

Also try

HTTP Header AnalyzerTechnology DetectorSSL CheckerRedirect Chain Checker

Redirect Chain Checker

Follow 301/302/307/308 redirects. See every hop with status and latency. SEO & security.

HTTP#redirect#301

Also try

HTTP Header AnalyzerHTTP to HTTPS Redirect CheckerURL ParserUptime Checker

Homoglyph / IDN Checker

Detect homograph attacks — Cyrillic/Greek lookalikes in domains. Phishing prevention. 100% client-side.

Crypto#homoglyph#idn

Also try

Punycode Encoder / DecoderURL ParserDNS Lookup

Punycode Encoder / Decoder

Convert IDN domains to ASCII (xn--) and back. Internationalized domain names. Free online.

Crypto#punycode#idn

Also try

Homoglyph / IDN CheckerURL Encoder / DecoderDNS Lookup

API Key Generator

Generate secure random API keys. Hex or URL-safe Base64. 100% client-side.

Crypto#api key#secret

Also try

Password GeneratorUUID GeneratorHash Generator

JSON Minifier

Minify JSON — remove whitespace. Validate and compress. 100% client-side.

Crypto#json#minify

Also try

JSON ValidatorBase64 Encoder / DecoderHash Generator

Email Validator

Validate email format and check MX records. Verify if domain accepts mail.

Email#email#validate

Also try

MX Record LookupDNS LookupSPF Record CheckerDMARC Record Checker

Reverse DNS (PTR) Lookup

Look up PTR hostname for an IP. Reverse DNS for IPv4/IPv6. Like HackerTarget.

DNS#ptr#reverse dns

Also try

DNS LookupIP Address InfoSubdomain FinderWHOIS Lookup

IP Geolocation Lookup

IP to location, ISP, ASN. Country, city, timezone. Free geolocation.

DNS#geolocation#asn

Also try

IP Address InfoDNS LookupWHOIS LookupPort Checker

CAA Record Checker

Check Certificate Authority Authorization. Restrict which CAs can issue SSL certs.

DNS#caa#dns

Also try

SSL CheckerDNS LookupSPF Record CheckerDMARC Record Checker

Referrer-Policy Checker

Check Referrer-Policy header. Control referrer info. Privacy & security. Like Barrion.

HTTP#referrer-policy#headers

Also try

HTTP Header AnalyzerCSP CheckerPermissions-Policy CheckerCookie Analyzer

Security Headers Grade

Get A+ to F grade for HTTP security headers. Like SecurityHeaders.com.

HTTP#security headers#grade

Also try

HTTP Header AnalyzerCSP CheckerHSTS CheckerReferrer-Policy Checker

Permissions-Policy Checker

Check Permissions-Policy header. Restrict geolocation, camera, microphone.

HTTP#permissions-policy#feature-policy

Also try

HTTP Header AnalyzerCSP CheckerReferrer-Policy CheckerCookie Analyzer

HTTP to HTTPS Redirect Checker

Check if site redirects HTTP to HTTPS. Redirect chain. HSTS preload requirement.

HTTP#http#https

Also try

HSTS CheckerSSL CheckerRedirect Chain CheckerMixed Content Checker

Server Info Disclosure Checker

Detect Server, X-Powered-By headers leaking tech versions. Barrion competitor.

HTTP#server header#x-powered-by

Also try

HTTP Header AnalyzerTechnology DetectorSecurity Headers Grade

X-Content-Type-Options Checker

Check X-Content-Type-Options: nosniff. Prevent MIME sniffing.

HTTP#x-content-type-options#nosniff

Also try

HTTP Header AnalyzerCSP CheckerSecurity Headers Grade