Security & Validation Developer Tools
Inspect identity, cryptography, browser security, certificates, and untrusted inputs with clear limitations and privacy notes.
Hash Generator
Generate SHA-1, SHA-256, and SHA-512 hashes from any text input using Web Crypto.
Open toolSecure Password & Passphrase Generator
Generate strong random passwords or memorable passphrases locally in your browser, with secure randomness, copy controls, and practical strength guidance.
Open toolSecure QR Code Decoder & Inspector
Decode QR codes from images, screenshots, or webcam input. Inspect URLs, Wi-Fi passwords, and contact cards safely before opening them — all locally in your browser.
Open toolJWT Generator & Mock Token Builder
Generate local test JWTs, customize claims, simulate expiry, and create intentionally invalid signatures for auth middleware testing — all locally in your browser.
Open toolCSP Evaluator & Violation Report Parser
Analyze Content Security Policy headers, flag unsafe-inline and unsafe-eval, parse browser violation reports into plain English, and generate deployment-ready CSP snippets locally in your browser.
Open toolJWK/JWKS Inspector & JWT Signature Debugger
Inspect JWKS keys, match JWTs by kid, verify RS256, ES256, and HS256 signatures locally with Web Crypto, convert PEM ↔ JWK, and diagnose why token validation fails across Auth0, Okta, Cognito, and Firebase.
Open toolX.509 / CSR / PEM Inspector
Decode certificates, CSRs, PEM bundles, and private keys locally. Inspect SANs, EKUs, validity, chain order, and key/cert matches without OpenSSL.
Open toolSSL/TLS Certificate Chain Checker
Fetch a public host certificate, inspect SANs, validity and issuer chain, and surface hostname or trust errors.
Open toolDMARC / SPF / DKIM Analyzer & Report Parser
Inspect email-authentication DNS records, spot SPF lookup-limit risks, review DMARC policy maturity, and parse DMARC aggregate XML reports into plain-English alignment insights — locally in your browser.
Open toolSecure Email Header Analyzer & Hop Tracer
Paste raw email headers to trace delivery hops, inspect SPF/DKIM/DMARC/ARC results, flag spoofing clues, and explain spam-filter signals — locally in your browser.
Open toolPunycode Converter & Homograph Inspector
Convert Unicode domains to ASCII Punycode, decode xn-- hostnames, and inspect suspicious domains for confusable characters, mixed scripts, and homograph phishing risk.
Open toolWebhook Signature Verifier & HMAC Playground
Verify HMAC webhook signatures locally, inspect the exact canonical string being hashed, and diagnose why Stripe, GitHub, Slack, or Shopify signature checks fail — with copy-ready verification code.
Open toolSRI Hash Generator & Integrity Policy Helper
Generate Subresource Integrity hashes for JS and CSS assets, build exact integrity tags, and create Integrity-Policy headers with reporting support.
Open tool