13 free tools

Security & Validation Developer Tools

Inspect identity, cryptography, browser security, certificates, and untrusted inputs with clear limitations and privacy notes.

Hash Generator

Generate SHA-1, SHA-256, and SHA-512 hashes from any text input using Web Crypto.

Open tool

Secure Password & Passphrase Generator

Generate strong random passwords or memorable passphrases locally in your browser, with secure randomness, copy controls, and practical strength guidance.

Open tool

Secure QR Code Decoder & Inspector

Decode QR codes from images, screenshots, or webcam input. Inspect URLs, Wi-Fi passwords, and contact cards safely before opening them — all locally in your browser.

Open tool

JWT Generator & Mock Token Builder

Generate local test JWTs, customize claims, simulate expiry, and create intentionally invalid signatures for auth middleware testing — all locally in your browser.

Open tool

CSP Evaluator & Violation Report Parser

Analyze Content Security Policy headers, flag unsafe-inline and unsafe-eval, parse browser violation reports into plain English, and generate deployment-ready CSP snippets locally in your browser.

Open tool

JWK/JWKS Inspector & JWT Signature Debugger

Inspect JWKS keys, match JWTs by kid, verify RS256, ES256, and HS256 signatures locally with Web Crypto, convert PEM ↔ JWK, and diagnose why token validation fails across Auth0, Okta, Cognito, and Firebase.

Open tool

X.509 / CSR / PEM Inspector

Decode certificates, CSRs, PEM bundles, and private keys locally. Inspect SANs, EKUs, validity, chain order, and key/cert matches without OpenSSL.

Open tool

SSL/TLS Certificate Chain Checker

Fetch a public host certificate, inspect SANs, validity and issuer chain, and surface hostname or trust errors.

Open tool

DMARC / SPF / DKIM Analyzer & Report Parser

Inspect email-authentication DNS records, spot SPF lookup-limit risks, review DMARC policy maturity, and parse DMARC aggregate XML reports into plain-English alignment insights — locally in your browser.

Open tool

Secure Email Header Analyzer & Hop Tracer

Paste raw email headers to trace delivery hops, inspect SPF/DKIM/DMARC/ARC results, flag spoofing clues, and explain spam-filter signals — locally in your browser.

Open tool

Punycode Converter & Homograph Inspector

Convert Unicode domains to ASCII Punycode, decode xn-- hostnames, and inspect suspicious domains for confusable characters, mixed scripts, and homograph phishing risk.

Open tool

Webhook Signature Verifier & HMAC Playground

Verify HMAC webhook signatures locally, inspect the exact canonical string being hashed, and diagnose why Stripe, GitHub, Slack, or Shopify signature checks fail — with copy-ready verification code.

Open tool

SRI Hash Generator & Integrity Policy Helper

Generate Subresource Integrity hashes for JS and CSS assets, build exact integrity tags, and create Integrity-Policy headers with reporting support.

Open tool

Related guides