Security Tools for Developers
Browser-based security utilities for debugging auth, inspecting certificates, building security headers, and working with cryptographic primitives. Everything runs client-side — sensitive data never leaves your device.
Generate SHA-1, SHA-256, SHA-384, and SHA-512 cryptographic hashes. Verify file integrity, generate checksums, and debug signing implementations.
Decode JSON Web Tokens to inspect header, payload, claims, and expiration status. Checks if the token is expired. All decoding is client-side.
Generate signed JWTs with custom claims, expiration, and algorithm (HS256, HS384, HS512). For testing auth flows and API integrations.
Generate cryptographically secure random passwords. Customizable length, character sets, and strength analysis. Uses Web Crypto API.
Build Content-Security-Policy headers visually. Select directives, add sources, and get a ready-to-use CSP header string.
Decode PEM certificates to inspect subject, issuer, validity dates, SANs, and public key details without sending to a server.
Analyze password strength using entropy calculation and common pattern detection. Provides specific improvement suggestions.
Check your HTTP headers against OWASP best practices. Detects missing HSTS, CSP, X-Frame-Options, and Referrer-Policy. Get a grade and fix list.
Validate Ethereum addresses, apply EIP-55 checksum, and convert between formats. Useful for debugging Web3 integrations.
Why privacy-first security tools matter
Security tools that process sensitive data server-side create an inherent trust problem: you're sending private keys, JWT tokens, passwords, and certificates to a third party. All tools in this collection run entirely in your browser using the Web Crypto API, WebAssembly, or pure JavaScript — your data never leaves your device.