🔐

Free Tools for Security Engineers

Essential tools for security engineers: generate hashes, decode tokens, analyze encodings, and create strong credentials — all client-side.

Cryptography & Hashing

#

MD5 & SHA Hash Generator

Compute MD5/SHA hashes for file integrity checks, IOC matching, and malware sample identification

Try it free → Getting started guide
🔑

Password Generator

Generate cryptographically strong passwords for privileged accounts and incident response credentials

Try it free → Getting started guide

Token & Encoding Analysis

🔓

JWT Decoder

Analyze JWT tokens for privilege escalation risks, expired signatures, and weak algorithms

Try it free → Getting started guide
B64

Base64 Encode/Decode

Decode obfuscated payloads, suspicious email attachments, and encoded command-and-control data

Try it free → Getting started guide
%20

URL Encode/Decode

Analyze URL-encoded payloads in XSS, SQLi, and SSRF attack vectors

Try it free → Getting started guide
&;

HTML Entity Encoder

Test HTML encoding bypasses and verify XSS sanitization implementations

Try it free →

Investigation Tools

.*

Regex Tester

Build detection rules, YARA-style patterns, and log parsing expressions for SIEM systems

Try it free → Getting started guide
±

Text Diff Checker

Compare configuration files before and after incidents to identify unauthorized changes

Try it free →

Common Workflows for Security Engineers

Analyze Suspicious JWT Tokens

Paste intercepted JWTs into the decoder to check for weak algorithms (none/HS256), excessive permissions, and expiration issues.

Decode Obfuscated Payloads

Use Base64 decode to reveal hidden commands in phishing emails, macro payloads, and encoded C2 communications.

Build SIEM Detection Rules

Use the Regex Tester to craft and validate detection patterns for suspicious log entries before deploying to your SIEM.

Verify File Integrity

Generate SHA-256 hashes of system binaries and compare against known-good baselines to detect tampering.

Frequently Asked Questions

Is it safe to paste potentially malicious data into these tools?

Yes. All processing is client-side JavaScript with no server communication. Encoded payloads are handled as text — they cannot execute in the tool.

Can I use these tools during incident response?

Absolutely. Since tools run offline after loading, they're ideal for air-gapped analysis. No data leaves your browser, maintaining chain of custody.

Do the hash tools support file hashing?

Currently the tool hashes text input. For file hashing, paste the file content or use the command line alongside these tools for quick verification.

Tools for Other Professions

🌐 Web Developers ⚙️ DevOps Engineers 📊 Data Scientists

Start Using These Tools Now

All tools are 100% free, run in your browser, and require no signup or installation.

Browse All Tools →