Loading...
119 tools
Its Base64 tools support decoding to text or binary files with download and preview support. The site also provides related conversions and diagnostics, including binary-oriented outputs like hex dump views. Core converter features are free and accessible without mandatory paid plans.
The Beaufort Cipher provides a streamlined approach to polyalphabetic substitution, offering a classic method for securing text through a self-reciprocal process. While it shares similarities with the Vigenère cipher, it utilizes a specific mathematical operation where the same steps are used for both encryption and decryption. By calculating the difference between a keyword and the message, it creates a complex ciphertext that requires the specific key to reverse, making it a fascinating study in historical cryptography. Security enthusiasts and students of mathematics use this implementation to explore the mechanics of historical ciphers without manual calculations. The interface simplifies the process of applying a repeating keyword across a message, ensuring that each letter is transformed based on its position and the corresponding key character. It serves as a practical resource for those learning about the evolution of cryptographic standards and the logic behind reciprocal encryption systems.
CrypTool‑Online includes an Atbash app for the classic monoalphabetic substitution cipher originally used on the Hebrew alphabet. The tool is part of the CrypTool‑Online catalog of cryptology apps that run in the browser. ([cryptool.org](https://www.cryptool.org/en/cto/atbash/))
A random password generator to create strong and secure passwords. To ensure security, they are generated on the webpage without being sent over the internet.
Transforming text with a classic substitution method, the ROT13 Cipher provides a simple way to obfuscate messages and data. It operates by shifting each letter 13 places forward in the alphabet, effectively wrapping around once it reaches the end. Because the English alphabet contains 26 letters, applying the same process twice restores the original content, making it an efficient tool for both encoding and decoding without needing a separate key. Developers, puzzle enthusiasts, and online community members often use this method to hide spoilers, punchlines, or sensitive information from casual viewing. While it does not provide cryptographic security against modern threats, it serves as a reliable way to ensure that text remains unreadable until the recipient chooses to reveal it. This utility supports both the standard ROT13 algorithm and general Caesar cipher shifts, offering flexibility for various obfuscation needs.
The Vigenère Cipher provides an interactive platform for encrypting and decrypting text using one of the most famous polyalphabetic substitution methods. By applying a keyword to shift characters across multiple alphabets, it adds a layer of complexity beyond simple substitution ciphers. Users can explore the mechanics of the algorithm through a Tabula Recta visualization, which clearly maps how plaintext and keys interact to produce ciphertext. Security enthusiasts and students of cryptography can perform deep analysis on encrypted messages using integrated tools like Kasiski examination and Index of Coincidence. These features help identify repeating patterns and key lengths, facilitating automated key recovery for educational or testing purposes. Whether for learning the history of codes or analyzing ciphertext, this resource offers a comprehensive set of tools for classical cryptanalysis.
Network administrators and developers use DNS Lookup to retrieve comprehensive domain name system records for any domain. The utility provides a detailed breakdown of essential records, including A, AAAA, CNAME, MX, and TXT entries, allowing users to verify configuration accuracy and troubleshoot connectivity issues. By consolidating technical data into a readable format, it simplifies the process of auditing domain infrastructure and verifying recent changes to name server settings. Specialized security analysis enhances these queries by evaluating email authentication protocols and overall domain health. It checks for the presence and validity of records like SPF, DKIM, and DMARC, which are critical for preventing domain spoofing and improving email deliverability. A dedicated health score offers an immediate assessment of the domain’s configuration status, highlighting potential vulnerabilities or misconfigurations that require attention.
Decode and analyze JSON Web Tokens with security validation
Software developers and security engineers can streamline the integration of authentication protocols using this comprehensive OAuth and OpenID Connect debugger. It provides a centralized interface for testing various authorization flows, allowing users to simulate requests and inspect responses in real time. By simplifying the complexities of handshake sequences, it helps identify configuration issues early in the development cycle. The suite includes specialized utilities such as a PKCE generator for securing mobile and single-page applications, alongside a robust JWT decoder for inspecting token claims and signatures. Users can troubleshoot common errors by validating redirect URIs, scopes, and state parameters. This systematic approach to debugging ensures that identity implementations remain secure and compliant with modern industry standards.
XOR encryption provides a straightforward method for encoding and decoding text using the exclusive OR logical operation. Security professionals, students, and developers use this utility to apply bitwise transformations to data, making it useful for basic obfuscation or understanding fundamental cryptographic concepts. By applying a secret key, users can quickly transform plain text into ciphertext and reverse the process with equal ease. Advanced functionality includes cryptanalysis capabilities for situations where the original key is unknown. The interface allows for brute force attempts to crack XOR-encrypted strings, making it a valuable resource for CTF participants and those learning about pattern recognition in encrypted data. Whether for simple data masking or educational exploration of bitwise logic, this utility offers a reliable environment for managing XOR-based ciphers.
Identifying whether an SSL/TLS certificate remains valid is a critical step in maintaining secure network communications. The OCSP/CRL Revocation Checker streamlines this process by extracting OCSP responder URLs and CRL distribution points directly from X.509 certificates. By querying these endpoints, it provides immediate confirmation of a certificate's current revocation status, ensuring that trust has not been compromised. Security professionals and system administrators rely on this utility to diagnose connection errors and verify the integrity of their encryption infrastructure. It eliminates the need for manual inspection of certificate fields, offering a clear view of whether a certificate has been revoked by the issuing authority before its scheduled expiration. This automated approach helps maintain high security standards and prevents potential security risks resulting from the use of invalid or compromised credentials.
Creating secure SSH key pairs is a fundamental step for developers and system administrators needing to establish encrypted connections to remote servers. This generator supports widely used algorithms including Ed25519, RSA, and ECDSA, allowing users to select the cryptographic standard that best fits their security requirements. By handling the entire generation process locally in the browser, it ensures that private keys never leave the user's device, maintaining strict privacy and security standards. The interface provides helpful visual aids like key fingerprints and randomart visualizations, which make it easier to verify and identify keys at a glance. Whether setting up a new server, configuring Git access, or managing cloud infrastructure, this utility streamlines the process of creating strong authentication credentials without requiring command-line knowledge. It serves as a reliable resource for anyone looking to replace password-based logins with more robust cryptographic authentication.
Email Header Analyzer parses the technical metadata hidden within every email message to reveal its origin and delivery path. It automatically validates critical security protocols like SPF, DKIM, and DMARC, allowing users to verify if a message is legitimate or an attempt at spoofing. By breaking down complex header lines into a readable format, it simplifies the process of identifying where an email originated and how it moved across various mail servers. Security analysts and IT professionals use these insights to troubleshoot delivery delays and investigate potential phishing threats. The analyzer highlights the IP addresses and timestamps of each hop, providing a clear timeline of the message's journey. This level of detail is essential for diagnosing why an email might have been flagged as spam or for uncovering the true source of suspicious communications.
Developers use the CSP Policy Generator to create robust Content Security Policy headers that protect web applications from cross-site scripting and other data injection attacks. By defining which sources of content are trusted, the generator helps establish a strong security posture without the complexity of manual configuration. The interface simplifies the process of adding specific directives for scripts, styles, images, and other resources. It provides specialized support for nonces and cryptographic hashes, ensuring that even dynamic or inline content remains secure and compliant with modern security standards. Built-in validation checks help identify potential errors or overly permissive rules before the policy is deployed to a live environment. This streamlined workflow allows security professionals and site owners to implement effective protections quickly, reducing the risk of unauthorized code execution while maintaining site functionality.
Generate SPF records with automatic DNS lookup counter and optimization
Search CVEs, visualize vendor trends, analyze response times, and calculate CVSS scores
Security professionals and system administrators utilize the CVSS Calculator to accurately assess the severity of software vulnerabilities. By implementing the Common Vulnerability Scoring System (CVSS) v3.1 standard, the application provides a consistent way to evaluate risk levels across different platforms and environments. Users can input specific metrics for Base, Temporal, and Environmental scores to determine the overall impact and urgency of a security flaw. The interface simplifies the complex process of generating CVSS vector strings and corresponding severity ratings. Analysts can fine-tune their assessments by adjusting variables such as attack vector, complexity, and required privileges. This granular approach ensures that remediation efforts are prioritized based on factual data rather than intuition. The result is a standardized output that can be shared across security teams to streamline incident response and vulnerability management workflows.
String Extractor provides a specialized utility for security analysts and malware researchers to analyze binary files safely. By scanning through compiled code, the application identifies and retrieves both ASCII and Unicode strings that might reveal hidden functionality or configuration data. This process remains essential during the initial stages of static analysis, allowing users to peek into the contents of a file without risking execution. The application enhances discovery by incorporating pattern detection for common Indicators of Compromise (IOCs). It automatically highlights suspicious artifacts such as IP addresses, URLs, and domain names that are often embedded within malicious binaries. Forensic investigators can leverage these insights to map out potential network connections or persistence mechanisms, making it an effective asset for rapid incident response and threat intelligence gathering.
Accessing registration details for any domain name provides critical transparency for web developers, security professionals, and digital investigators. The WHOIS Lookup utility retrieves comprehensive data from global databases, revealing the official registrar, domain status, and registration history. By entering a URL, users can instantly verify the administrative and technical contact information associated with a specific web address. Monitoring expiration dates and nameserver configurations helps maintain domain health and prevents accidental service interruptions. Security analysts rely on these records to identify potential phishing sites or investigate the legitimacy of online platforms. Beyond security, these queries assist in finding domain availability or identifying the right contacts for purchasing existing names. It serves as an essential resource for navigating the technical architecture of the internet with accuracy and speed.
NIST SP 800-88 decision-tree wizard that recommends Clear, Purge, or Destroy methods based on media type, data sensitivity, and asset disposition (CISSP Domain 2)
Evaluate which formal security model (Bell-LaPadula, Biba, Clark-Wilson, Brewer-Nash) best fits your requirements with scored comparisons and implementation guidance. CISSP Domain 3.
Select the right federation protocol (SAML, OIDC, OAuth, Kerberos) with visual auth flow diagrams, protocol comparison, and Kerberos troubleshooter. CISSP Domain 5.
Parse and analyze robots.txt files with path testing and security checks
Detect and analyze CORS misconfigurations, security vulnerabilities, and policy issues
