37 tools available — more coming

Free Security Tools
for Developers

SSL checking, header analysis, JWT decoding, DNS lookups, password strength, cryptographic hashing — all in one place. No signup, no tracking.

SSL CheckerJWT DecoderDNS LookupHash Generator+33 more

$ all-tools --list

Sort:

37 tools

SSL Checker

Verify SSL/TLS certificate details, issuer, expiry date, and certificate chain for any domain.

SSL/TLS#ssl#tls

HTTP Header Analyzer

Analyze HTTP response headers and check security headers like CSP, HSTS, X-Frame-Options.

HTTP#headers#csp

JWT Decoder

Decode JSON Web Tokens to inspect header, payload, and expiration without a secret key.

Crypto#jwt#auth

Password Strength Checker

Analyze password strength with entropy calculation, crack time estimate, and improvement suggestions.

Password#password#entropy

Base64 Encoder / Decoder

Encode and decode text to and from Base64 format. Fully client-side — your data never leaves the browser.

Crypto#base64#encode

Hash Generator

Generate MD5, SHA-256, and SHA-512 cryptographic hashes from any text input. 100% client-side.

Crypto#hash#sha256

DNS Lookup

Query DNS records (A, AAAA, MX, TXT, NS, CNAME) for any domain using public DNS API.

DNS#dns#records

SPF Record Checker

Fetch and parse SPF (Sender Policy Framework) records for a domain to validate email security.

Email#spf#email

WHOIS Lookup

Retrieve domain registration details including registrar, registrant, creation date, and expiry.

Domain#whois#domain

robots.txt Analyzer

Fetch, parse, and validate robots.txt. Check which bots are allowed, view sitemaps, test URL paths.

HTTP#robots#crawlers

URL Encoder / Decoder

Encode and decode URLs with percent-encoding. Component mode for query params. 100% client-side.

Crypto#url#encode

HMAC Generator

Compute HMAC-SHA256, HMAC-SHA384, HMAC-SHA512. Hex or Base64 output. 100% client-side.

Crypto#hmac#sha256

HSTS Checker

Check Strict-Transport-Security header. Verify max-age, includeSubDomains, preload.

HTTP#hsts#https

Password Generator

Generate secure random passwords with crypto.getRandomValues. Length 8–64, customizable chars.

Password#password#random

AES Encrypt / Decrypt

AES-256-CBC encryption and decryption. 100% client-side. PBKDF2 key derivation.

Crypto#aes#encryption

CORS Checker

Check Access-Control-* headers. Verify Allow-Origin, credentials, methods.

HTTP#cors#cross-origin

Clickjacking Checker

Check X-Frame-Options and CSP frame-ancestors. Detect clickjacking vulnerability.

HTTP#clickjacking#x-frame-options

DKIM Record Checker

Verify DKIM DNS records. Domain + selector → TXT lookup and parse.

Email#dkim#email

DMARC Record Checker

Verify DMARC DNS records. Policy, RUA, RUF, alignment.

Email#dmarc#email

Hex Encoder / Decoder

Convert text to hex and hex to text. UTF-8. 100% client-side.

Crypto#hex#encode

JSON Validator

Validate, format, minify JSON. Error location. 100% client-side.

Crypto#json#validate

Timestamp Converter

Convert Unix epoch to date and date to timestamp. Seconds or milliseconds.

Crypto#timestamp#epoch

CSP Checker

Check Content-Security-Policy. Parse directives, detect unsafe-inline, unsafe-eval.

HTTP#csp#content-security-policy

Port Checker

Check if TCP ports are open. Host + ports → connect test.

DNS#port#tcp

UUID Generator

Generate UUID v4 (random). RFC 4122. 100% client-side.

Crypto#uuid#guid

Regex Tester

Test regular expressions. Matches, capture groups, replace. JavaScript.

Crypto#regex#regexp

Lorem Ipsum Generator

Generate placeholder text. Paragraphs or words. Plain or HTML.

Crypto#lorem#placeholder

HTML Entity Encoder / Decoder

Encode &, <, > to HTML entities. Decode back. Prevent XSS.

Crypto#html#entity

Cron Validator

Validate cron expressions. Format: min hour day month weekday.

Crypto#cron#crontab

Mixed Content Checker

Find HTTP resources on HTTPS pages. Paste HTML, scan scripts, images, styles.

HTTP#mixed content#https

RSA Key Generator

Generate RSA 1024/2048/4096 bit keys. PEM format. 100% client-side.

Crypto#rsa#key

Open Redirect Checker

Analyze URL for open redirect risks. Check redirect params.

HTTP#open redirect#redirect

Cookie Analyzer

Parse Set-Cookie headers. Check HttpOnly, Secure, SameSite.

HTTP#cookie#set-cookie

Directory Listing Checker

Check if URL exposes directory listing. Index of, file list.

HTTP#directory listing#index of

URL Parser

Parse URL into protocol, host, path, query params. 100% client-side.

HTTP#url#parse

User-Agent Parser

Parse User-Agent string. Browser, OS, device, bot. 100% client-side.

HTTP#user-agent#browser

Uptime Checker

Quick one-off URL check. HTTP status + response time.

DNS#uptime#ping

Free Tools

Signup Required

100%

Client-side Crypto

∞

Uses Per Day

Free Security Toolsfor Developers