~/tools
Tools
Small security utilities that run entirely in the browser — no backend, no data leaves the machine (CSP: connect-src 'self').
Encoding & conversion
-
Encode and decode Base64 with the standard or URL-safe alphabet. UTF-8 safe in both directions, with copy and swap.
client-side -
Percent-encode or decode text as a URI component or a full URI, with clear errors on malformed sequences.
client-side -
Convert between text and hexadecimal bytes. UTF-8 safe, accepts spaced or 0x-prefixed input.
client-side -
Apply ROT13 or any Caesar shift to text, live as you type. A frequent CTF sighting.
client-side
Crypto & hashing
-
Generate SHA-1, SHA-256, SHA-384, and SHA-512 digests of text or a file via the Web Crypto API.
client-side -
Guess the likely algorithm behind a hash from its length and character set. Heuristic triage helper.
client-side -
Estimate password strength from character set and length, with a rough offline crack-time figure.
client-side
Analysis
-
Extract indicators of compromise from pasted text — IPs, domains, URLs, emails, hashes — and defang them.
client-side -
Test JavaScript regular expressions against sample text with live highlighting and capture groups.
client-side -
A reference checklist of HTTP security headers with recommended values and the reasoning for each.
client-side
Networking
-
Compute network, broadcast, mask, and usable host range from CIDR notation. Handles /31 and /32.
client-side
These tools are static pages — all processing happens in your browser’s
JavaScript. There is no backend, and the site’s Content Security Policy
(connect-src 'self')
prevents the page from sending data anywhere else.