~/tools

Tools

Small security utilities that run entirely in the browser — no backend, no data leaves the machine (CSP: connect-src 'self').

Encoding & conversion

  • Encode and decode Base64 with the standard or URL-safe alphabet. UTF-8 safe in both directions, with copy and swap.

    client-side
  • Percent-encode or decode text as a URI component or a full URI, with clear errors on malformed sequences.

    client-side
  • Convert between text and hexadecimal bytes. UTF-8 safe, accepts spaced or 0x-prefixed input.

    client-side
  • Apply ROT13 or any Caesar shift to text, live as you type. A frequent CTF sighting.

    client-side

Crypto & hashing

  • Generate SHA-1, SHA-256, SHA-384, and SHA-512 digests of text or a file via the Web Crypto API.

    client-side
  • Guess the likely algorithm behind a hash from its length and character set. Heuristic triage helper.

    client-side
  • Estimate password strength from character set and length, with a rough offline crack-time figure.

    client-side

Analysis

  • Extract indicators of compromise from pasted text — IPs, domains, URLs, emails, hashes — and defang them.

    client-side
  • Test JavaScript regular expressions against sample text with live highlighting and capture groups.

    client-side
  • A reference checklist of HTTP security headers with recommended values and the reasoning for each.

    client-side

Networking

  • Compute network, broadcast, mask, and usable host range from CIDR notation. Handles /31 and /32.

    client-side

These tools are static pages — all processing happens in your browser’s JavaScript. There is no backend, and the site’s Content Security Policy (connect-src 'self') prevents the page from sending data anywhere else.