JWT Decoder
Decode JWT tokens locally in your browser to inspect headers, claims, and token expiration
SecuritySecurity Tools
Hash generation and JWT decoding utilities for security and authentication
Available Tools
Hash Generator
Generate SHA hashes for text and files to verify integrity and compare cryptographic fingerprints
SecurityHMAC Generator
Generate HMAC signatures using SHA-256, SHA-384, and SHA-512 algorithms
SecurityPassword Generator & Strength Analyzer
Generate strong passwords and analyze entropy, strength, and estimated crack time
SecurityWordPress Password Generator
Generate WordPress-ready passwords with compatibility and max-security presets
SecurityFile Checksum Calculator
Calculate file checksums using MD5, SHA-1, SHA-256, and SHA-512 algorithms
SecurityCSP Generator (Basic)
Build a valid Content-Security-Policy string from directive/source lists
SecurityPEM / Certificate Parser (Basic)
Parse PEM public keys and certificates with fingerprints and basic metadata
SecurityJWT Security Auditor
Audit JWT tokens for algorithm vulnerabilities, missing claims, excessive expiration, and sensitive data exposure
SecurityCSP Inspector
Analyze Content Security Policy directives for security weaknesses and generate hardened CSP recommendations
SecurityEnvironment Security Analyzer
Detect secrets, passwords, API keys, and credentials in .env files with automatic masking and security scoring
SecuritySecurity Headers Analyzer
Analyze HTTP security headers for missing HSTS, CSP, X-Frame-Options, Permissions-Policy, and Referrer-Policy
SecurityCORS Policy Inspector
Analyze CORS headers for misconfigurations including wildcard origins, dangerous credential combinations, and overly permissive methods
SecurityOAuth Scope Analyzer
Analyze OAuth 2.0 scopes for over-permission patterns, scope creep, and least-privilege violations across GitHub, Google, Azure AD, and Okta
SecurityCertificate Chain Inspector
Inspect PEM certificate chains for expiration, weak algorithms, key size issues, and chain completeness — with security scoring
SecurityXML Security Inspector
Detect XXE attacks, DTD injection, entity expansion bombs, and CDATA injection in XML documents
SecuritySAML Response Decoder
Decode Base64-encoded SAML 2.0 responses to inspect assertions, attributes, conditions, and signature details
SecurityBrowser Storage Inspector
Inspect localStorage and sessionStorage JSON dumps for security issues, sensitive data exposure, expired tokens, and storage anti-patterns
SecurityAbout Security Tools
These security-focused utilities help with token analysis, hashing, and signature workflows while keeping sensitive data on your device.