TLS/SSL Config Snippet Grader Paste an Apache or Nginx TLS/SSL configuration block and get an instant A–F grade based on Mozilla’s Server Side TLS guidelines. The grader flags deprecated protocols, weak ciphers, missing HSTS, and other security issues, then suggests a Mozilla-aligned replacement snippet you can drop straight into your server config. How to Use ...
Try the Tool »JSON Web Key (JWK) Set Generator Generate cryptographic signing keys in JSON Web Key format and assemble them into a JWKS (JSON Web Key Set) ready to publish at /.well-known/jwks.json. Supports RSA, RSA-PSS and ECDSA across the full JWA range (RS256/384/512, PS256/384/512, ES256/384/512). Every key is generated locally in your browser via the Web Crypto ...
Try the Tool »Kubernetes ConfigMap & Secret Generator Build kubectl-ready Kubernetes ConfigMap and Secret manifests from a simple list of KEY=value pairs. The generator validates resource names against RFC 1123, base64-encodes Secret values for the data field, and emits clean YAML that you can pipe straight into kubectl apply -f -. No data leaves your browser. How to ...
Try the Tool »Password Hash Crack Time Estimator Estimate how long it would take a real-world attacker to brute-force a password protected by a specific hashing algorithm. The estimator pairs Hashcat-grade hash rates with the keyspace of your chosen password composition, then reports a crack time across four attacker tiers: a budget GPU, a single RTX 4090, a ...
Try the Tool »CSR (Certificate Signing Request) Generator Generate a PKCS#10 Certificate Signing Request and matching RSA private key entirely in your browser. Fill in the subject fields, add Subject Alternative Names, pick a key size, and click Generate. Both files are produced locally — the private key is never transmitted to any server, never logged, and never ...
Try the Tool »Merkle Tree Generator & Visualizer Paste a list of values, choose a hash function, and instantly see a visual Merkle tree with every intermediate node hash and the final Merkle root. Pick SHA-256, SHA-1, or Keccak-256 (the hash Ethereum uses), tune the Bitcoin-style odd-leaf rule or the OpenZeppelin sorted-pair convention, and export the full tree ...
Try the Tool »Playfair Cipher Encoder & Decoder Encrypt or decrypt text with the classic Playfair cipher entirely in your browser. Enter a keyword, paste your plaintext or ciphertext, and watch the tool build the 5×5 keyed matrix, prepare the digraphs, and walk through every substitution step. No data ever leaves your device. How to Use Pick a ...
Try the Tool »Ethereum / EVM Address Checksum Validator Paste any Ethereum or EVM-compatible address and instantly check whether its mixed-case checksum is correct under EIP-55. The tool also returns the canonical checksummed form so you can copy a safe version back into your wallet, contract, or block explorer. Everything runs locally in your browser — no addresses ...
Try the Tool »Email Deliverability Checker Audit a domain’s email authentication setup in seconds. Enter any domain and the tool runs live DNS lookups against Cloudflare’s resolver to inspect SPF, DMARC, MX, and BIMI records, then surfaces real configuration problems with a clear pass/fail verdict and an overall deliverability score. How to Use Type the domain you want ...
Try the Tool »ECDSA / Ed25519 Key Generator Generate cryptographically secure elliptic-curve key pairs in your browser using the Web Crypto API. Pick Ed25519, ECDSA P-256, or ECDSA P-384, and export in PEM (PKCS8/SPKI), JWK, or raw hex format. Useful for JWT signing (ES256, EdDSA), Signal-style protocols, libsodium interop, and any general-purpose elliptic-curve cryptography that is not OpenSSH-flavored. ...
Try the Tool »PKCE Code Verifier & Challenge Generator Generate RFC 7636-compliant PKCE values right in your browser. Pick a verifier length (43–128 characters), and the tool produces a cryptographically random code_verifier together with the matching SHA-256 code_challenge in base64url form, ready to drop into any OAuth 2.0 or OAuth 2.1 authorization request. Useful for SPAs, mobile apps, ...
Try the Tool »SAML Response Decoder Paste a base64-encoded SAML response or assertion and instantly see the decoded XML alongside a summary of the most important fields. Handles URL-encoded payloads and DEFLATE-compressed strings used by SAML’s HTTP-Redirect binding, all in your browser — nothing is uploaded. How to Use Capture the SAML response from your IdP — usually ...
Try the Tool »Character Frequency Analyzer Paste any text and instantly see how often every character appears. The Character Frequency Analyzer counts every letter, digit, or symbol, ranks them, shows percentages, and renders a visual bar chart so you can spot patterns at a glance. It is a go-to companion for cryptanalysis, linguistics homework, password audits, content audits, ...
Try the Tool »WebRTC IP Leak Detector WebRTC is a built-in browser API that powers voice and video calls without plugins. To connect two peers directly, it uses the ICE framework to gather candidate IP addresses — and that list includes the machine’s local LAN IP plus any public address a STUN server can see. When users run ...
Try the Tool ».env vs .env.example Key Diff Tool Drift between your actual .env file and the .env.example template is one of the quietest sources of broken deploys. Keys get added in development, copied into production, and then forgotten in the template. Placeholder values stick around in .env where real secrets were supposed to land. This tool lines ...
Try the Tool »CRC Checksum Calculator Compute Cyclic Redundancy Check values instantly for text or file input, choosing from 15 standardized variants across the CRC-8, CRC-16, CRC-32, and CRC-64 families. Verify downloads, validate serial protocol frames, or confirm file integrity without uploading anything — all calculations run locally in your browser. How to Use Type or paste text ...
Try the Tool »UUID Validator & Decoder Paste any UUID and instantly see whether it is valid, which version it follows (v1 through v8, plus the special Nil and Max UUIDs), and what metadata is hidden inside its bits. The tool decodes v1, v6, and v7 timestamps to a human-readable date, extracts the node ID / MAC fragment ...
Try the Tool »Nano ID Generator Generate cryptographically secure, URL-friendly unique IDs in your browser. The Nano ID Generator produces compact identifiers using crypto.getRandomValues, with full control over length, alphabet, and output format. Default IDs are 21 characters long with the same collision resistance as a UUID v4 — but 41% shorter and safe to drop straight into ...
Try the Tool »JWT Encoder / Builder Build signed JSON Web Tokens directly in your browser. Drop in a header and payload, pick an HMAC algorithm, supply the shared secret, and copy a ready-to-use token for API testing, debugging, or local development. All signing happens with the SubtleCrypto Web API, so your secret and claims never leave the ...
Try the Tool »CUID2 Generator Generate cryptographically secure CUID2 IDs entirely in your browser. CUID2 is a modern, collision-resistant identifier format that combines a high-entropy random salt, monotonic counter, timestamp, and browser fingerprint, then runs the result through SHA3-512 to produce a base36 string. Every ID starts with a letter, so values stay safe to use in databases, ...
Try the Tool »Add IO tools to your favorite browser for instant access and faster searching
Scoreboard is a fun way to keep track of your games, all data is stored in your browser. More features are coming soon!
Update: Our latest tool was added on Jun 16, 2026
Help us continue providing valuable free tools
