Tools (Educational Use Only)
Understand concepts and safe handling. No real attack payloads are generated here.
URL Encoder/Decoder
JWT Structure Viewer
Explains header, payload, and signature. No secret keys are used.
Header
Payload
Signature
This viewer does not verify signatures. In production, always validate algorithm, issuer, audience, expiry, and signature with trusted keys.
Request/Response Visualizer
Build a conceptual HTTP request and preview a safe, mock response.
Preview
Mock Response
Input Validation Tester
Visualize how unsafe vs. safe handling differ. This tool does not generate attack payloads.
Unsafe Rendering
Safe Rendering
Always sanitize input, encode output contextually, and validate types/lengths.
Base64 Encoder/Decoder
Password Policy Checker
Check password strength against common secure policy controls.
Security Header Checker
Paste response headers and see which key security headers are present.
CSP Builder
Generate a safe baseline Content-Security-Policy and learn what each directive does.
Policy
Explanation
Cookie Auditor
Paste Set-Cookie lines to review Secure/HttpOnly/SameSite and TTL guidance.
CORS Analyzer
Paste response headers to understand actual CORS risk and recommended configs.
IDOR Test Planner
Plan safe IDOR test cases by mapping resource ownership and expected responses.
Access Matrix Checker
Define roles and endpoints to highlight missing denies and over-permissive access.
Bug Report Assistant
Turn your notes into a clean, responsible disclosure report format.
CVSS v3.1 Calculator (Educational)
Estimate severity by selecting base metrics; explains the score.
Score
Passive Website Audit
Client-side, paste-based checks (no active scanning). Paste headers and HTML to get a safety-oriented checklist.
Curl Converter
Paste a curl command and convert to JavaScript fetch and Python requests. Inspired by curlconverter.com.