Encoding Converter
Convert between Base64, Hex, Binary, URL encoding, HTML entities, and more.
Input
Output
URL En/Decoder
Encode, decode, and parse URLs. Extract query parameters, fragments, and components.
URL Input
Parsed Components
Query Parameters
Hash Generator
Generate MD5, SHA-1, SHA-256, SHA-384, SHA-512 hashes. Compare and identify hash types.
Input
Hash Identifier
Timestamp Converter
Convert between Unix timestamps, ISO 8601, Windows FILETIME, .NET ticks, and human-readable formats.
Input
Format Strings
Date Calculator
Add or subtract days, hours, minutes. Calculate duration between two dates.
Add / Subtract from Date
Duration Between Dates
Cron Explainer
Parse and explain cron expressions. See human-readable descriptions and upcoming scheduled runs.
Cron Expression
Explanation
Next 10 Runs
Presets
Text Diff
Compare two texts with character-level, word-level, or line-level diff. Download patch files.
Original (A)
Modified (B)
Diff Result
Regex Tester
Test regular expressions with live highlighting, match groups, and common pattern library.
Test String
Matches
Common Patterns
JWT Decoder
Decode and inspect JSON Web Tokens. View header, payload, and signature. Check expiry.
JWT Token
Header
Payload
Signature
HTTP Header Parser
Parse and analyze HTTP headers. Identify security headers, caching directives, and more.
Raw Headers
Parsed Headers
Security Analysis
Email Header Analyzer
Decode email headers to trace delivery hops, measure delays, and inspect SPF, DKIM & DMARC authentication results.
Raw Email Headers
🌐 Delivery Route
🔀 Hop Details
📊 Summary
🛡️ Authentication
Certificate & CSR Decoder
Decode X.509 / PEM certificates and PKCS#10 Certificate Signing Requests. View subject, issuer, validity, extensions, and security assessment with quantum readiness.
PEM Certificate / CSR
Encrypt / Decrypt
Client-side AES encryption with security ratings and quantum-safety analysis. Uses Web Crypto API with PBKDF2 key derivation.
Algorithm
Passphrase
Input
Output
Algorithm Security Reference
OWASP Top 10
Interactive guide to the most critical web application security risks. Vulnerable vs. fixed code examples for each issue.
⚛️ Post-Quantum Cryptography
Interactive guide to quantum-resistant cryptography — why it matters, how it works, and what to do about it.
🤖 AI Security & Prompt Injection
How prompt injections become RCE, agent exploitation, data exfiltration, and the evolving AI threat landscape.
📡 DNS Exfiltration Demo
Interactive visualization of DNS-based data exfiltration, C2 communication, and covert tunneling — 100% client-side, no actual DNS queries leave your browser.
Configuration
Live DNS Query Log
Reconstructed Data (Attacker Side)
How It Works
Data is encoded (hex/base32/base64) and split into chunks that fit within DNS label limits (63 chars). Each chunk becomes a subdomain of the attacker-controlled domain.
Why It Bypasses Firewalls
DNS traffic (UDP/53) is almost always permitted outbound. Most firewalls don't inspect DNS payload content beyond basic formatting.
Detection Strategies
Monitor for unusually long subdomains, high entropy domain names, abnormal query volume, and TXT queries with large responses.
📋 Security Checklists
Downloadable security checklists for all topics — AI security, post-quantum migration, OWASP, cryptography, DNS, web hardening, and more.