70 free browser-based tools for developers and security engineers. No signup, no install, no data sent to servers — everything runs locally in your browser.
Generate cryptographically strong passwords with custom length, character sets, strength scoring and bulk generation.
Open Tool →Prettify, validate, minify, and explore JSON with full syntax highlighting, structure stats, and copy support.
Open Tool →Convert Markdown to HTML with live preview. Copy the HTML output or export directly to PDF in the browser.
Open Tool →Generate MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes from text input or uploaded files instantly.
Open Tool →Encode and decode Base64 strings. Supports URL-safe mode, file-to-Base64, and Base64-to-file download.
Open Tool →Test regular expressions with match highlighting, capture groups, and a built-in security pattern library.
Open Tool →Build and explain cron expressions visually. Get human-readable descriptions, next run times, and common presets.
Open Tool →Encode and decode URL components, full URLs, and query strings. Supports standard, component, and double encoding detection.
Open Tool →Compare two code blocks side-by-side or inline. Highlights additions, deletions, and unchanged lines for security patch review.
Open Tool →Validate, prettify, and convert YAML to JSON. Detect syntax errors with line numbers. Flags common security misconfigs in K8s/CI YAML.
Open Tool →Generate RFC-compliant UUID v4, v1, and v7 identifiers. Bulk generation, format options, and UUID validator with version detection.
Open Tool →Convert between Unix timestamps and human-readable dates. Live clock, relative time, and all major timezone support.
Open Tool →Convert numbers between decimal, hexadecimal, binary, octal, and any custom base. Live conversion with bit visualisation.
Open Tool →Convert between JSON and YAML instantly. Side-by-side editor with validation and one-click copy for IaC and config files.
Open Tool →Generate copy-ready OpenSSL commands for key generation, CSR creation, self-signed certs, format conversion, and TLS testing.
Open Tool →Complete HTTP security headers reference with recommended values, explanations, and copy-ready examples for HSTS, CSP, CORS, and more.
Open Tool →Convert cURL commands to Python requests, JavaScript fetch, axios, PHP, and Go. Paste any curl and get ready-to-use code instantly.
Open Tool →Format, validate, and minify XML. XPath query runner, element stats, and convert XML to JSON. Detect syntax errors with line numbers.
Open Tool →Generate signed JWT tokens with custom claims and expiry. Supports HS256, HS384, HS512. Quick exp buttons. Fully client-side.
Open Tool →Validate .env files for syntax errors, duplicate keys, empty values, and exposed secret patterns. Masks sensitive values for safe sharing.
Open Tool →Calculate which versions match a semver range. Supports ^, ~, >=, <=, wildcards, and hyphen ranges. npm, pip, and cargo compatible.
Open Tool →Validate full crontab files, explain every entry in plain English, show next 5 run times, and detect risky patterns like curl/wget in cron jobs.
Open Tool →Decode JWT tokens, inspect all claims, and detect security issues — expired tokens, weak algorithms, missing claims.
Open Tool →Scan Dockerfiles for security misconfigurations: root users, exposed secrets, dangerous RUN patterns, and more.
Open Tool →Paste HTTP response headers and get an instant security grade with per-header analysis and fix guidance.
Open Tool →Analyse CORS configuration headers for misconfigurations, wildcard origins, and credential exposure risks.
Open Tool →Paste code or config files to detect leaked API keys, tokens, private keys, and credentials via pattern matching.
Open Tool →Visual Content Security Policy header builder with directive reference, source inputs, and live header preview.
Open Tool →Decode X.509/PEM certificates. Extract subject, SANs, validity dates, fingerprints, key info, and security assessment.
Open Tool →Decode OAuth 2.0 access tokens and OIDC ID tokens. Inspect scopes, claims, and detect authentication misconfigurations.
Open Tool →Generate and verify HMAC-SHA256/384/512 signatures. Verify GitHub webhooks, Stripe payloads, and API request signing.
Open Tool →Encode and decode in 10+ formats at once — HTML entities, URL encoding, Unicode escapes, hex, binary, ROT13, and more.
Open Tool →Generate bcrypt password hashes with configurable cost factor and verify plaintext passwords against existing hashes. Client-side only.
Open Tool →Generate RFC 6238 TOTP codes from a Base32 secret. Live countdown timer, previous/next codes. Compatible with Google Authenticator and Authy.
Open Tool →Analyse password entropy, detect patterns, and estimate crack time across different attack scenarios. Actionable improvement suggestions.
Open Tool →Calculate network address, broadcast, host range, and subnet masks from any CIDR block. Binary visualisation and private range detection.
Open Tool →Decode and inspect SAML assertions and responses. Extract attributes, check expiry, detect signature wrapping and XML injection risks.
Open Tool →Generate PKCE code_verifier and code_challenge for OAuth 2.0 Authorization Code Flow. Builds the full authorization URL with all required params.
Open Tool →Analyze Set-Cookie headers for missing Secure, HttpOnly, SameSite attributes. Score each cookie and get an overall security grade.
Open Tool →Analyze GraphQL schemas for missing auth directives, sensitive fields, and unpaginated lists. Detect introspection queries and depth attacks.
Open Tool →Verify webhook signatures from GitHub, Stripe, Slack, Shopify, and Twilio. HMAC-SHA256 verification fully in browser. No data sent to servers.
Open Tool →Search the NIST NVD database for CVEs by keyword, CVE ID, or product name. Real-time data, CVSS scores included.
Open Tool →Paste package.json or requirements.txt to check all dependencies for known vulnerabilities via the OSV database.
Open Tool →Interactive OWASP Top 10 2021 self-assessment with per-category scoring, guidance, and a printable report.
Open Tool →Calculate your real AppSec spend — FP triage costs, team overhead, breach exposure — and see your AquilaX ROI.
Open Tool →20-question assessment across 5 dimensions: tooling, secrets, culture, incident response, and compliance.
Open Tool →Estimate how much developer time and money your current scanner wastes on false positives — and your savings with AI triage.
Open Tool →Drag-and-drop DevSecOps pipeline builder. Export your pipeline as a PNG or generate a LinkedIn-ready diagram.
Open Tool →Explore vulnerable vs. fixed code for all OWASP Top 10 2021 categories in JavaScript, Python, and Java.
Open Tool →Interactive ASVS 4.0 checklist for Level 1, 2, and 3 controls. Track compliance and export your verification report.
Open Tool →Paste Set-Cookie headers to check for missing HttpOnly, Secure, SameSite attributes, and excessive lifetimes.
Open Tool →Score vulnerability risk using OWASP's Likelihood × Impact methodology. Get Note, Low, Medium, High, or Critical ratings.
Open Tool →Systematically identify and document Spoofing, Tampering, Repudiation, Info Disclosure, DoS, and Privilege Escalation threats.
Open Tool →OWASP API Security Top 10 (2023) interactive checklist covering BOLA, broken auth, rate limiting, SSRF, and more.
Open Tool →Interactive PCI DSS v4.0 self-assessment covering all 12 requirements. Track your compliance score and export a printable report.
Open Tool →GDPR self-assessment for development teams. Cover data mapping, lawful basis, privacy by design, breach response, and subject rights.
Open Tool →Interactive SOC 2 Type II readiness checklist covering all five Trust Services Criteria. Track security, availability, confidentiality, and privacy controls.
Open Tool →Interactive HIPAA Security Rule checklist for healthcare software teams. Covers Administrative, Physical, and Technical Safeguards for ePHI protection.
Open Tool →Interactive ISO 27001:2022 ISMS readiness checklist covering all 93 Annex A controls across Organisational, People, Physical, and Technological themes.
Open Tool →Interactive NIST Cybersecurity Framework 2.0 checklist covering all six Functions: Govern, Identify, Protect, Detect, Respond, and Recover.
Open Tool →Interactive CIS Controls v8 checklist with 92 safeguards across 18 controls. Filter by Implementation Group (IG1/IG2/IG3) for your organisation size.
Open Tool →Interactive NIS2 Directive (EU 2022/2555) compliance checklist. Track risk management measures, incident reporting timelines, and supply chain security.
Open Tool →Interactive OWASP ASVS 4.0 checklist with 87 controls across 14 chapters. Filter by L1/L2/L3 level to match your application's security requirements.
Open Tool →Query A, AAAA, MX, TXT, NS, CNAME, and CAA records via DNS over HTTPS. Security annotations for SPF, DMARC, and CAA. No software needed.
Open Tool →Look up IP geolocation, ASN, organisation, country, and datacenter/VPN flags. Supports IPv4 and IPv6. Includes "Use My IP" detection.
Open Tool →Analyze SPF and DMARC DNS records for any domain. Validate policy strength, detect issues, and get an email security grade.
Open Tool →Paste an AWS IAM policy JSON and instantly identify wildcard permissions, privilege escalation paths, and missing conditions.
Open Tool →Paste a workflow YAML and detect script injection, unpinned actions, GITHUB_TOKEN over-permissions, and secrets exposure.
Open Tool →Scan K8s YAML manifests for privileged containers, hostNetwork, missing resource limits, and hardcoded secrets. Grades your manifests A–F.
Open Tool →Paste Terraform HCL and detect open S3 buckets, public RDS, wildcard IAM, unencrypted resources, and overly permissive security groups.
Open Tool →AquilaX runs 32 parallel security scanners on your real codebase — automatically, on every commit. No configuration. 93.54% fewer false positives. AI-generated fix patches included.