Fast, free tools for defenders.
No signup. No tracking dashboards. Client-side tools never send your data anywhere — paste, check, done.
Security Headers Checker
Grade any site's HTTP security headers — CSP, HSTS, frame protection — with plain-English fixes.
DNS Lookup
Query A, MX, TXT, SPF, DMARC and more over DNS-over-HTTPS. Includes one-click email-auth checks.
CVE Lookup
CVE details straight from NVD: CVSS score and vector, CISA KEV status, weaknesses, references.
JWT Decoder
Decode JSON Web Tokens locally. Header, claims, expiry sanity checks. The token never leaves your machine.
Decoder Toolbox
Base64, URL, hex, SHA hashes, epoch timestamps — the everyday conversions, all client-side.
Email Header Analyzer
Paste raw email headers: hop-by-hop path, SPF/DKIM/DMARC results, spoofing red flags.
Why these tools exist
Every tool here does one job, fast, and explains its output. Checks report only what was actually observed — no invented findings, no fake authority. Read how each check works.