Why this exists

Every tool here was born from a real need during security analysis. When testing web applications, APIs, and infrastructure, certain tools come up repeatedly: JWT decoders, DNS lookups, hash identifiers, CVE searches. Existing options were often slow, cluttered, or sent data to third-party servers.

This project provides fast, clean alternatives that run entirely in your browser.

Built from experience

Each tool reflects patterns encountered during real security analysis work:

• JWT Attacker — from testing auth mechanisms across different systems
• GraphQL Introspection — from API analysis and schema discovery
• CSP Evaluator — from analyzing web security configurations
• Payload Builder — curated from common testing patterns

Privacy

No cookies, no personal data collection. This site uses GoatCounter for anonymous page view counting — no tracking, no ads. Most tools work completely offline. Tools that use external APIs (DNS, CVE search, CORS proxy) clearly indicate what data is sent and to which service.

Open Source

Every line of code is on GitHub. Contributions, feature ideas, and bug reports are welcome.