All Tools
Browse by category or use the search box to find a specific tool instantly. Every tool runs in your browser — no accounts, no uploads, no data sent to a backend unless the tool explicitly requires a network lookup (such as WHOIS or DNS resolution).
The tools here cover the formats and protocols that appear most often in backend development, DevOps, and security work: JSON, JWTs, IP addressing, CIDR subnets, cryptographic hashing, regular expressions, Unix timestamps, YAML, and more. For the concepts behind the tools, see the Learn section. For workflow-based usage examples, see the Blog.
Formatters & validators
Turning messy or ambiguous data into something you can read and trust.
Validate, pretty-print, and minify JSON and pinpoint the exact syntax error.
Best for: debugging API responses.
Validate, prettify, minify, and recursively sort the keys of a JSON document inline.
Best for: cleaning config before committing.
Validate YAML and convert it to JSON.
Best for: CI, Kubernetes, and GitHub Actions config.
Encoders, decoders & converters
Moving data between the representations different systems expect.
Encode and decode Base64 and Base64url with full UTF-8 support.
Best for: JWT segments and HTTP Basic auth.
Decode a JWT header and payload, check exp/iat/nbf, and optionally verify HS256/384/512.
Best for: auth debugging.
Generate TypeScript interfaces from a JSON sample.
Best for: typing an API response.
Break a URL into components and decode its query parameters.
Best for: OAuth redirect and callback debugging.
Generators
Producing identifiers, fingerprints, and test values.
Compute MD5, SHA-1/224/256/384/512, SHA-3, RIPEMD-160, and HMAC digests.
Best for: integrity checks and CSP hashes.
Generate v4 UUIDs in bulk and validate existing UUIDs.
Best for: test data and distributed identifiers.
Security tools
Inspecting and protecting what runs in the browser and what you share.
Parse Content-Security-Policy and security headers, flag risky directives, and export a report.
Best for: pre-deploy header review.
Encrypt text in your browser with PBKDF2 + AES-GCM and share it as a link; there is no backend storage.
Best for: a one-off secret handoff.
Estimate password strength — entropy in bits, an offline crack-time estimate, and specific feedback — entirely in your browser.
Best for: vetting a password before you use it.
Generate strong, cryptographically-random passwords with control over length and character sets. Nothing is sent anywhere.
Best for: a fresh, unique password per account.
Guess a hash's type from its length, character set, and prefix — MD5, SHA-1/256/512, bcrypt, argon2, and more.
Best for: triaging an unknown hash before cracking.
Compute the current TOTP / 2FA code from a Base32 secret (RFC 6238), with selectable digits, period, and algorithm.
Best for: verifying or debugging a 2FA setup.
Network tools
Addressing, resolution, and ownership during infrastructure and incident work. Note that WHOIS Lookup, IP Lookup, and Hostname to IP query external APIs to do their work; the format converters below all run locally.
Calculate subnet range, mask, broadcast, and host counts from CIDR notation.
Best for: subnet planning.
Look up domain and IP registration via RDAP.
Best for: abuse and threat investigation.
Find your public IP and the geolocation/ASN of any IP address.
Best for: firewall and allowlist checks.
Resolve a hostname's A records using DNS-over-HTTPS.
Best for: checking DNS propagation.
Text & log tools
The small text operations that interrupt bigger tasks, plus log triage.
Compare two blocks of text line by line with whitespace/case options.
Best for: spotting config or response regressions.
Test regular expressions with flags and capture groups against sample text.
Best for: building log-parsing patterns.
Filter, search, and triage raw log output by level and time.
Best for: incident triage.
Time & reference tools
Converting between machine and human formats.
Convert between epoch timestamps (seconds or ms) and human-readable dates.
How to use this catalog
Start with the category that matches what you are doing, then follow a tool's related guide when you want the concept behind the utility. Tools labelled Runs locally process your input in the browser; the few that reach out to a third-party API are clearly marked.
For the concepts behind the tools, read the Learn section. For workflow-based walkthroughs of how these tools fit together during real engineering work, see the Blog.