$ ls ./tools/
Security Tools
34 free tools for security professionals and penetration testers.
Reconnaissance (11)
DNS Lookup
Query DNS records for any domain (A, AAAA, MX, TXT, CNAME, NS).
SSL Checker
Analyze SSL/TLS certificates, protocols, and security configuration.
Header Analyzer
Check HTTP security headers and score website security posture.
WHOIS Lookup
Query domain registration data via RDAP protocol.
Email Security
Check SPF, DMARC, DKIM, and MX records for email authentication.
IP Lookup
Get geolocation, ASN, ISP, and organization data for any IP address.
Reputation Checker
Check IP/domain reputation against DNSBL, AbuseIPDB, VirusTotal.
Subdomain Finder
Discover subdomains via Certificate Transparency logs.
CORS Tester
Test for CORS misconfigurations and cross-origin vulnerabilities.
Wayback Lookup
Find historical snapshots of websites from the Wayback Machine.
Tech Stack Detector
Identify web technologies, frameworks, and servers.
Cryptography (7)
Hash Generator
Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from text input.
Hash Identifier
Identify the type of hash from its format and length.
Base64 Encoder/Decoder
Encode and decode Base64 strings with support for URL-safe variants.
JWT Decoder
Decode and inspect JSON Web Token headers, payloads, and signatures.
Certificate Decoder
Parse and display X.509 certificate details in human-readable format.
XOR Decoder
XOR encode and decode data with single-byte or multi-byte keys.
Entropy Analyzer
Calculate Shannon entropy to detect encryption, compression, or randomness.
Exploitation (6)
Payload Encoder
Encode payloads in URL, HTML, Unicode, and hex formats.
Reverse Shell Generator
Generate reverse shell one-liners for various languages and platforms.
SSTI Payloads
Server-Side Template Injection payload reference for popular engines.
XXE Payloads
XML External Entity injection payload reference and examples.
SQLi Payloads
SQL injection payload reference for various database engines.
Deserialization Payloads
Insecure deserialization payload reference for Java, PHP, Python, and .NET.
Audit & Analysis (6)
URL Parser
Parse and decompose URLs into their component parts.
Password Analyzer
Analyze password strength, entropy, and estimated crack time.
IOC Extractor
Extract indicators of compromise (IPs, domains, hashes, URLs) from text.
Regex Tester
Test and debug regular expressions with real-time matching.
Defang/Refang Tool
Defang and refang URLs, IPs, and domains for safe sharing.
CSP Evaluator
Evaluate Content Security Policy headers for weaknesses and bypasses.
Reference (4)
Subnet Calculator
Calculate subnet ranges, CIDR notation, and available host addresses.
CVSS Calculator
Calculate CVSS v3.1 vulnerability severity scores.
Port Reference
Common port numbers, services, and protocol reference guide.
Google Dorks
Google dorking query reference for OSINT and reconnaissance.