#οΈβ£ Hash Generator
Generate MD5, SHA-1, SHA-256, SHA-384, SHA-512 hashes from any text. Client-side only.
What is a Hash Function?
A cryptographic hash function is a one-way mathematical algorithm that converts input data into a fixed-size string of characters. Hash functions are fundamental to cybersecurity, used for password storage, data integrity verification, digital signatures, and blockchain technology.
Supported Algorithms
- MD5 β 128-bit hash. Fast but vulnerable to collisions. Used for checksums, not security.
- SHA-1 β 160-bit hash. Deprecated for security. Still used in legacy systems.
- SHA-256 β Part of SHA-2 family. Industry standard for security applications.
- SHA-384 β Truncated version of SHA-512. Used in TLS and government applications.
- SHA-512 β 512-bit hash. Maximum security for critical applications.
π NTLM Hash Generator
Generate NT (NTLM) password hashes used in Windows authentication. Supports bulk mode β paste a list of passwords (one per line) to hash them all at once.
What is NTLM?
NTLM (NT LAN Manager) is the authentication protocol used by Microsoft Windows. The NT hash is computed as the MD4 hash of the UTF-16LE encoding of the password. NTLM hashes are commonly encountered during Active Directory penetration testing, pass-the-hash attacks, and password auditing.
Bulk NTLM Generation β Use Cases
- Generate hash lists for password spraying validation
- Create wordlists with pre-computed NTLM hashes for comparison
- Verify cracked passwords against NTDS.dit dumps
- Pass-the-Hash (PtH) attacks with tools like Mimikatz, Impacket
- Cracking with Hashcat (mode 1000) or John the Ripper
- Active Directory security assessments
- Windows credential extraction from SAM/NTDS.dit
π Password Generator
Generate cryptographically secure random passwords with customizable length, character sets, and complexity requirements.
Why Strong Passwords Matter
A strong password is the first line of defense. Passwords should be at least 12-16 characters, include mixed character types, and be unique for every account. This generator uses the Web Crypto API for cryptographically secure randomness.
π¦ Base64 Encoder / Decoder
Encode text to Base64 or decode Base64 back to plaintext. Supports UTF-8 characters.
What is Base64?
Base64 is a binary-to-text encoding scheme that represents binary data in ASCII string format. It's commonly used in email (MIME), data URIs in web development, encoding credentials in HTTP Basic Authentication, and storing complex data in JSON/XML.
π URL Encoder / Decoder
Encode or decode URL components. Essential for web pentesting, XSS payload crafting, and API testing.
URL Encoding in Pentesting
URL encoding (percent-encoding) replaces unsafe ASCII characters with a "%" followed by two hex digits. Double encoding is a common technique to bypass WAF filters during security testing. Characters like < > " ' are frequently encoded in XSS and SQLi contexts.
π« JWT Decoder & Editor
Decode, inspect, and modify JSON Web Tokens β just like jwt.io. View header, payload, signature. Check creation date, expiration, and token duration.
What is a JWT?
JSON Web Tokens (JWT) are a compact, URL-safe means of representing claims between two parties. They consist of three parts: Header (algorithm and type), Payload (claims and data), and Signature (verification). JWTs are widely used in API authentication and are a common target in web application security testing.
JWT Pentesting Techniques
- alg:none attack β Set algorithm to "none" to bypass signature verification on misconfigured servers
- Secret brute-force β Weak HMAC secrets can be cracked with tools like jwt_tool or hashcat (mode 16500)
- Claim tampering β Modify role, sub, or other claims to escalate privileges
- Expiry manipulation β Extend or remove exp claim to create long-lived tokens
- Algorithm confusion β Switch RS256 to HS256 using the public key as HMAC secret
π Hash Identifier
Identify the type of a hash based on its length, character set, and format. Supports 15+ hash types.
Why Identify Hashes?
During penetration testing, you often encounter hashes that need to be cracked. Identifying the hash type is the first step to selecting the correct Hashcat mode or John the Ripper format. This tool analyzes length, character set, and common patterns to suggest likely hash types.
⬑ Hex β Text Converter
Convert text to hexadecimal and vice versa. Useful for shellcode, packet analysis, and reverse engineering.
π My IP Address
Quickly check your public IP address, location, ISP, and other network details.
π‘ Subnet Calculator
Calculate network address, broadcast, usable hosts, and subnet mask from CIDR notation.
β±οΈ Unix Timestamp Converter
Convert Unix timestamps to human-readable dates and vice versa. Shows current time in multiple formats.
π ROT13 / Caesar Cipher
Apply ROT13 or any Caesar cipher shift to text. Useful for CTF challenges and basic obfuscation.
π Dictionary Generator
Generate custom wordlists for password auditing. Use a base word, standalone generators, or combine everything. All processing is client-side.
sβ5 tβ7 gβ9 bβ8
netflix, Netflix, NETFLIX, nEtFlIx...
Chain: word + month + year
Chain: word + number + symbol
β οΈ Generates many more words
Custom Wordlist / Dictionary Generator
Generate targeted password dictionaries from base words. Apply mutations like leet speak (l33t), year/month appending, symbol injection, and case variations. Generate standalone number ranges, month lists, and more. Useful for authorized penetration testing, password auditing, and security assessments. Compatible with Hashcat, John the Ripper, and Hydra.
π DNS Record Viewer
Look up DNS records for any domain. Uses public DNS-over-HTTPS API β no server required.
Online DNS Lookup Tool
Query DNS records for any domain directly from your browser. Supports A, AAAA, MX, TXT, NS, CNAME, and SOA record types. Uses Cloudflare DNS-over-HTTPS for fast, private lookups. Useful for domain reconnaissance, email configuration verification, and DNS troubleshooting.
π Cheat Sheets & References
Quick-access security references for pentesters and red teamers. Click any item to copy.
Penetration Testing Cheat Sheets
Quick reference for common pentesting commands. Includes reverse shell one-liners, Nmap scan types, SQLMap commands, directory fuzzing with Ffuf, Linux and Windows privilege escalation techniques, file transfer methods, and MSFVenom payload generation. All commands are copyable with one click.