A complete Arsenal of 24+ tools for reconnaissance, vulnerability analysis, code security, and threat simulation. Browser-based utilities and Python frameworks for security researchers, pentesters, and defenders.
25 browser-based security tools and Python CLI utilities — covering recon, web security, cryptography, and a full security lab with Python dashboards. Built for researchers, pentesters, and defenders.
A tool to generate vulnerable code snippets for testing and training purposes. Also includes dorking, CVE database, and wordlists.
includes: Vulnerable code generation, Google dork builder, CVE/NVD lookup, OWASP Top 10 guide, payload generators, wordlists
Domain WHOIS lookup and IP geolocation in one tool. Returns registrar info, name servers, ASN, abuse contacts, and geographic data.
includes: WHOIS lookup, IP geolocation, ASN resolution, DNS records, abuse contact lookup
Drag-and-drop EXIF and metadata extractor. Reads embedded GPS coordinates, camera model, software stamps, and authorship data from images and documents.
includes: EXIF extraction, GPS coordinate reveal, camera model, software stamp, timestamps — browser-side only
JavaScript file analyzer for bug bounty recon. Extracts hidden endpoints, API keys, hardcoded credentials, and secrets from client-side JS files.
includes: Endpoint extraction, API key regex, secret detection, source map analysis, inline credential scanner
TCP connect scanner with banner grabbing, subdomain enumeration against a 20-entry wordlist, OS fingerprinting, and high-risk port flagging. Generates JSON and HTML risk reports.
includes: ThreadPoolExecutor scanner, 31-entry service map, subdomain brute-force, JSON + HTML report generator — Python CLI + dashboard
Multi-format payload encoder and decoder. Base64, URL, HTML entities, Hex, and Unicode escape — all in one offline-ready utility.
includes: Base64, URL, HTML entity, Hex, Unicode escape — bidirectional, offline, client-side
Decode, inspect, and analyze JSON Web Tokens. Flags algorithm misconfigurations, weak signing secrets, expiry issues, and common authentication bypass vectors.
includes: JWT decode, algorithm check (alg:none), expiry analysis, claim inspector, vulnerability flag list
Context-aware XSS payload library organized by injection context. Covers HTML, attribute, JavaScript, and URL contexts with WAF bypass and polyglot variants.
includes: Basic, HTML, attribute, JS-context, URL, bypass, event-handler, and polyglot payloads
Parse and audit HTTP cookies for security misconfigurations. Flags missing Secure, HttpOnly, and SameSite attributes with severity ratings.
includes: Cookie parser, Secure/HttpOnly/SameSite flag checker, domain scope analysis, expiry inspection
Generate MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes from text or dropped files. Also identifies unknown hash types by length and format pattern.
includes: MD5/SHA-1/SHA-256/SHA-384/SHA-512, file hashing via FileReader, hash type identifier
Browser-side AES encryption and decryption via the SubtleCrypto API. Supports CBC and GCM modes with configurable key sizes and automatic IV management.
includes: AES-128/192/256, CBC and GCM modes, SubtleCrypto API, key generation, IV management — no data leaves the browser
Classic and historical cipher suite with a tabbed interface. ROT13, Caesar, Vigenère, Atbash, and Morse Code — encode and decode fully client-side.
includes: ROT13, Caesar cipher (configurable shift), Vigenère, Atbash, Morse Code — bidirectional
Password entropy analyzer with offline crack-time estimation. Scores character class diversity, detects common patterns, and estimates offline attack cost — no data leaves the browser.
includes: Entropy bits, character class scoring, common pattern detection, offline crack-time estimate
Structured web application security testing workflow reference. Documents methodology phases from recon through exploitation and reporting.
includes: Recon phase checklist, scanning methodology, exploitation reference, reporting templates