Loading
Preparing the page...
Loading
Preparing the page...
Cybersecurity tools
Explore safe, browser-based tools to practice security fundamentals without touching live systems.
Scan API endpoints for common security issues including authentication, injection, and misconfiguration.
Inspect X.509 PEM certificates with basic format validation and SHA-256 fingerprinting.
Map a security control to NIST CSF, ISO 27001, or CIS Controls. Use it to plan evidence and spot gaps.
Analyse browser cookies for security attributes including Secure, HttpOnly, SameSite, and expiry settings.
Analyse CVE vulnerabilities with CVSS scoring, affected products, and remediation guidance.
Inspect DMARC at _dmarc and SPF at the root of a domain. You can also check a DKIM selector if you provide one.
Perform DNS lookups and review security relevant configuration. Checks SPF and DMARC, with an optional DKIM selector check. Reports DNSSEC signals where available.
Educational tool for understanding entropy, hash functions, and cryptographic randomness.
Create blameless post-mortem documents with timeline reconstruction, root cause analysis, and action tracking.
Scan infrastructure configurations for security issues and misconfigurations. Supports common cloud patterns.
Redact sensitive data from log files including PII, API keys, and credentials. Process locally for privacy.
Analyse password strength with entropy calculation, pattern detection, and time-to-crack estimation. Educational tool for understanding password security.
Generate secure passwords with customisable length, character sets, and entropy calculation. Includes strength assessment and time-to-crack estimates.
Create and manage risk registers with likelihood/impact matrices, control mapping, and export capabilities.
Educational RSA encryption/decryption tool. Generate key pairs, encrypt messages, and understand public-key cryptography.
Analyse HTTP security headers including CSP, HSTS, X-Frame-Options, and more. Get recommendations for improving web security.
Generate comprehensive threat models with STRIDE methodology, attack trees, and mitigation recommendations.
Quick STRIDE-based threat identification for systems and applications. Generate threat lists and control recommendations.
Look up domain registration details using RDAP, the modern replacement for WHOIS. View registrar, key dates, status flags, and nameservers.
Safety note
These tools are designed for safe, local analysis. Avoid using them for live scanning without permission.