╔══════════════════════════════════════════════════════════════════════╗
║ ███████╗███████╗ ██████╗████████╗ ██████╗ ██████╗ ██╗ ███████╗ ║
║ ██╔════╝██╔════╝██╔════╝╚══██╔══╝██╔═══██╗██╔═══██╗██║ ██╔════╝ ║
║ ███████╗█████╗ ██║ ██║ ██║ ██║██║ ██║██║ ███████╗ ║
║ ╚════██║██╔══╝ ██║ ██║ ██║ ██║██║ ██║██║ ╚════██║ ║
║ ███████║███████╗╚██████╗ ██║ ╚██████╔╝╚██████╔╝███████╗███████║ ║
║ ╚══════╝╚══════╝ ╚═════╝ ╚═╝ ╚═════╝ ╚═════╝ ╚══════╝╚══════╝ ║
╚══════════════════════════════════════════════════════════════════════╝
> Application & Product Security Testing Arsenal_
Decode, encode, and analyze various encoding formats commonly used in security testing. Supports Base64, Hex, URL encoding, HTML entities, Unicode, ROT13, and more. Includes auto-detection and multi-stage decoding.
A tool that calculates the digest from different hash, and signature algorithms.
Decode and validate JWTs, check for security vulnerabilities and best practices
Analyze password strength and check against Have I Been Pwned breach database
Scan source code for common vulnerabilities (SQLi, XSS, IDOR, JWT issues, etc.)
Scan code, configuration files, and repositories for accidentally committed secrets, API keys, passwords, tokens, and other sensitive data that should not be in version control.
Validate XML and JSON content, test for XXE (XML External Entity) vulnerabilities, JSON injection risks, schema poisoning, and other parsing-related security issues.
Test web applications for CORS (Cross-Origin Resource Sharing) misconfigurations that could lead to cross-origin attacks and data theft.
Analyze HTTP response headers for security misconfigurations and missing security controls. Tests for CSP, HSTS, X-Frame-Options, and other critical security headers.
Test websites for SSL/TLS security, certificate validity, and protocol vulnerabilities
Discover subdomains for a given domain using DNS queries, common subdomain wordlist, and various enumeration techniques. Useful for reconnaissance phase of security testing.