Hash Generator

Load a URL in headless Chromium via Playwright and stream every fetched resource with size and timing.

Check an IPv4 address against 49 major DNS blacklists (Spamhaus, SORBS, Barracuda, SpamCop, etc.).

Continuous traceroute with per-hop loss and RTT statistics.

Trace the path packets take to a destination host, hop by hop.

Ping many hosts in parallel and report which are alive.

Send ICMP echo requests and report RTT and packet loss.

Resolve a domain or IP to its city, country, ASN/org, and coordinates — with a map.

Convert IPv4 to/from IPv4-mapped IPv6 (::ffff:a.b.c.d).

Look up a MAC address's first 3 octets in the IEEE OUI vendor database (curated subset).

One-click domain scorecard — Blacklist, Mail Server, Web Server, and DNS checks graded Errors / Warnings / Passed, MXToolbox-style.

Consolidated MX, SPF, DMARC, and DKIM-selector lookup for an email domain.

Look up and validate a domain's SPF (Sender Policy Framework) TXT record.

Resolve a domain's MX hosts to IPs and check each against 49 IP blacklists plus the domain itself against 9 domain blacklists.

Connect to an SMTP server, capture its banner + EHLO capabilities, and test STARTTLS.

Probe which TLS protocol versions a server accepts and show the cipher each negotiates.

Full chain validation, OCSP stapling, SCT count, and per-TLS-version cipher matrix.

Polite TCP-connect port scan of a single public host (max 128 ports) with optional banner grab.

Scan a web server for known vulnerabilities, misconfigurations, and dangerous files.

Identify the TLS stack and version behind a server by probing its handshake behaviour.

Fetch a URL and grade its HTTP security headers — CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy, and more.

Verify whether a domain qualifies for and is listed on the HSTS preload list.

Parse and grade a Content-Security-Policy header, flagging unsafe directives and common bypass vectors.

Scan a WordPress site for vulnerable plugins, themes, weak passwords, and known CVEs.

Scan Drupal, SilverStripe, and Moodle installations for known vulnerabilities and misconfigurations.

Scan WordPress, Joomla, and Drupal sites for vulnerabilities, outdated components, and common misconfigurations.

Full dynamic application security testing (DAST) scanner — crawls and probes a web application for OWASP Top 10 vulnerabilities.

Scan a web application for XSS, SQL injection, file inclusion, XXE, and other common vulnerabilities.

Run community-maintained templates against a target to detect CVEs, exposed panels, misconfigurations, and default credentials.

Query the OCSP responder for a certificate and verify it has not been revoked.

Look up a domain's CAA DNS records to verify which Certificate Authorities are authorised to issue certificates for it.

Check for security.txt, apple-app-site-association, assetlinks.json, and other .well-known security and verification files.

Probe a web server for exposed admin panels, login pages, and sensitive paths — /wp-admin, /.env, /.git, /phpmyadmin, and similar.

Exhaustive TLS audit — protocol support, cipher suites, certificate chain, and 20+ known vulnerability checks (Heartbleed, ROBOT, POODLE, BEAST, and more).

Full DNS query with answer, authority, and additional sections.

Simple forward and reverse DNS lookups.

Concise single-line DNS lookups.

DNS lookups with DNSSEC validation status.

Look up domain registration, IP allocation, or ASN ownership.

Validate a domain's DNSSEC chain via a validating resolver; show DS / DNSKEY / RRSIG at every zone cut.

Find other domains hosted on the same IP via a passive-DNS provider (Hackertarget free tier).

IPv4 address (A record) lookup.

Mail exchanger (MX) record lookup.

Query A, AAAA, MX, NS, TXT, CAA, SOA in parallel.

Look up and parse a domain's DMARC TXT record at _dmarc.<domain>.

Look up a domain's DKIM TXT record(s) at <selector>._domainkey.<domain>.

Look up and parse a domain's SMTP TLS Reporting (TLS-RPT) record at _smtp._tls.<domain>.

Look up a domain's BIMI record at <selector>._bimi.<domain> and validate its logo (SVG) and VMC certificate.

Look up the _mta-sts TXT record and the HTTPS policy file, then cross-check the policy's mx patterns against the domain's real MX hosts.

Audit a domain's delegation: parent/child NS agreement, glue, per-nameserver reachability and authority, SOA serial convergence, and open recursion.

Check TCP port reachability; optionally send a payload and read the reply.

Inspect a server's TLS handshake: version, cipher, ALPN, full cert chain.

Probe a list of hostnames (max 16) for HTTP and HTTPS availability.

Send N HTTP HEAD requests to a URL and report min/median/mean/max/stddev latency. From this server's vantage.

Discover the path MTU to a host by sending increasingly large DF-bit pings (binary search).

Capture and filter live network traffic using BPF expressions.

Deep packet inspection and protocol dissection via Wireshark's CLI engine.

Capture raw packets to file using Wireshark's lightweight capture engine.

Capture live traffic and search packet payloads with regular expressions.

Zero-copy network capture optimised for high traffic volumes.

Break a CIDR into network, broadcast, mask, wildcard, and usable host range.

Verbose subnet calculator with address classification flags.

Look up the announcing ASN, covering prefix, country, and AS neighbours for a public IP via RIPEstat.

Generate router prefix-list and AS-path filters from IRR data.

Probe which TLS protocol versions a server accepts and show the cipher each negotiates.

Full chain validation, OCSP stapling, SCT count, and per-TLS-version cipher matrix.

Search Certificate Transparency logs for every SSL certificate ever issued to a domain — reveals subdomains, issuers, and historical issuance.

Exhaustive TLS audit — protocol support, cipher suites, certificate chain, and 20+ known vulnerability checks (Heartbleed, ROBOT, POODLE, BEAST, and more).

Query a public NTP server: stratum, offset, round-trip, ref-id, root delay/dispersion. Does not change the system clock.

Fetch a server's SSH version banner and host public keys (Ed25519, ECDSA, RSA) with fingerprints. No authentication.

Query a hostname against 34 public resolvers across multiple countries in parallel; reveals geo-DNS, anycast, and split-horizon behavior.

Sustained-load DNS performance benchmarking tool.

Ramps DNS query rate until a resolver loses packets.

Negotiate HTTP/2 via ALPN and decode the server's SETTINGS frame (window size, max streams, etc.).

Send a WebSocket Upgrade handshake and verify the Sec-WebSocket-Accept response, subprotocols, and extensions.

Benchmark HTTP/2 server performance — measure requests per second, latency distribution, and concurrent stream throughput under sustained load.

Convert UTF-8 text to a hex string, or parse a hex string back to text (separators :/.- ignored).

Convert UTF-8 text to 8-bit binary, or parse a binary string back to text.

Apply the ROT13 letter-shift cipher (involutive — run twice to get the original).

Convert text between common casings: UPPER, lower, Title, snake_case, kebab-case, camelCase.

Reverse the characters of a string.

Convert a number between decimal, binary, octal, and hexadecimal representations.

Convert between Unix epoch seconds and ISO/RFC datetime formats (UTC).

Convert between dotted IPv4 notation, 32-bit decimal, hex, and dotted binary.

Decode a JWT into its header and payload (no signature verification — that needs the signing key).

Compute an HMAC of a message using a shared key and a chosen hash algorithm.

Generate one or more random UUID v4 strings.

Generate a cryptographically random password from selectable character classes (uses Python's `secrets`).

Generate placeholder text — N paragraphs of K random Lorem Ipsum words each.