Decode, build, verify, and attack JWTs. HS256 signature verification, none-algorithm attacks, JWKS injection templates, and standard claim tooltips. All client-side.
Encoder / Decoder
Encode and decode with 11 formats plus auto-detect magic mode.
Hash Generator
Hash text or files with MD5, SHA-1/256/384/512, and HMAC.
OAuth / OIDC Attack Wizard
Test OAuth 2.0 and OIDC for redirect_uri bypass and more.
SAML Security Analyzer
Decode SAML and test XSW, signature stripping, and Golden SAML.
Companion generator
JWT Payloads Generator