Decode, build, verify, and attack JWTs. HS256 signature verification, none-algorithm attacks, JWKS injection templates, and standard claim tooltips. All client-side.
Encoder / Decoder
Encode and decode with 11 formats plus auto-detect magic mode.
Hash Generator
Hash text or files with MD5, SHA-1/256/384/512, and HMAC.
OAuth / OIDC Attack Wizard
Test OAuth 2.0 and OIDC for redirect_uri bypass and more.
What Is This?
Auto-identify unknown data blobs with confidence scores.