Skip to main content
That Computer Guy 26
Home Cameras & AI Software Red Team Sec Lab Tools 812-414-9097

Sec Lab · Interactive browser-native tools

Sec Lab.

Real, working security tools that run entirely in your browser. Password strength & crack-time, multi-algorithm hashing, JWT decoder, base64 codec, CVE lookup against the live CISA Known-Exploited-Vulnerabilities catalog, DNS check, subnet calculator, password generator, and an AI security companion. Nothing leaves your machine for the offline tools.

⚠ Authorization required. The DNS / CVE / AI tools call public services. The cryptographic, encoding, and password tools run 100% locally with the Web Crypto API — your input never leaves the browser. Use offensive techniques only against systems you own or have written authorization to test.

🔒 Password Strength & Crack-Time

Estimates entropy and time-to-crack at offline (10B/s) and online (100/s) attack rates. Detects dictionary words and patterns. 100% local.

# Multi-Hash Generator

Computes MD5, SHA-1, SHA-256, SHA-384, and SHA-512 of any text or file using the Web Crypto API. Local, no network.

B64 Base64 Encode / Decode

UTF-8 safe Base64 encoding and decoding for tokens, basic-auth headers, embedded blobs. Local-only.

JWT JSON Web Token Decoder

Decodes header + payload of a JWT without verification. Read-only — never re-signs tokens. Local-only.

🌐 URL / Domain Check

Looks up DNS records for a hostname via the TCG public DNS proxy. Catches typos, dangling subdomains, missing AAAA, etc.

CVE CVE Lookup · CISA KEV

Search the live CISA Known-Exploited-Vulnerabilities catalog by CVE id, vendor, or product. Loaded once on demand.

Password Breach Check

k-anonymity check against HaveIBeenPwned. Your password is SHA-1 hashed locally; only the first 5 hex chars leave the browser. The server proxies to HIBP's free range API and reports if your password appears in any known breach (and how many times).

i WHOIS Lookup (RDAP)

Domain registration metadata via RDAP (the modern JSON successor to WHOIS-43). Free, public, no key required. Returns registrar, registration/expiration dates, nameservers, status flags.

🔐 TLS Certificate Inspector

Connects to host:443 server-side via node:tls and walks the full cert chain — subject, issuer, SAN list, validity window, fingerprint, protocol + cipher. Reports authorization status (browser-equivalent trust check).

/24 Subnet / CIDR Calculator

IPv4 CIDR -> network, broadcast, usable host range, total addresses, and reverse-DNS prefix. Local arithmetic only.

🎲 Random Password Generator

Cryptographically random passwords using crypto.getRandomValues. Mix-and-match policies. Generates as many as you need.

UUID UUID v4 Generator

Cryptographically random UUIDs (RFC 4122 v4). Useful for API tokens, request ids, test fixtures.

%20 URL Encode / Decode

Percent-encoding for URLs, query strings, and path components. Local-only.

HDR HTTP Headers Analyzer

Fetches a URL via the TCG DNS proxy chain (CORS-permitting endpoints only) and grades security headers: HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy.

AI Security Companion

Ask cybersecurity questions in plain English. Backed by the TCG public AI endpoint with a security-focused system prompt. Use this for triage on suspicious links, CVE explanations, hardening advice, and incident-response playbooks. Do not paste credentials, PII, or proprietary data.

TCG Sec CompanionHi, I'm a cybersecurity assistant. Ask me about phishing, CVEs, hardening, incident response, or any practical security topic. I will not pretend to know things I don't — if I'm unsure I'll say so.