Keyword search across the Online Cyber Tools catalogue. Returns up to 25 ranked matches with their URL, API URL, description, and category.

Fetch the full Online Cyber Tools page guidance for a tool. Accepts a menu ID such as ping or an MCP tool name such as network_ping.

File a bug report against one of the tools. Use this only when you have concrete reproduction details — endpoint is hard-rate-limited.

Numeric Base / Radix Converter (Base 2-36). Convert a number from one positional numeral base to another between base 2 and base 36 (binary, octal, decimal, hexadecimal, or any arbitrary radix), with full step-by-step working. This does NUMERIC base/radix math on a single number token; for converting character-string encodings (ASCII text to/from binary, hex, decimal, or octal) use conversion_number_base instead. Input digits 0-9 and A-Z are case-insensitive and must be valid for from_base (for example base 2 allows only 0-1). Runs locally on the value you provide: read-only, non-destructive, contacts no external service, and is rate-limited (60 requests/minute for anonymous callers). Returns the converted output, the decimal value, per-digit conversion steps, base metadata, and common-base representations.

BCD Converter (Binary-Coded Decimal). Convert a decimal number to 8421 Binary-Coded Decimal (BCD), or decode BCD nibbles back to a decimal number. In BCD each decimal digit 0-9 is encoded independently as its own 4-bit group, so 25 becomes 0010 0101 rather than the pure-binary 11001. Only the standard 8421 weighting is supported (no excess-3 or 2421 variants). Use conversion_binary_decimal for whole-number pure base-2/decimal conversion, conversion_gray_code for reflected binary, or conversion_parity_bit for error-detection bits. Runs locally on the value you provide: read-only, non-destructive, offline, and rate-limited (60 requests/min anonymous). Returns the converted string, the echoed input/mode/formats, and a per-digit breakdown.

Binary And Decimal Number Converter. Convert a single number between binary (base 2) and decimal (base 10) in either direction, with unsigned or signed (two's-complement) interpretation across an 8/16/32/64-bit width and optional fractional (radix-point) support. Use this when you need bit-level detail for one number — a positional bit breakdown and two's-complement handling at a fixed width. Use conversion_base_converter instead to convert one integer between arbitrary radixes 2-36, conversion_number_base to map a string of byte values across ASCII/binary/hex/decimal/octal, and conversion_decimal_hex for decimal-hex conversions. Runs locally via the shared logic runner: read-only, non-destructive, offline, no auth, default rate limit. Returns the converted string plus the echoed settings and, for binary-to-decimal, a per-bit breakdown.

Braille Converter (Grade 1 & 2). Convert text to and from Unicode Braille patterns (U+2800-U+28FF), in either uncontracted Grade 1 (letter-by-letter) or contracted Grade 2 (word/letter-group contractions). Use it to preview how labels, signage, or short copy render in braille cells, or to read back braille into Latin text; it is a preview/education aid, not a certified textbook/Nemeth/music transcription engine. Runs locally on the supplied text: read-only, non-destructive, contacts no external service, and is rate-limited. Returns the braille (or decoded text) string, the ASCII-braille form, per-conversion analysis stats, and reference braille_info for the chosen grade.

Color Code Converter. Convert a single color string between HEX, RGB, HSL, and HSV, returning all four representations at once plus normalized channel values. Accepts hex (#RGB or #RRGGBB), rgb()/comma-triple, hsl(), hsv(), and 140+ CSS color names; the inputFormat argument names the expected source notation but a CSS color name is always tried as a fallback. Use webdev_hex_color instead when you want richer single-color analysis (CMYK, harmony palettes, WCAG contrast), or webdev_color_palette when you only want harmony schemes. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited (60 requests/min anonymous). Returns the color formatted as HEX, short HEX, RGB, HSL, and HSV strings, a preview hex, and r/g/b, h/s/l, h/sv/v, and brightness values.

Decimal And Hexadecimal Number Converter. Convert one whole number between decimal (base 10) and hexadecimal (base 16) in either direction, with unsigned or signed (two's-complement) interpretation at an 8/16/32/64-bit width and optional hex formatting (0x prefix, upper/lowercase, zero-padding). Use this when you need decimal-hex specifically with a step-by-step breakdown and fixed-width signed handling. Use conversion_binary_decimal for base-2 conversion, conversion_base_converter to convert an integer between arbitrary radixes 2-36, conversion_number_base to map a string of byte values across ASCII/binary/hex/decimal/octal, conversion_hex_ascii to turn hex into ASCII text, and conversion_bcd for binary-coded decimal. Runs locally via the shared logic runner: read-only, non-destructive, offline, no auth, default rate limit (60 requests/minute for anonymous callers). Returns the converted value plus the echoed settings and a per-step conversion breakdown.

Emoji Unicode And Shortcode Lookup. Look up emoji by glyph, name, keyword, category, or Unicode code point and return Unicode metadata (code point, hex U+ form, decimal, UTF-8 bytes) plus HTML entities. Use this when you have one search term and want full Unicode/HTML detail for matching emoji; use conversion/emoji/random instead to sample random emoji without a query, and encoding/unicode or encoding/html-entities for escaping arbitrary text rather than looking up emoji. Pure client-style compute over a built-in ~170-emoji database (no network, no external API); read-only and non-destructive. Rate limited to 60 requests per minute for anonymous callers.

Gray Code Converter (Reflected Binary). Convert a binary number to Gray code (reflected binary code) or a Gray code back to plain binary, using XOR between adjacent bits. Gray code is an ordering where only one bit changes between consecutive values, which minimizes errors in rotary encoders, analog-to-digital conversion, and Karnaugh maps. Use conversion_binary_decimal for plain base-2/decimal conversion or conversion_bcd for binary-coded decimal. Runs locally on the bit string you provide: read-only, non-destructive, offline, and rate-limited (60 requests/min anonymous). Returns the converted bit string, its decimal value, the Gray decimal value, an explanation, step-by-step XOR working, and bit properties.

Hamming Code Encoder and Decoder. Encode binary data into a Hamming error-correcting codeword or decode a codeword to detect and correct a single-bit error. In encode mode it inserts parity bits at power-of-two positions; in decode mode it computes the syndrome to locate and flip one flipped bit (Hamming distance 3: corrects 1-bit errors, detects up to 2-bit errors). Use it for error-correction coding demos and parity analysis; use conversion_parity_bit for a single even/odd parity bit, or conversion_gray_code for reflected-binary encoding. Runs locally on the bit string you provide: read-only, non-destructive, offline, and rate-limited (60 requests/min anonymous). Returns the codeword or recovered data bits plus the syndrome, error position, corrected codeword, and step-by-step working.

IEEE 754 Floating-Point Converter. Decompose a decimal number into its IEEE 754 binary floating-point bits (sign, exponent, mantissa) at single (32-bit) or double (64-bit) precision, or reverse a binary/hex bit string back to its decimal value. Set mode to decimal-to-ieee754 or ieee754-to-decimal, precision to single or double, and (when decoding) inputFormat to binary or hex. Use this when you need the exact stored bit layout, the biased/actual exponent, or special-case detection (Zero, Subnormal, Infinity, NaN); use conversion_base_converter for plain integer radix conversion or conversion_binary_decimal for signed/unsigned integers. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited (60 requests/minute for anonymous callers). Returns the converted output plus a full bit breakdown.

Morse Code Encoder And Decoder. Encode plain text to International Morse Code or decode Morse back to text. Encoding upper-cases input and maps A-Z, 0-9 and common punctuation to dot/dash patterns, joining letters with a single space and words with a slash; unsupported characters become the Morse for a question mark. Decoding splits on the slash for words and spaces for letters and emits a question mark for any unrecognised symbol. Use this for dot-dash signalling; use conversion_braille for tactile braille cells and encoding_decoding_baconian for the A/B Baconian cipher. Runs locally on the supplied text: read-only, non-destructive, offline, no auth, default rate limit. Returns the converted string plus an analysis block (symbol/character counts, ratios) and reference morse_info.

ASCII / Binary / Hex / Decimal / Octal Converter. Convert a string of values between five textual encodings — ASCII text, binary, hexadecimal, decimal, and octal — treating the input as a sequence of byte/codepoint values rather than a single number. Use this when you need to move character data across base representations (e.g. binary "01001000" to ASCII "H"); use conversion_base_converter instead to convert one integer between arbitrary radixes 2-36, conversion_binary_decimal for signed/unsigned binary-decimal with a bit width, and conversion_decimal_hex for decimal-hex with two's-complement options. Runs locally on the supplied text: read-only, non-destructive, offline, no auth, default rate limit. Returns the converted string plus an analysis block (lengths, value range, encoding efficiency).

Octal And Text Converter. Convert text to space- or newline-separated octal (base-8) byte values, or decode such octal values back to text, with ASCII or UTF-8 byte handling. Use this for octal specifically (e.g. reading C/assembly octal escapes or Unix-style byte dumps); for general radix math between bases 2-36 use conversion_number_base or conversion_base_converter, for hexadecimal text use encoding_decoding_hex_ascii, for binary text use encoding_decoding_binary_text, and for parsing numeric strings use conversion_string_number. Runs locally via a Node bridge on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited (60 requests/minute for anonymous callers). Invalid octal digits (outside 0-7), values above 255, or malformed UTF-8 byte sequences return an error. Returns the converted string plus a per-byte breakdown.

Parity Bit Calculator. Compute or verify a single parity bit for a binary string to support error DETECTION (not correction). In add mode it counts the 1 bits, derives the parity bit for the chosen scheme (even, odd, mark, or space), and appends it to form the codeword; in check mode it splits off the trailing bit, recomputes the expected parity from the leading data bits, and reports whether an error was detected. Parity catches only odd numbers of flipped bits and cannot locate or fix them — use conversion_hamming_code for single-bit correction or conversion_gray_code for transition-error-resistant encoding. Runs locally on the bit string you provide: read-only, non-destructive, offline, and rate-limited (60 requests/min anonymous). Returns the parity bit, the full codeword (add mode), the error-detected flag (check mode), step-by-step working, an explanation, and parity-scheme properties.

Roman Numerals Converter. Convert an integer to a Roman numeral or parse a Roman numeral back to an integer, over the standard 1-3999 range (largest value MMMCMXCIX). Set direction to to_roman or to_arabic, or leave it auto to detect from the input (letters I V X L C D M parse as Roman; digits parse as a number). Validates subtractive notation and rejects out-of-range or malformed input with an error. Use conversion_number_base or conversion_base_converter instead for binary/octal/hex radix conversion. Runs locally: read-only, non-destructive, offline, and rate-limited. Returns the converted value plus conversion steps, a character breakdown, historical facts, and alternative representations (binary, octal, hex, words, ordinal).

String / Number Format Converter. Convert text between six representations of the same underlying numeric values: string (each character as its Unicode code point), integer, float, scientific notation, English number words (zero-twenty, tens, hundred, thousand, million), and Roman numerals. Parsing string reads each character code point; the other types read space/comma/newline-separated tokens. Use this to map characters to/from code points or to reformat a list of numbers; use conversion_roman_numerals for a dedicated Roman converter, and conversion_number_base for ASCII/binary/hex/octal byte encodings. Runs locally on the supplied text: read-only, non-destructive, offline, no auth, default rate limit. Returns the converted string, an analysis block, and reference info for the target format.

Unix Timestamp Converter. Convert a Unix epoch timestamp to a human-readable date, or parse a date string back to a Unix timestamp, with full UTC and local-time breakdowns. Auto-detects the input format: 10-digit Unix seconds, 13-digit Unix milliseconds, ISO 8601, or any parseable date string. Unlike time_iso_8601_formatter (which only parses and formats ISO 8601 / RFC 3339 strings) or time_date_difference (which measures spans between two dates), this tool centres on a single instant and emits every common representation of it at once. Requires a non-empty input; it does not fall back to the current time. Runs locally on the value you provide: read-only, non-destructive, contacts no external service, and is rate-limited (60 requests/minute for anonymous callers). Returns the detected format plus Unix seconds, milliseconds, ISO 8601, UTC, local strings, and a calendar analysis (weekday, day/week of year, quarter, leap-year flag, days in month, timezone offset, and a now-relative phrase that varies between cal

Generate Argon2 Password Hash. Hash a plaintext password with the Argon2 memory-hard KDF, returning a self-describing PHC-encoded hash plus the parsed parameters and salt. A fresh random salt is generated on every call, so the same input yields a different hash each time (non-idempotent). Use this to create a new hash; use crypto_argon2_verify to check a password against an existing one. Argon2 is the recommended modern KDF — prefer it over crypto_bcrypt (no memory hardness), crypto_scrypt, and the legacy crypto_pbkdf2. Runs server-side on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited (5 requests/min, 30/hour, 100/day for anonymous callers; CAPTCHA may trigger above 20/hour). Returns the encoded hash, the variant, the m/t/p cost options, and the salt/length parsed back out.

Argon2 Hash Verifier. Check whether a plaintext password matches an existing Argon2 hash using PHP's password_verify, which reads the variant, version, and m/t/p parameters from the encoded hash itself. Use this to verify a candidate password; use crypto_argon2 instead to generate a new hash. Runs server-side on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited (5 requests/min, 30/hour, 100/day for anonymous callers; CAPTCHA may trigger above 20/hour). Returns whether the password matched plus the parameters parsed from the hash.

Bcrypt Password Hasher. Hash a plaintext password with bcrypt at a chosen cost factor, generating a fresh random salt on every call. Use this to create a new stored password hash; use crypto_bcrypt_verify instead to check a password against an existing hash, and crypto_argon2 / crypto_scrypt / crypto_pbkdf2 for the other adaptive/memory-hard password KDFs. Runs locally with PHP password_hash on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited (5 requests/minute for anonymous callers). Because a new salt is drawn each call, the same password yields a different hash each time. Returns the bcrypt hash string plus the cost, salt, parsed format breakdown, and a strength analysis of the chosen cost factor.

Bcrypt Password Verifier. Check whether a plaintext password matches an existing bcrypt hash, using the cost and salt that bcrypt encodes inside the $2a$/$2b$/$2x$/$2y$ hash string. Use this to verify a candidate password against a stored hash; use crypto_bcrypt instead to generate a new hash. Runs locally with PHP password_verify on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited (5 requests/minute for anonymous callers). Returns whether the password matched, the cost/salt/version parsed from the hash, and a strength analysis of that cost factor.

BLAKE2 Hash Generator. Compute a BLAKE2b or BLAKE2s digest of a text string, with an optional keyed (HMAC-style) mode and a choice of eight output lengths (BLAKE2b-512/384/256/160, BLAKE2s-256/224/160/128). Use crypto_blake3 for the faster XOF-capable successor, crypto_hash for MD5/SHA-1/SHA-256/SHA-512, crypto_sha3 for SHA-3/Keccak, crypto_whirlpool for Whirlpool, or crypto_ripemd for RIPEMD; reach for BLAKE2 when you want an RFC 7693 digest faster than SHA-2 at SHA-3-level security, or a keyed MAC (used by Zcash, Nano, argon2). Runs locally on the input you provide: read-only, non-destructive, deterministic (keyed mode is deterministic too), contacts no external service, and is rate-limited (5 requests/minute for anonymous callers). Returns the digest as lowercase hex plus uppercase hex, with the resolved variant, algorithm, encoding, byte length, bit count, and keyed flag.

BLAKE3 Hash Generator. Compute a BLAKE3 hash of a text string with configurable output length (1-1024 bytes, default 32), in plain-hash, keyed-MAC, or context key-derivation mode. Use crypto_hash instead for MD5/SHA-1/ SHA-256/SHA-512, crypto_sha3 for SHA-3, or crypto_keccak for the pre-standard Keccak used in Ethereum; reach for BLAKE3 when you want the fastest modern hash, an extendable (XOF) digest, a 32-byte keyed MAC, or KDF output from a context string. Runs locally on the input you provide: read-only, non-destructive, deterministic (no random salt), contacts no external service, and is rate-limited (5 requests/min anonymous). Returns the digest as lowercase hex, uppercase hex, and base64, plus the resolved mode, encoding, length, and bit count.

Checksum Calculator (CRC, Adler, Fletcher, FNV). Compute one or more non-cryptographic checksums and hashes over a UTF-8 text string for data-integrity and error-detection checks. Supports CRC32, CRC32B, CRC-16, Adler-32, Fletcher-16/32, FNV-1/FNV-1a (32 and 64-bit), Jenkins one-at-a-time, plus MD5/SHA-1/ SHA-256/SHA-384/SHA-512. Use it when you need fast verification or legacy checksums; use crypto_hash for cryptographic file/text digests, or crypto_hash_identifier to detect an unknown hash's algorithm. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited. Returns a map of algorithm-id to checksum string, the byte length of the input, the algorithms that produced output, and the output format used.

Cryptographic Hash Generator (MD5, SHA, CRC32, Adler32). Compute one or more hash digests of a UTF-8 text string in a single call. Supports MD5, SHA-1, SHA-256, SHA-512 cryptographic hashes plus CRC32 and Adler32 checksums, returned as a lowercase or uppercase hex string per algorithm. Use crypto_hash for general text digests; use crypto_checksum for the wider non-cryptographic checksum set (Fletcher, FNV, CRC variants), crypto_hmac for keyed message authentication, or crypto_hash_identifier to detect an unknown hash's algorithm. Runs locally on the input you provide: deterministic, read-only, non-destructive, contacts no external service, and is rate-limited. Returns a map of algorithm id to hex digest, the algorithms that produced output, the output format, and the input byte length.

Hash cracker (dictionary attack). Recover the plaintext behind a password hash by testing it against a wordlist — a supplied dictionary and/or a built-in common-password list. Use it to audit weak hashes; run crypto_hash_identifier first if the algorithm is unknown, and crypto_password_strength to score a password you already have. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited. Returns whether a match was found, the recovered password, the detected hash type, the number of attempts, and the elapsed seconds.

Hash Type Identifier. Identify which hash algorithm most likely produced a digest by analysing its length, character set, and structural pattern (MD5, SHA-1, SHA-256/384/512, SHA-3, NTLM, LM, bcrypt, Argon2, scrypt, PBKDF2, Unix crypt, MySQL, PostgreSQL, LDAP, CRC, and more). Use this when you have a hash and do not know its type. It does not crack, reverse, or look up the hash anywhere: it only classifies the string. After identifying the type, use crypto_hash_cracker to attempt plaintext recovery via a wordlist, or crypto_hash to generate a fresh hash of known input. Runs locally on the value you provide: read-only, non-destructive, contacts no external service, idempotent, and rate-limited (60 requests per minute for anonymous callers). Returns the ranked candidate algorithms with confidence scores, the most likely match, the cleaned hash, its length, and a character set analysis.

HMAC Generator (Keyed Hash). Compute an HMAC over a message using a secret key, authenticating both the content and its origin. Supports MD5, SHA-1, SHA-2 (sha224/256/384/512), SHA-3 (sha3-224/256/384/512), and RIPEMD-160; the key is read as text, hex, or base64 and the digest is returned as hex, base64, base64url, or 0x-prefixed binary. Use this when a shared secret must be involved (signing webhooks, API requests, JWT HS* signatures); use crypto_hash instead for an unkeyed digest with no secret. Runs locally on the input you provide and is rate-limited; the message and key are processed in-memory, never persisted, and never written to logs. Returns the HMAC plus hex/base64/base64url renderings and its bit length.

Keccak Hash Generator. Compute an original Keccak digest (Keccak-224/256/384/512) of a text, hex, or base64 input and return it as lowercase hex. This is the pre-NIST Keccak that uses 0x01 padding, so its output differs from final SHA-3 (0x06 padding) at every bit length; Keccak-256 is the function Ethereum uses for addresses and transaction hashing. Use crypto_sha3_generator instead when you need the NIST-standardized SHA-3, and reach for this tool when you specifically need Ethereum/blockchain-compatible Keccak. Runs locally on the input you provide: read-only, non-destructive, deterministic (no random salt), contacts no external service, and is rate-limited (30 requests/min anonymous). Returns the digest as hex plus the variant, output size, security level, and explanatory notes on the Keccak-vs-SHA3 difference.

MySQL Password Hash Generator. Generate the server-side password hash MySQL stores in mysql.user.authentication_string for a given plaintext, across MySQL versions. Use it to build CREATE USER / SET PASSWORD statements or seed test fixtures; use crypto_postgresql_password_generator for PostgreSQL (md5/SCRAM) hashes instead, and crypto_password_generator to invent a new random plaintext rather than hash one. Runs locally on the input you provide: read-only, non-destructive, contacts no database or external service, and is rate-limited (30 requests/min anonymous). SHA1-based formats (mysql41/5/55/56/57) are deterministic; the mysql80/mysql8 caching_sha2_password format uses a fresh random salt, so its hash differs on every call. Returns the hash plus its version label, algorithm, format, and (for 8.0) salt and iterations.

NTLM and LM Hash Generator. Compute the Windows NTLM (NT) hash and optionally the legacy LM (LAN Manager) hash of a password, for Active Directory labs, pass-the-hash testing, and credential-cracking setup. NTLM is MD4 of the UTF-16LE password; LM upper-cases and 14-byte-pads the password, then DES-encrypts the constant "KGS!@#$%" per 7-byte half. This generates hashes from a known password; to recognise an unknown hash string's type instead use crypto_hash_id, and to recover the password behind a hash use crypto_hash_cracker. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited (30 requests/minute for anonymous callers). Returns the requested hashes plus password length, unicode flag, a complexity score, and security warnings.

Random Password Generator. Generate one or more cryptographically random passwords from configurable character classes (lowercase, uppercase, digits, symbols) with options for a custom charset, excluding look-alike or ambiguous characters, no repeated characters, and a pronounceable mode. Use this for dense mixed-character passwords; use crypto_password_generator_passphrase for memorable word-based passphrases or crypto_password_generator_pin for numeric-only codes. Randomness comes from crypto.getRandomValues. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited (30 requests/min, 200/hour, 1000/day for anonymous callers). Returns each password with its length and estimated entropy in bits, the normalized options actually applied, and the character set used.

Diceware Passphrase Generator. Generate one or more memorable diceware-style passphrases by joining randomly-chosen dictionary words with a separator. Use this for human-typable word passphrases; use crypto_password_generator for dense mixed-character passwords or crypto_password_generator_pin for numeric-only codes. Words are picked with crypto.getRandomValues. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited (30 requests/min, 200/hour, 1000/day for anonymous callers). Returns each passphrase with its component words, character length, and word count, plus the normalized options actually applied.

Random PIN Generator. Generate one or more cryptographically random numeric PINs (digits 0-9 only). Use this for numeric-only codes such as device or card PINs; use crypto_password_generator for mixed-character passwords or crypto_password_generator_passphrase for word-based passphrases. Randomness comes from crypto.getRandomValues. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited (30 requests/min, 200/hour, 1000/day for anonymous callers). Returns the generated PINs with each PIN's length and the normalized options actually applied.

Password Strength Checker. Score the strength of one password — returns a 0-100 score, a strength label, Shannon entropy in bits, an estimated offline crack time, and actionable feedback plus the character-class breakdown. Use it for a single password; use crypto_password_strength_bulk to score many at once. Optionally pass a username and context words so reuse of those terms is penalised. Analysis is local, deterministic compute on the input you provide: read-only, non-destructive, never stored, and the password is never logged. Rate-limited (30 requests/min anonymous).

Bulk Password Strength Checker. Score many passwords in one call — returns one analysis per input password, each with a 0-100 score, a strength label, Shannon entropy in bits, an estimated offline crack time, actionable feedback, and the character-class breakdown. Use it to audit a list at once; use crypto_password_strength for a single password (it also accepts a username and context words). Analysis is local, deterministic compute on the inputs you provide: read-only, non-destructive, never stored, and the passwords are never logged. Rate-limited (30 requests/min anonymous).

PBKDF2 Hash Generator. Derive a PBKDF2 password hash from a plaintext password using a chosen HMAC digest, iteration count, and key length, returning the derived key plus a self-describing encoded hash. Use this to create a new hash; use crypto_pbkdf2_verify to check a password against one. PBKDF2 is the legacy/FIPS-friendly KDF — prefer crypto_argon2 (memory-hard) or crypto_bcrypt for new password storage, and crypto_scrypt for memory-hard derivation. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, rate-limited (5 requests/min anonymous). When no salt is supplied a random 16-byte salt is generated, so output is non-deterministic. Returns the derived key (hex and base64), a passlib-style $pbkdf2-... string, the salt, the resolved parameters, and a strength analysis.

PBKDF2 Hash Verifier. Check whether a plaintext password matches an existing PBKDF2 hash, recomputing the derivation from the digest algorithm, iteration count, key length, and salt encoded in the hash string. Use this to verify a candidate password; use crypto_pbkdf2 instead to generate a new hash. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited (5 requests/min for anonymous callers). Returns whether the password matched, the parameters parsed from the hash, and a strength analysis of those parameters.

PostgreSQL Password Hash Generator. Hash a plaintext password into the credential format a PostgreSQL server stores for a role, across PostgreSQL versions. Use it to build CREATE ROLE / ALTER ROLE statements, populate pg_hba.conf or test fixtures; use crypto_mysql_password_generator for MySQL hashes instead, and crypto_password_generator to invent a new random plaintext rather than hash one. Runs locally on the input you provide: read-only, non-destructive, contacts no database or external service, and is rate-limited (30 requests/min anonymous). The md5 format is deterministic; scram_sha256 and crypt use a fresh random salt, so their hash differs on every call. Returns the hash plus its version label, algorithm, format, and (where applicable) salt, iterations, and a plaintext-insecurity warning.

RIPEMD Hash Generator. Compute RIPEMD message digests of a UTF-8 text string, returning one digest per requested variant (RIPEMD-128/160/256/320). Use crypto_hash instead for MD5/SHA-1/ SHA-256/SHA-512, or crypto_sha3 for SHA-3/Keccak; RIPEMD-160 is the variant used in Bitcoin/altcoin address derivation. Runs locally on the input you provide: read-only, non-destructive, deterministic, contacts no external service, and is rate-limited (30 requests/min anonymous). Returns a hashes map keyed by variant, each with the digest in the chosen output format plus hex/base64/base64url renderings and the bit length.

Scrypt Password Hash Generator. Generate a memory-hard scrypt password hash and key derivation from a password and tunable cost parameters (N, r, p, key length). scrypt deliberately consumes large amounts of RAM to resist GPU/ASIC cracking; use it when you want memory-hardness. Prefer crypto_argon2 or crypto_bcrypt for general password storage; use crypto_pbkdf2 when only iteration count matters; use crypto_scrypt_verify to check a password against an existing scrypt hash. A random 16-byte salt is generated when salt is omitted, so output is non-deterministic between calls. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited. Returns the derived key (hex and base64), an encoded hash string, the salt, the parameters used, and a strength analysis.

Scrypt Hash Verifier. Check whether a plaintext password matches an existing scrypt hash, recomputing the derivation from the N, r, p, and salt encoded in the hash string. Use this to verify a candidate password; use crypto_scrypt instead to generate a new hash. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited. Returns whether the password matched, the parameters parsed from the hash, and a strength analysis of those parameters.

SHA3 Hash Generator (SHA3-224/256/384/512). Compute a SHA3 (Keccak, NIST FIPS 202) cryptographic digest of text, hex, or Base64 input. Choose algorithm to pick the variant (SHA3-256 default); set inputFormat to decode the input before hashing. Use this for the standardized SHA3 sponge family; use crypto_keccak_generator for the pre-standard Ethereum Keccak-256 variant, or crypto_hash for MD5, SHA-1, and SHA-2 legacy digests. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited (30 requests/minute for anonymous callers). Returns the lowercase hex digest plus its length, output size, security level, and typical use cases.

UUID Generator (v1 and v4). Generate one or more RFC 4122 UUIDs in version 4 (random) or version 1 (timestamp + node), with optional formatting (strip hyphens, uppercase, wrap in braces). Use it to mint fresh identifiers for databases, API keys, or test fixtures; use data_uuid_validator instead to validate or decode an existing UUID. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited (60 requests/minute anonymous). Output is non-idempotent — each call returns new random values. Returns the canonical and formatted UUID arrays plus the requested version and count.

Whirlpool Hash Generator. Compute the 512-bit Whirlpool hash of a text string, returning the 128-character hex digest plus uppercase, byte length, and 128/256/384/512-bit truncations. Use crypto_hash instead for MD5/SHA-1/SHA-256/SHA-512, crypto_sha3 for SHA-3/Keccak, or crypto_ripemd for RIPEMD variants; Whirlpool is an ISO/IEC 10118-3 AES-based digest used for file integrity and digital signatures. Runs locally on the input you provide: read-only, non-destructive, deterministic, contacts no external service, and is rate-limited (5 requests/min anonymous).

PII Data Anonymizer and Redactor. Detect and mask personally identifiable information (emails, phone numbers, US SSNs, IBANs with mod-97 check, Luhn-validated credit cards, IPv4/IPv6 addresses, ISO-8601 dates) in free text. Use this to scrub or redact real PII from logs, tickets, or datasets; use data_data_faker instead when you need to generate brand-new synthetic test data rather than mask existing values. Detection is regex-based with validity checks, and longer or stricter patterns (credit card, IBAN) resolve ahead of shorter ones (phone, SSN) so values are never partially matched. Runs locally on the text you provide: read-only, non-destructive, contacts no external service, deterministic for a given input, and rate-limited (60 requests/minute for anonymous callers). Returns the masked text plus a per-occurrence replacement list and per-type match counts.

Data Faker (Faker.js-style field presets). Generate fake values for one Faker.js-style field preset (44 namespaced fields across person, internet, address, phone, company, commerce, date, lorem, finance, and system) such as person.fullName, internet.email, address.zip, phone.imei, finance.creditCardNumber. Output is non-deterministic by default (CSPRNG); pass an optional string seed for reproducible runs via a non-cryptographic xoshiro128** generator. Use this when you need many values of a SINGLE field type; use data_random_data_generator or data_sample_data_generator instead to build multi-column records or curated datasets (users, orders) as JSON/CSV/TSV, or data_mock_api_generator to stand up mock endpoints. Runs locally: read-only, non-destructive, contacts no external service, and is rate-limited (60 requests per minute anonymous, 120 authenticated). Returns the resolved preset, the count, and an array of generated string values.

JSON Path Evaluator (RFC 9535 / Goessner JSONPath Query). Evaluate one JSONPath expression against a JSON document and return every matched value with its path. Supports child/recursive-descent ($..), wildcards (* / [*]), numeric and negative indices, array slices ([start:end:step]), key unions, and filter expressions with comparison/boolean operators and length(); both dot and bracket notation, RFC 9535 and classic Goessner syntax. Use this to extract or query values from a JSON document you already have; use data_json_schema_validator instead to check a document against a schema, format_json to pretty-print or minify, or webdev_xml_to_json to convert XML first. Hand-rolled parser, no eval. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited. Returns the matches array (each with path, normalisedPath, value), a matchCount, the echoed expression, and the parsed document.

JSON Schema Validator (Draft 2020-12, Ajv). Validate a JSON instance against a JSON Schema (Draft 2020-12 by default; 2019-09, 7, 6, 4 are recognised from the schema $schema URI) using Ajv with ajv-formats, and report every constraint failure. Use this to check data you already have against a schema you already have; use data_json_schema_generator instead to infer a schema from a sample document. Compiles and validates locally on the input you provide: read-only, non-destructive, contacts no external service and does not fetch remote $ref schemas over the network, and is rate-limited (60 requests/minute for anonymous callers). Returns a valid flag and an errors array (each with keyword, instancePath, schemaPath, and message) plus an error count and the detected schema version.

Mock API Generator (Build Mock REST API From JSON Schema). Generate a small in-memory mock REST API document from a JSON schema template: given an array of endpoints (each a path, HTTP method, record count, and a list of typed fields), it fabricates fake records per endpoint and returns them grouped by path. Field types include uuid, integer, float, boolean, full_name, first_name, last_name, email, phone, iso_date, iso_datetime, sentence, paragraph, and enum. Use this when you need multi-endpoint API fixtures keyed by route; use data_faker for a single flat list of richly namespaced person/finance fields, data_random_data_generator for one flat record set across many primitive types with CSV/TSV/NDJSON output, or data_sample_data_generator for curated ready-made domain datasets (users, orders, logs). Output is random and non-idempotent — an optional seed makes record bodies reproducible, but the generatedAt timestamp still varies each call. Runs locally, read-only, contacts no external service, and is rate-li

Generate Custom Random Fake Records. Generate fake records from a user-defined field schema, returning random values for 22 field types (first_name, last_name, full_name, email, phone, company, street_address, city, state, zip, country, country_code, iso_date, iso_datetime, uuid, integer, float, boolean, word, sentence, paragraph, enum) as JSON, NDJSON, CSV (RFC 4180), or TSV. Output is non-deterministic (CSPRNG via crypto.getRandomValues) unless a seed string is supplied, in which case generation is fully reproducible via deterministic xoshiro128** (never use seeded output for tokens, salts, keys, IVs, or nonces). Use this when you control the exact record schema (field names and per-field types/options). Use data_data_faker instead for realistic Faker.js-style preset fields chosen by name without per-field options; use data_sample_data_generator for ready-made curated demo datasets (users, orders, products, logs); use math_random_number_generator when you only need standalone random numbers, not records. Re

Sample Data Generator. Generate ready-made demo datasets for nine fixed business shapes (users, orders, products, log_lines, transactions, inventory, tickets, employees, analytics_events), each with a curated column set, emitted as JSON, NDJSON, CSV (RFC 4180), or TSV. Pick this when you want a recognisable, opinionated table for one of those shapes; use data_faker to compose arbitrary field-by-field records, data_random_data_generator for schema-driven random rows, or data_mock_api_generator to stand up mock endpoints. Runs locally: read-only, non-destructive, contacts no external service, and rate-limited (60 requests/minute for anonymous callers). Output is NON-deterministic by default (cryptographic randomness); pass a string seed for reproducible rows. Returns the formatted output string plus the parsed records array.

Format And Parse Tabular Data Tables. Deterministically converts supplied tabular data (header row plus 2-D rows) into a Markdown (GFM), HTML, CSV (RFC 4180), or TSV table, and parses CSV/TSV/Markdown text back into structured headers and rows. Does NOT generate random or sample data: it only formats or parses the exact cells you pass. Use operation render to serialize headers/rows into one of the four output formats with optional per-column alignment; use operation parse to read a pasted table string into headers/rows. Use this instead of data_sample_data_generator or data_data_faker (which invent random records), and prefer it over webdev_csv_to_json / webdev_json_to_csv when you need Markdown/HTML output or alignment-aware Markdown rather than JSON. Stateless, read-only, offline pure-compute; no auth required; default anonymous rate limit 60 requests/minute. Returns the formatted table string plus normalized headers, rows, rowCount, and columnCount.

UUID / GUID Validator and Parser. Strictly validate a UUID/GUID string and report its structure: validity, RFC 4122 / RFC 9562 version (1-8), variant (NCS, RFC 4122, Microsoft, Reserved), Nil and Max special cases, normalized/uppercase/URN forms, and the embedded timestamp, node, and clock sequence for time-based v1, v6, and v7. Accepts canonical hyphenated, 32-hex no-dash, braced, and urn:uuid: forms. Use this to inspect or verify an existing identifier; use crypto_uuid instead when you need to GENERATE a new UUID. Set operation to validate or identify (single string), compare (test two strings for equality), or batchValidate (up to 1000 strings at once). Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited (60 requests/minute for anonymous callers). Returns a result object whose shape depends on the chosen operation.

ASCII85 / Base85 Encoder and Decoder. Encode text to ASCII85 (Base85) or decode ASCII85 back to text, using the Adobe PostScript character set with optional z (4 zero bytes) and y (4 space bytes) compression. ASCII85 packs 4 bytes into 5 characters (~25% smaller than Base64's 4-into-6); use encoding_decoding_base64 for the ubiquitous web/MIME format, or encoding_decoding_base91 for the most compact ASCII-safe output. Runs locally on the text you provide: read-only, non-destructive, contacts no external service, and is rate-limited (60 requests/minute for anonymous callers). Returns the converted string plus size and efficiency statistics.

Atbash Cipher (Encode and Decode). Apply the Atbash substitution cipher, mapping each Latin letter to its mirror (A<->Z, B<->Y, ... ); digits and symbols pass through unchanged. Atbash is symmetric, so encoding and decoding are the identical transform — the operation flag only labels the output. Use it for classical/CTF puzzles and ROT-style text scrambling; it is a fixed historical cipher with no key and provides no real security, so it is not encryption. Choose encoding_decoding_rot13 or encoding_decoding_caesar instead when you need a different shift. Runs locally, read-only, non-destructive, and rate-limited. Returns the transformed text plus an info note that the cipher is symmetric.

Baconian Cipher (Encode and Decode). Encode or decode text with the Baconian cipher, a binary steganographic substitution that maps each letter to a five-symbol group of A/B (or 0/1). It is a fixed historical cipher with no key and provides no real security, so it is not encryption — use it for classical/CTF puzzles or to hide a binary message inside other text. Version A is the 24-letter classical table (I/J and U/V share codes, so decoding is lossy); version B is the full 26-letter table with no collisions. For keyed or shift-based classical ciphers choose encoding_decoding_vigenere, encoding_decoding_caesar, or encoding_decoding_atbash instead. Runs locally, read-only, non-destructive, and rate-limited (60 requests/min, 500/hour, 2000/day for anonymous callers). Returns the transformed text plus an analysis object (lengths, cipher-group count, expansion ratio, security level).

Base64 Encoder and Decoder. Convert UTF-8 text to standard Base64 (RFC 4648, +/ alphabet, = padding) or decode Base64 back to text. Whitespace in decode input is ignored and the payload is validated before decoding. This handles text only — to Base64-encode an uploaded file or a data URI use file_base64_file_encoder, for images use webdev_base64_image_encoder, and for Base32/Base58/Base85 use encoding_basex or encoding_ascii85. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited (60 requests/min, 500/hour, 2000/day for anonymous callers). Returns the transformed string alongside the echoed input and operation.

Base91 Encoder and Decoder. Encode bytes to basE91 or decode basE91 back to data, the densest of the ASCII-safe binary-to-text encodings: about 23% smaller than Base64 (roughly 1.23x the input size versus Base64 1.33x). Set operation to encode or decode and choose how input bytes are read with format. Prefer encoding_decoding_base91 when output size matters most; use encoding_decoding_base64 for the ubiquitous web/MIME format, encoding_decoding_ascii85 for Adobe PostScript Base85, or encoding_decoding_basex for Base32/Base58/Base85. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, idempotent, and rate-limited (60 requests/minute for anonymous callers). Returns the converted string plus size/efficiency statistics and a per-character analysis.

Base32 / Base58 / Base85 Encoder and Decoder. Encode UTF-8 text to Base32 (RFC 4648 padded), Base58 (Bitcoin alphabet, no 0/O/I/l), or Base85 (Z85-style 85-character set), or decode any of those three back to text. Pick the format with the base parameter (32, 58, or 85). Use encoding_decoding_base64 for the ubiquitous web/MIME format, encoding_decoding_ascii85 for Adobe PostScript Base85, or encoding_decoding_base91 for the most compact ASCII-safe output. Runs locally on the text you provide: read-only, non-destructive, contacts no external service, and is rate-limited (60 requests/minute for anonymous callers). Returns the converted string plus length, ratio, and efficiency statistics.

Binary and Text Converter. Convert text into space-separated 8-bit binary byte strings (text_to_binary) or decode a binary bit string back into text (binary_to_text), with selectable UTF-8, ASCII, or Latin-1 character encoding and spaced, continuous, or custom-separator output formatting. Each character becomes one or more zero-padded 8-bit groups. Use encoding_decoding_hex_ascii for base-16 byte strings instead of base-2, conversion_number_base to convert one ASCII string across binary/hex/decimal/octal at once, and conversion_binary_decimal to read a binary string as a single numeric value rather than per-character text. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited (60 requests/minute for anonymous callers). Returns the converted string plus binary parts and entropy/compression analysis.

BinHex Encoder and Decoder. Encode text to BinHex 4.0 (HQX) or decode a BinHex stream back to text. BinHex is the classic Macintosh binary-to-ASCII format that wraps a file's data fork plus Finder metadata (filename, 4-char type and creator codes) and CRC checksums into a 7-bit ":...:" envelope for email and cross-platform transfer. Use encoding_decoding_uuencode or encoding_decoding_xxencode for Unix/Usenet files, encoding_decoding_base64 for the ubiquitous web/MIME format, or encoding_decoding_ascii85 for the most compact ASCII-safe output. Runs locally on the text you provide: read-only, non-destructive, contacts no external service, and is rate-limited (60 requests/minute for anonymous callers). Returns the converted string; decoding also returns the recovered filename, type, creator, and byte size.

Bubble Babble Encoder/Decoder. Bubble Babble encodes arbitrary binary data as a pronounceable string of alternating consonants and vowels (e.g. "xexax", the format SSH uses for key fingerprints), with a built-in checksum. Set operation to encode to turn input into babble, or decode to recover the original bytes. Use encoding_decoding_base64 instead when you need compact, standard ASCII-safe transport rather than a human-pronounceable, memorisable form. Runs locally on the input you provide: read-only, non-destructive, offline, and rate-limited. Returns the converted result plus a length/byte analysis of the input.

Caesar Cipher (Encode / Decode). Encode or decode text with the classical Caesar shift cipher: each A-Z letter is rotated a fixed number of positions (1-25) through the alphabet, decode applying the inverse rotation. This is a monoalphabetic substitution cipher with no real cryptographic strength — identical letters always map identically and frequency patterns survive, so use it for puzzles, CTFs, and learning, not to protect secrets. Use encoding_decoding_rot13 for the fixed ROT13/ROT47 variant (shift 13), or encoding_decoding_vigenere when you need a keyword-driven polyalphabetic shift instead of one fixed value. Out-of-range or non-integer shifts are rejected; preserve_case and preserve_non_alpha control whether original casing and non-letter characters are kept. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited. Returns the transformed text, a human-readable info string, and a letter-frequency analysis.

Hex to ASCII Converter (Bidirectional). Convert hexadecimal strings to ASCII/text and text back to hex, with selectable byte delimiter (spaced, continuous, or custom separator), upper/lowercase hex, and character encoding (ascii, latin1, utf8). Use conversion_number_base for multi-radix ASCII/binary/hex/octal/decimal byte conversion, encoding_decoding_binary_text for the binary representation of text, or encoding_decoding_base64 for MIME-safe binary transport. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited (60 requests/minute for anonymous callers). Returns the converted string plus hex pairs, byte values, and a statistics block (length, byte count, entropy, printable ratio, character range).

Encode or Decode HTML Entities. Convert special characters to HTML entities and back so text is safe to embed in HTML/XML markup and to prevent XSS. Encoding replaces characters with named (&lt;), decimal (&#60;), or hex (&#x3C;) entities; decoding resolves all three forms back to characters. Use this for HTML/XML markup safety; use encoding_decoding_url for URL percent-encoding, encoding_decoding_unicode for \u/\x source-code escapes, and encoding_decoding_string_escape for SQL/CSV/code string-literal quoting. Runs locally on the supplied text: read-only, non-destructive, offline, and rate-limited (60 requests/min anonymous). Returns the converted string plus a length and entity-count analysis.

JWT Decoder and Claim Inspector. Decode and inspect a JSON Web Token offline: split it into header, payload, and signature, Base64URL-decode the header and payload JSON, and annotate every payload claim (with human-readable timestamps and an EXPIRED flag for past exp). This tool only decodes and does not fetch JWKS or verify the signature cryptographically; use security_jwt_generator_validator when you need to verify an HMAC or asymmetric signature, check exp/nbf against a secret or key, or assemble and sign a new token. Runs locally on the token you provide: read-only, non-destructive, contacts no external service, and is rate-limited (60 requests/minute for anonymous callers). Returns the decoded header and payload, the three raw token parts, a structure-status object, and a per-claim analysis map.

Punycode / IDN Encoder and Decoder. Encode an internationalized domain name to its ASCII xn-- form (Punycode, RFC 3492 / IDNA) and decode xn-- labels back to Unicode. Pure in-process compute, no DNS or network lookup. Use this for domain-name (host) encoding where each dot-separated label is converted independently and only non-ASCII labels gain the xn-- prefix; use encoding_decoding_url for percent-encoding URL paths/query strings and encoding_decoding_unicode for backslash-u / backslash-x / HTML escapes of arbitrary text. Read-only and idempotent; rate limited to 60 requests/min anonymous (120 authenticated). Returns the converted string plus a per-label breakdown and a non-ASCII character listing.

Quoted-Printable Encoder and Decoder. Encode UTF-8 text to RFC 2045 Quoted-Printable (MIME Content-Transfer-Encoding) or decode Quoted-Printable back to text. Encoding maps bytes outside the printable-ASCII safe set to =XX hex escapes, leaves letters/digits/most punctuation readable, and hex-escapes trailing tab/space at line ends; decoding reverses =XX escapes and strips soft-break line continuations. Use this for email bodies and MIME parts that are mostly ASCII and should stay human-readable; use encoding_basex base64 for dense binary, encoding_url for percent-encoding URL components, or encoding_uuencode / encoding_xxencode for classic binary-to-text. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited (60 requests/min, 500/hour, 2000/day for anonymous callers). Returns the converted string, the echoed input and operation, and size statistics. Decode requires =XX hex pairs to be valid hex.

Rail Fence Cipher (Encode / Decode). Encode or decode text with the classical Rail Fence cipher: characters are written in a zigzag down and up across a fixed number of rails, then read off row by row to encode (decode reverses the zigzag to recover the original order). This is a transposition cipher — it reorders characters rather than substituting them — and has no real cryptographic strength, so use it for puzzles, CTFs, and learning, not to protect secrets. Choose encoding_decoding_caesar or encoding_decoding_vigenere instead when you need a substitution cipher (fixed shift or keyword-driven), and pick this tool when the requirement is specifically a zigzag/rail transposition. rails must be an integer 2-50; remove_spaces strips spaces before processing. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited. Returns the transformed text plus a character analysis and a visual zigzag pattern.

ROT Cipher (Configurable Rotation, Encode and Decode). Shift text by any ROT rotation of 1-94 and encode or decode it. Rotation 13 applies ROT13 (letters A-Z/a-z only) and 47 applies ROT47 (printable ASCII 33-126); both are symmetric so encode and decode match. Any other rotation shifts printable ASCII 32-126, where decode reverses encode. Use this configurable variant when you need an arbitrary shift; use the fixed encoding_decoding_rot13 for only ROT13/ROT47, or encoding_decoding_caesar for a 1-25 letter-only Caesar shift. A classical cipher with no key and no real security — for puzzles, CTFs, and obfuscation, not encryption. Runs locally, read-only, non-destructive, offline, and rate-limited. Returns the transformed text plus a rotation info note and a character-class breakdown of the input.

ROT13 and ROT47 Cipher (Encode / Decode). Apply a ROT (rotate) substitution cipher to the supplied text and return the transformed string. The rotation amount picks the variant: rotation 13 is classic ROT13 (rotates only A-Z and a-z letters, leaving digits and symbols untouched), rotation 47 is ROT47 (rotates the 94 printable ASCII characters 33-126, sparing the space), and any other 1-94 value shifts the full printable range ASCII 32-126 forward for encode or backward for decode. ROT13 and ROT47 are their own inverse, so encode and decode give the same result. This is a reversible obfuscation with no cryptographic strength; use it for puzzles, CTFs, and hiding spoilers, not to protect secrets. Use encoding_decoding_caesar for a letters-only shift constrained to 1-25, or encoding_decoding_atbash for a fixed alphabet reversal. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited (60 requests/minute for anonymous callers). Returns the transformed t

Escape or Unescape String Literals. Escape or unescape a string for a specific syntax so it is safe to paste into code or data: SQL, CSV, shell/Bash, regular-expression, PHP, LDAP filter, XML attribute, or C/C++ string. Use this for language/format string-literal quoting; use encoding_decoding_url for percent-encoding and encoding_decoding_html_entities for HTML entity conversion. Runs locally on the supplied text: read-only, non-destructive, offline, and rate-limited. Returns the transformed string plus format metadata, an escaping analysis, and the list of supported formats.

Unicode Escaper and Unescaper. Escape text into Unicode escape sequences, or unescape them back to characters, in JSON/JavaScript, Python, Java, CSS, HTML, XML, or URL format. Set operation to escape or unescape and format to the target syntax. Encodes non-ASCII and control characters as backslash-uXXXX (json/java), backslash-uXXXX or backslash-UXXXXXXXX (python), backslash-XXXXXX (css), hex numeric HTML entities, decimal numeric XML entities, or percent-XX UTF-8 bytes (url), handling surrogate pairs and astral code points. Unescape auto-detects and decodes every one of these sequence styles at once, so format only affects escape. Use encoding_decoding_html_entities for named HTML entities, encoding_decoding_punycode for IDN domain names, conversion_emoji to look emoji up by name/codepoint, and encoding_decoding_string_escape for SQL/CSV/JavaScript string quoting. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited (60 requests/minute for anonym

URL Percent-Encode and Decode. Percent-encode text into a URL-safe form or decode percent-encoded text back to its original characters, using encodeURIComponent / decodeURIComponent semantics (space becomes %20, reserved characters like &, =, ?, /, # are escaped). Use it for query-parameter values, path segments, and form data; use encoding_decoding_html_entities instead to escape characters for HTML markup, or encoding_punycode to convert international domain names to ASCII. Pure local string transformation — read-only, non-destructive, contacts no external service, and rate-limited (60 requests/minute anonymous). Returns the converted string, the echoed input, and the operation performed.

UUEncode And UUDecode Binary Data. Classic Unix uuencode/uudecode: convert arbitrary text or binary into a 7-bit ASCII envelope (begin perm name ... end) and back. Set operation=encode to wrap data, operation=decode to recover it. Use this for legacy email/Usenet attachments and Unix file transfer. Prefer encoding_decoding_xxencode for 8-bit-safe Usenet variants, encoding_decoding_binhex for Macintosh resource-fork files, or encoding_decoding_base64 for modern MIME. Pure compute: read-only, non-destructive, stateless, runs offline, no auth; default rate limit 60 requests/minute. Returns the encoded/decoded result plus file_info header metadata and size stats.

Vigenère Cipher (Encode / Decode). Encrypt or decrypt text with the classical Vigenère polyalphabetic cipher, using a letter keyword that shifts each character by a repeating, position-dependent amount. Set operation to encode or decode and supply key. This is a historical cipher with no real cryptographic strength — use it for puzzles, CTFs, and learning, not to protect secrets; use encoding_decoding_caesar for a single fixed shift or encoding_decoding_rot13 for the fixed ROT13/ROT47 variants. The key is normalized to letters only and upper-cased; non-letter key characters are stripped. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited. Returns the transformed text plus the normalized key, a human-readable info string, and a letter-frequency / key-strength analysis.

XXEncode / XXDecode Binary-to-Text Converter. Encode text or binary data to XXEncode, or decode XXEncode back to text. XXEncode is a classic Unix binary-to-text format like uuencode, but uses a fully alphanumeric alphabet (plus, minus, digits, A-Z, a-z) that survives EBCDIC and 7-bit mail gateways where uuencode's punctuation gets mangled. Output is optionally wrapped in a begin/end envelope. Use encoding_decoding_uuencode for the more common Unix tooling default, encoding_decoding_binhex for Macintosh files with resource forks, or encoding_decoding_base64 for the ubiquitous web/MIME format. Runs locally on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited (60 requests/minute for anonymous callers). Returns the converted string plus decoded-file metadata (filename, permissions, size) when decoding.

File Size Calculator (Units, Compare, Transfer Time, Storage Fit). Convert a data size between SI/decimal units (KB, MB, GB, TB, PB, EB = powers of 1000) and IEC/binary units (KiB, MiB, GiB, TiB, PiB, EiB = powers of 1024), plus bit units, via four operations selected by "operation": convert (one size to every unit), compare (rank 2-32 sizes by bytes), transferTime (download/upload seconds at a given speed), and storageFit (how many items fit in a capacity). Use this for byte-unit math and bandwidth estimates; use conversion_base_converter for numeric radix conversion instead. Runs locally on the values you provide: read-only, non-destructive, contacts no external service, and is rate-limited (30 requests/minute for anonymous callers). Returns precise byte/bit counts plus human-readable decimal and binary strings; the result object's shape depends on the operation.

MIME Type Lookup (Extension to Media Type and Reverse). Look up IANA media types from a file extension, reverse-lookup every extension registered for a MIME type, or dump the full curated table, selected by operation. Use lookupByExtension when you have a filename/extension and need the Content-Type; use lookupByMimeType when you have a media type and need its file extensions; use listAll to fetch the whole 120-plus-entry table. To identify a file from its magic-byte signature (not its name) use file_file_type_detector instead. Reads a frozen in-memory table only: read-only, non-destructive, contacts no external service, and is rate-limited (30 requests/minute for anonymous callers). Unknown input returns an empty-result shape rather than an error.

JSON Formatter, Minifier and Validator. Pretty-print, minify, validate, or analyze a JSON document, with optional indent width and alphabetical key sorting. Use format_json for plain text-in/text-out cleanup and syntax checking; use format_json_visualizer to browse JSON as an interactive tree, webdev_code_formatter for HTML/CSS/JS, or webdev_json_to_csv to convert JSON into CSV rows. Runs locally on the text you provide: read-only, non-destructive, parses nothing external, and is rate-limited (60 requests/minute for anonymous callers). Returns the processed output string, a validity flag, any parse error, structure analysis, and size and line statistics.

JSON Tree Visualizer and Structure Analyzer. Parse a JSON document into a validated tree and structural summary: confirms the JSON is well-formed, returns the parsed value, counts every node, and tallies key, depth and type statistics for exploring deeply nested data. Use format_json to pretty-print or minify JSON, data_json_path_evaluator to query nodes with JSONPath, data_json_schema_validator to check an instance against a schema, and webdev_json_to_typescript to emit TypeScript interfaces; use this tool when you only need to inspect shape, depth and node/type counts. Runs locally on the JSON you provide: read-only, non-destructive, contacts no external service, and is rate-limited (60 requests/minute for anonymous callers). Invalid JSON returns isValid:false with the parser error message instead of an HTTP error.

Bash Shell Script Generator. Build a runnable shell script (bash, sh, or zsh) from structured options - it ASSEMBLES and returns script TEXT, it never executes, saves, or runs anything. Pick a shebang and optional strict mode (set -euo pipefail, IFS), declare command-line args (short/long flags with types) that become a getopts-style case parser, and toggle reusable blocks: check-root, check-deps, log-setup, tmpdir (mktemp), trap-cleanup, usage-function, retry-loop, parallel, lock-file (flock), check-internet, and free-form custom blocks; customBody appends your own logic. Operation presets returns 11 ready-made templates (server backup, log rotation, deploy-via-ssh, db backup, rsync, health check, cert renewal, docker restart, git pre-commit, system cleanup). Use linux_systemd_unit_generator for service/timer unit files, linux_cron for crontab schedule lines, and linux_ssh_config_generator for ssh client config - this tool emits the executable script itself. Runs locally: read-only, non-destructive, no netwo

Chmod Permission and Command Generator. Convert Linux file permissions between octal (e.g. 755, 4755) and symbolic (e.g. u+x, g-w, a=r) notation and assemble the matching chmod command string. For each permission it derives the owner/group/others read-write-execute breakdown, decodes special bits (setuid 4 / setgid 2 / sticky 1) on 4-digit octal, parses who/operation/perms for symbolic input, surfaces security notes (world-writable, 777, 600), and returns the literal chmod [-R] <perms> <path> command. It only BUILDS the command text — it never runs chmod, changes any mode, or touches the filesystem. Use it to look up or teach permission values and produce a copy-paste command; use linux_command_builder for find/grep/rsync/tar commands, linux_user_group_manager for useradd/usermod, and octal/base converters for raw number-base math. Runs locally via a Node bridge: read-only, non-destructive, idempotent, offline, contacts no external service, and is rate-limited (anonymous 30/min, 200/hr, 1000/day).

Cron Job Schedule and Crontab Line Generator. Build a 5-field crontab schedule from individual minute/hour/day-of-month/month/day-of-week inputs and assemble the ready-to-paste crontab line " ", plus a plain-English explanation of each field and a curated list of common schedule examples. It only BUILDS the schedule text — it never installs a cron job, edits crontab, or touches the system. Use this to compose or teach a schedule from parts; use time_cron_parser instead when you already HAVE a cron expression and want to decode it to English or preview real next-run times (this tool's nextRuns is a placeholder note, not computed times). Runs locally via a Node bridge: read-only, non-destructive, idempotent, offline, contacts no external service, and is rate-limited (anonymous 30/min, 200/hr, 1000/day).

Linux Disk Usage And RAID Calculator. Six pure-arithmetic disk operations selected by the operation field. parseDu parses pasted du output into entries with byte sizes, depth, and a total; parseDf parses df output into filesystems with size/used/available bytes and use percent; raidCalculator computes usable bytes, redundancy overhead, and fault tolerance for a RAID/RAIDZ level; partitionPlanner allocates a disk into partitions by percent, bytes, or remaining share and reports leftover bytes; findCommand assembles a find -size command string with a plain-English explanation; humanize formats a byte count in IEC (1024) or SI (1000) units. Operates only on the numbers and text you supply, never reading a real filesystem (use file_file_size_calculator for byte-unit conversion plus transfer-time estimates, or math_unit_converter for general unit conversion). Read-only, non-destructive, offline, and rate-limited (30 requests/minute for anonymous callers). Returns a per-operation result object plus warnings.

Linux Env Variable Manager. Parse, audit, and format-convert a .env file (the dotenv "KEY=value" plain-text envelope) entirely as a stateless text transform. It never reads, writes, or mutates any file, environment, or host — it only transforms the text you pass in. The "operation" field selects the mode: "parse" turns .env body text into a structured variable list (with quote style, inline comment, and line number) plus lenient-parse warnings; "format" converts a variable list into one of 9 deployment formats; "audit" scans values for leaked credentials, weak passwords, duplicate or invalid keys, and boolean-as-string typos; "presets" returns ready-made example variable sets. Use this for .env conversion and secret auditing; use linux_bash_script_generator for full shell scripts and linux_systemd_unit_generator for unit files. Runs locally: read-only, non-destructive, offline, contacts no external service, and is rate-limited (anonymous 30/min, 200/hr, 1000/day).

Iptables And Nftables Firewall Rule Generator. Generate iptables-restore (rules.v4) and nftables (nft.conf) firewall scripts from a structured firewall description: default INPUT/FORWARD/OUTPUT chain policies, an ordered rule list (protocol, source/destination IP plus CIDR, ports, interface, action), NAT and port forwarding (DNAT/SNAT/MASQUERADE), and the common conveniences (allow loopback, allow established/related, rate-limited log-drops). Use this to author Linux netfilter rulesets; use linux_ssh_config_generator instead for ssh_config and sshd_config. It only emits rule TEXT and never runs iptables, touches no network, and reads no database: read-only, non-destructive, and rate-limited (30 requests/minute for anonymous callers). Validates IPs, CIDR suffixes, and port specs, and emits lockout warnings (such as a DROP policy without an SSH allow rule). Set operation to presets to list the 9 ready-made templates. Returns both scripts plus per-rule explanations, warnings, and target file paths.

Linux Command Builder. Build correct command-line strings for 11 Linux tools (find, grep, sed, awk, rsync, tar, curl, ssh, scp, ffmpeg, imagemagick) from structured fields, with every argument shell-quoted and risky flags (find -delete, rsync --delete, curl to remote URLs) flagged as warnings. It only assembles command text and never executes anything, so use it to author or template a command you will run yourself; reach for linux_user_group_manager instead when you specifically need useradd/usermod/groupadd account commands, or linux_systemd_unit_generator for unit files. Runs locally: read-only, non-destructive, contacts no external service, rate-limited to 30 requests/minute for anonymous callers. Returns the built command plus per-flag explanations, the files it reads or writes, and safety warnings.

Linux Log Parser and Analyzer. Parse Apache (Common and Combined), nginx access, syslog (RFC 3164 and RFC 5424), JSON Lines, and systemd journal export logs into structured rows, then filter, aggregate, or re-export them. Format auto-detection picks the best parser, or supply a custom regular expression. Use linux_disk_usage_calculator instead for du or df output, or json_path_evaluator for querying a single JSON document. The operation field selects the stage: parse text into entries, filter those entries with a mini-language, aggregate them into counts or sums, convert them to JSON CSV or TSV, or list built-in analysis presets. Runs locally on the text you provide: read-only, non-destructive, reads no files, contacts no external service, and is rate-limited (30 requests/minute for anonymous callers). Input is capped at 5 MB. Returns the parsed entries with their field names and any warnings, or the filtered, aggregated, converted, or preset payload for the chosen operation.

Package Manager Commands. Look up and cross-translate a package-manager command across 9 Linux/Unix ecosystems (apt, dnf, pacman, apk, zypper, pkg, brew, snap, flatpak, nix). It BUILDS command strings from a static table — it never runs a package manager, installs, removes, or touches the host. The "operation" field selects the mode: "translate" renders one action (install, remove, update, search) for each target manager from the optional package list and from/to managers; "crossReferenceTable" returns the full action-by-manager command matrix; "packageNameMap" returns canonical-to-per-distro package-name aliases (e.g. apache2 vs httpd); "presets" returns ready-made example requests. Use this for distro-specific package commands; use linux_command_builder for general find/grep/rsync/tar one-liners and linux_bash_script_generator for full scripts. Returns the equivalent command (plus alternatives, per-cell notes, and cross-distro warnings) per manager. Runs locally: read-only, non-destructive, offline, contact

Process Signal Reference. Look up the POSIX / Linux process-signal table (31 standard signals) — for each signal returns its number, symbolic name (SIGTERM, SIGKILL, SIGHUP…), default kernel action, description, common senders, trap/handler behaviour, and ready-to-run kill/trap command examples. The "operation" field selects the query mode: "lookup" filters the table by free text, signal number, category and platform; "byName"/"byNumber" return one signal; and "categories" lists the category buckets. Use it as a static cheatsheet — it does not send, trap, or deliver any signal and touches no process. Runs locally on a built-in dataset: read-only, non-destructive, offline, contacts no external service, and is rate-limited.

SSH Config Generator. Generate an OpenSSH client config (~/.ssh/config) and/or server config (/etc/ssh/sshd_config) as text from structured host and daemon definitions. It only BUILDS the config text — it never writes ~/.ssh/config or sshd_config, edits a file, connects to any host, or touches the SSH agent. "operation" selects the mode: "generate" (default) renders config from "input"; "presets" returns ready-made example requests (Mozilla-hardened server, bastion, jump-host client, LAN, CIS Level 2, dev). For generate, "input.mode" picks which sides to emit. Client Host blocks support HostName, User, Port, IdentityFile, ProxyJump (bastion/jump host), ForwardAgent, LocalForward, and ControlMaster multiplexing; server settings cover Port, PermitRootLogin, password/pubkey auth, Allow/Deny users and groups, forwarding, idle timeouts, MaxAuthTries, and Ciphers/KexAlgorithms/ MACs — emitting security warnings for weak choices. Use this for OpenSSH connection and daemon config; use linux_web_server_config_generato

Systemd Unit Generator. Generate a complete systemd unit file from structured section fields and return the INI-style text ([Unit], the type body, [Install]) plus the install path and companion files. Set "operation" to "generate" (default) to build a unit, or "presets" to fetch ready-made example inputs. "unitType" selects the body section: service (ExecStart, Type, User, Restart, Environment, sandboxing), timer (OnCalendar/OnBootSec triggers, Persistent), socket (Listen* + Accept), mount (What/Where/Type/Options), path (Path* watches), or target. Per-section directives go in the matching object (unit, service, timer, socket, mount, path, install); every emitted directive is validated and missing ExecStart/triggers or weak hardening produce a warnings list (the unit is still returned). It only BUILDS the file text and copy-paste install commands — it never writes to disk, runs systemctl, enables, or starts any unit, and needs no privileges. Use this to author a .service/.timer/.socket file; use linux_ssh_con

Linux User and Group Manager Command Builder. Build Linux (and FreeBSD) user/group administration command lines from a structured form, parse pasted /etc/passwd and /etc/group text, and audit that parsed state for problems such as UID 0 imposters, duplicate UIDs/GIDs, orphan primary groups, and system accounts with login shells. The generate action emits useradd / usermod / userdel / groupadd / groupmod / groupdel / chage / passwd / chpasswd (or pw on FreeBSD) command text with per-command explanations and safety warnings; use linux_command_builder instead when you need general find/grep/rsync/tar/ssh commands rather than account management. BUILDS command text only - it never executes any command and never touches the local system. Runs locally on the input you provide (read-only, non-destructive, contacts no external service) and is rate-limited (30 requests/minute for anonymous callers). Returns generated commands plus warnings and an explanation, or parsed user/group rows, or audit findings, or curated pr

Apache / Nginx / Caddy Web Server Config Generator. Build ready-to-deploy web server configuration text for Apache 2.4, nginx, and Caddy 2 from one structured input. A single request returns all three parallel outputs (Apache VirtualHost, nginx server block, Caddyfile) covering TLS with optional HTTP-to-HTTPS redirect and HSTS, reverse proxy with WebSocket upgrade, PHP-FPM FastCGI dispatch, static-file serving with cache expiry, gzip, security headers, custom error pages, and access/error logging. It only BUILDS config text from your parameters; it never writes files to disk, edits a live server, reloads, or restarts anything. Use this for full virtual-host or server-block files; use linux_htaccess_generator for an Apache per-directory .htaccess instead, or linux_ssh_config_generator for SSH client/daemon config. Set operation to generate (the default, requires serverName) or to presets to list curated starter configurations. Runs locally on the values you provide, read-only and non-destructive, contacts no e

Bitwise Calculator. Perform a bitwise operation on integers with a selectable input base and bit width. operation chooses AND, OR, XOR, NOT, NAND, NOR, or a shift (shl, shr, ushr); pass operation=parse instead to just convert one value into all four bases. Operands accept base 2/8/10/16 (optional 0x/0b/0o prefix) at width 32 or 64, signed or unsigned, and the result is returned in binary, octal, decimal, and hex at once. Use this for bit-level logic and shifts; use conversion_number_base for plain radix conversion and math_scientific_calculator for arithmetic expressions. Pure local computation: read-only, non-destructive, deterministic, contacts no external service, and is rate-limited (60 requests/min anonymous).