Free security tools for developers.
Quick security checks for developers. Whether you're building with AI coding tools or shipping a production app, these free utilities help you verify your security configuration before vulnerabilities become problems.
JWT Debugger
Decode JWTs and catch security issues: alg:none, long-lived tokens, sensitive claims. 100% client-side signature verification.
openCORS Tester
Test any URL for CORS misconfigurations. Detects Origin reflection, null origin acceptance, and preflight failures.
openCSP Evaluator
Audit your Content Security Policy. Paste a CSP or fetch from URL. Graded A–F with specific fixes for unsafe-inline, wildcard sources, and more.
openSecret Scanner
Scan .env files, code, or config for exposed API keys. 30+ patterns including AWS, OpenAI, Stripe, GitHub, Firebase Admin, and private keys.
openSSL Certificate Checker
Check SSL certificate validity, expiry date, and TLS configuration. Get an instant security grade.
openEmail Security Checker
Check SPF, DMARC, and MX records for any domain. Protect against email spoofing and phishing.
openPassword Strength Checker
Test password strength with detailed analysis. 100% client-side — your password never leaves your browser.
openData Breach Checker
Check if your email has been exposed in a public data breach. Powered by XposedOrNot.
openDNS Security Checker
Check DNSSEC configuration and CAA records. Prevent DNS hijacking and unauthorized certificates.
opensecurity.txt Validator
Check if a website has a valid security.txt for responsible vulnerability disclosure.
openSRI Hash Generator
Generate Subresource Integrity hashes for scripts and stylesheets. Protect against CDN compromises.
openHash Generator
Generate MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes instantly. 100% client-side.
openBase64 Encoder/Decoder
Encode and decode Base64 strings. Useful for debugging tokens and inspecting encoded data.
openEnter your domain or data
Each tool requires minimal input — just a domain name, email, text, or password.
Get instant results
Results appear in seconds. No waiting for emails, no accounts, no complex setup.
Take action
Each tool provides actionable recommendations. Fix issues before they become incidents.
Need a full security scan?
These tools check individual aspects of security. VibeSafely scans your entire application for vulnerabilities — exposed API keys, database misconfigurations, authentication issues, missing security headers, and more.