Skip to content
free · no signup · no data stored

Free security tools for developers.

Quick security checks for developers. Whether you're building with AI coding tools or shipping a production app, these free utilities help you verify your security configuration before vulnerabilities become problems.

01/the toolbox
01

JWT Debugger

Decode JWTs and catch security issues: alg:none, long-lived tokens, sensitive claims. 100% client-side signature verification.

open
02

CORS Tester

Test any URL for CORS misconfigurations. Detects Origin reflection, null origin acceptance, and preflight failures.

open
03

CSP Evaluator

Audit your Content Security Policy. Paste a CSP or fetch from URL. Graded A–F with specific fixes for unsafe-inline, wildcard sources, and more.

open
04

Secret Scanner

Scan .env files, code, or config for exposed API keys. 30+ patterns including AWS, OpenAI, Stripe, GitHub, Firebase Admin, and private keys.

open
05

SSL Certificate Checker

Check SSL certificate validity, expiry date, and TLS configuration. Get an instant security grade.

open
06

Email Security Checker

Check SPF, DMARC, and MX records for any domain. Protect against email spoofing and phishing.

open
07

Password Strength Checker

Test password strength with detailed analysis. 100% client-side — your password never leaves your browser.

open
08

Data Breach Checker

Check if your email has been exposed in a public data breach. Powered by XposedOrNot.

open
09

DNS Security Checker

Check DNSSEC configuration and CAA records. Prevent DNS hijacking and unauthorized certificates.

open
10

security.txt Validator

Check if a website has a valid security.txt for responsible vulnerability disclosure.

open
11

SRI Hash Generator

Generate Subresource Integrity hashes for scripts and stylesheets. Protect against CDN compromises.

open
12

Hash Generator

Generate MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes instantly. 100% client-side.

open
13

Base64 Encoder/Decoder

Encode and decode Base64 strings. Useful for debugging tokens and inspecting encoded data.

open
02/how to use these tools
1

Enter your domain or data

Each tool requires minimal input — just a domain name, email, text, or password.

2

Get instant results

Results appear in seconds. No waiting for emails, no accounts, no complex setup.

3

Take action

Each tool provides actionable recommendations. Fix issues before they become incidents.

03/the full picture

Need a full security scan?

These tools check individual aspects of security. VibeSafely scans your entire application for vulnerabilities — exposed API keys, database misconfigurations, authentication issues, missing security headers, and more.