Frontend JS Library Vulnerability Scanner - Online Check Version
Paste a URL or HTML to detect known vulnerable JavaScript library versions. Quick security audit. Client‑side only.
UD5 Toolkit
Paste a URL or HTML to detect known vulnerable JavaScript library versions. Quick security audit. Client‑side only.
See how Trusted Types prevents unsafe HTML assignment. Test against injected scripts. Modern security practice.
Calculate the entropy (in bits) of a password based on character pool size and length. Visual strength meter with crack time estimation. Local only.
Create a passkey and authenticate using the Web Authentication API. Supports platform authenticators (TouchID, FaceID). No server.
Paste a potential XSS vector and see if it executes in a sandboxed iframe. For security researchers and education.
Paste response headers string and get a security audit. Check presence and configuration of key security headers. Local analysis.
Test if a script or style will be allowed by a given CSP. Compute hash/nonce. Strengthen your site’s defense against XSS. Local.
Configure browser feature permissions (camera, microphone, geolocation) and generate the Permissions‑Policy HTTP header.
Test SQL injection inputs on a mock database and see the resulting query. Learn how to prevent SQLi. No real data.
Check if a URL can be embedded in an iframe. Test your site’s defense against clickjacking. Browser‑based.
Paste a Content‑Security‑Policy header and get a human‑readable breakdown. See potential risks and suggestions.
Drop a PDF and extract any embedded JavaScript or form actions. Check for malicious code. Privacy‑friendly analysis.
Paste the Permissions‑Policy header and get a human‑readable table of allowed/blocked browser features. Understand how your site is restricted.
Validate a DNSSEC chain by entering DS and RRSIG records. Verify that signatures match. Educational. Local algorithm.
Instantly convert plain text into HTML‑safe escaped characters for secure display in web pages. Prevent cross‑site scripting. All processing local.
Fetch a site’s HSTS header and validate its syntax, max‑age, and subdomain flags. Ensure your site enforce HTTPS.
Test a regular expression against malicious inputs to detect catastrophic backtracking and ReDoS vulnerabilities. Educational.
Paste email headers or body text to quickly spot phishing signs, suspicious domains, and obfuscated links. Educational and private.
Strip dangerous HTML tags and attributes (scripts, onclick) to prevent XSS attacks. Safe iframe preview. Local sanitation engine.
Evaluate the strength of your passwords with a visual meter and detailed feedback. Check for length, complexity, and breached passwords. All analysis is client-side.
Generate ultra-secure, random passwords with configurable length and character sets. Created entirely on your device; never transmitted or stored.
Build an iframe with different sandbox flags and see live which features are blocked. For secure embedding.