UD5 Toolkit
Password Entropy Calculator - Online Bits of Security Meter
Calculate the entropy (in bits) of a password based on character pool size and length. Visual strength meter with crack time estimation. Local only.
Tag: Security Tools - Check & Protect
22+ toolsTrusted Types API Demo - Online Prevent XSS
See how Trusted Types prevents unsafe HTML assignment. Test against injected scripts. Modern security practice.
Frontend JS Library Vulnerability Scanner - Online Check Version
Paste a URL or HTML to detect known vulnerable JavaScript library versions. Quick security audit. Client‑side only.
PDF Script Inspector - Online See Embedded JavaScript
Drop a PDF and extract any embedded JavaScript or form actions. Check for malicious code. Privacy‑friendly analysis.
WebAuthn Demo - Online Register & Authenticate
Create a passkey and authenticate using the Web Authentication API. Supports platform authenticators (TouchID, FaceID). No server.
HTTP Security Header Checker - Online HSTS, CSP, X-Frame Analysis
Paste response headers string and get a security audit. Check presence and configuration of key security headers. Local analysis.
SQL Injection Simulator - Online Educational Sandbox
Test SQL injection inputs on a mock database and see the resulting query. Learn how to prevent SQLi. No real data.
XSS Payload Sandbox - Online Test Escape Characters
Paste a potential XSS vector and see if it executes in a sandboxed iframe. For security researchers and education.
Content Security Policy Evaluator - Online Hash & Nonce Check
Test if a script or style will be allowed by a given CSP. Compute hash/nonce. Strengthen your site’s defense against XSS. Local.
Permissions‑Policy Header Parser - Online Decode & Check
Paste the Permissions‑Policy header and get a human‑readable table of allowed/blocked browser features. Understand how your site is restricted.
Permissions‑Policy Header Generator - Online Security Config
Configure browser feature permissions (camera, microphone, geolocation) and generate the Permissions‑Policy HTTP header.
Regex Injection / ReDoS Tester - Online Safe Pattern Test
Test a regular expression against malicious inputs to detect catastrophic backtracking and ReDoS vulnerabilities. Educational.
DNSSEC Chain Validator - Online Check RRSIG & DS
Validate a DNSSEC chain by entering DS and RRSIG records. Verify that signatures match. Educational. Local algorithm.
HSTS Header Checker - Online Strict‑Transport‑Security
Fetch a site’s HSTS header and validate its syntax, max‑age, and subdomain flags. Ensure your site enforce HTTPS.
CSP Analyzer - Online Test & Improve Policy
Paste a Content‑Security‑Policy header and get a human‑readable breakdown. See potential risks and suggestions.
X‑Frame‑Options Tester - Online Clickjacking Defense
Check if a URL can be embedded in an iframe. Test your site’s defense against clickjacking. Browser‑based.
Password Strength Checker - Online Meter & Analyzer Tool
Evaluate the strength of your passwords with a visual meter and detailed feedback. Check for length, complexity, and breached passwords. All analysis is client-side.
Iframe Sandbox Configurator - Online Test Permissions
Build an iframe with different sandbox flags and see live which features are blocked. For secure embedding.
String to Escaped HTML - Online Protect Against XSS
Instantly convert plain text into HTML‑safe escaped characters for secure display in web pages. Prevent cross‑site scripting. All processing local.
HTML Sanitizer - Online Clean Dangerous Tags & XSS Prevention
Strip dangerous HTML tags and attributes (scripts, onclick) to prevent XSS attacks. Safe iframe preview. Local sanitation engine.
Phishing Email Checker - Online Suspicious Link Analyzer
Paste email headers or body text to quickly spot phishing signs, suspicious domains, and obfuscated links. Educational and private.
Strong Password Generator - Online Random Secure Passwords
Generate ultra-secure, random passwords with configurable length and character sets. Created entirely on your device; never transmitted or stored.