Vulnsy

Free Tools

Useful utilities for security professionals, completely free.

10 pentest cheat sheets

Curated payloads, modern bypasses, and concrete defences for SQL injection, XSS, SSRF, LFI, SSTI, XXE, command injection, open redirect, subdomain takeover, and HTTP request smuggling.

Data Formatting

JSON Beautifier & Viewer

Format, validate, and visualize JSON with a collapsible tree view. Syntax highlighting and easy copy/download.

Use Tool
API Security

Swagger Scoper

Analyze Swagger/OpenAPI specs to count HTTP methods and parameters for security assessment planning.

Use Tool
API Security

Burp to OpenAPI Converter

Turn a Burp Suite XML export into an OpenAPI 3.0 spec — runs entirely in your browser.

Use Tool
Network Security

Alternative IP Representations

Convert IPv4 addresses to decimal, hex, octal, and mixed-base formats for security testing and WAF bypass research.

Use Tool
Encoding

Base64 Encoder & Decoder

Encode text to Base64 or decode Base64 strings instantly. Supports UTF-8, client-side only.

Use Tool
Cryptography

Hash Generator & Identifier

Generate MD5, SHA-1, SHA-256, SHA-384, SHA-512 hashes or identify unknown hash types from their pattern.

Use Tool
Authentication

JWT Decoder

Decode JSON Web Tokens to inspect header, payload, and signature. Check expiration and claims.

Use Tool
2FA / Authentication

TOTP Authenticator

Generate Time-based One-Time Password codes from Base32 secret keys. Auto-refreshes every 30 seconds.

Use Tool
API Testing

Google Gemini API Key Tester

Validate your Google Gemini API key, test authentication, and view all available models with token limits.

Use Tool
Network Security

Well-Known Ports Reference

Searchable reference of TCP/UDP ports with security-focused notes — covering web, databases, ICS/SCADA, and out-of-band management.

Use Tool
API Security

CORS Tester

Fire a real cross-origin request from your browser and see exactly which headers are exposed, plus a curl-equivalent for full-fidelity testing.

Use Tool
Cryptography

AES Encrypt & Decrypt

AES-GCM (recommended) or AES-CBC at 128/192/256 bits via the Web Crypto API. Keys, IVs, and plaintext stay in your browser.

Use Tool
Cryptography

SSL/TLS Certificate Decoder

Paste an X.509 PEM and read every field — Subject, Issuer, validity, SANs, key usage, and SHA-256/SHA-1 fingerprints.

Use Tool
AI / LLM

LLM Token Counter

Exact tokenizer for OpenAI (GPT-4o, GPT-4, GPT-3.5, o1/o3); calibrated estimates for Claude, Gemini, and Llama. Lazy-loaded for speed.

Use Tool
AI / LLM

LLM Red-Team Reference

Catalogue of 12 documented LLM jailbreak and prompt-injection technique families with examples, defences, and academic references.

Use Tool
Vulnerability Management

CVSS Calculator

Compute CVSS 3.1 and 4.0 scores by selecting metrics or pasting a vector. Same engine Vulnsy uses inside customer pentest reports.

Use Tool
Data Formatting

UUID Generator

Generate v4, v7, v1, or v5 UUIDs in batch, or inspect an existing UUID to see version, variant, and embedded timestamp.

Use Tool
Authentication

SAML Decoder

Decode SAMLRequest / SAMLResponse messages (base64, optionally DEFLATE-compressed) into readable XML with key fields surfaced.

Use Tool
Data Formatting

cURL Converter

Paste a curl command, get equivalent Python, JavaScript fetch, Node.js, PHP, or Go code instantly.

Use Tool