tools.fdrian.me

Base64 Debugger

Encode and decode text in Base64 for payload review, storage formats, and quick transformations.

JWT Debugger

Inspect token headers and payloads, validate signatures, and test JWT workflows in one place.

URL Debugger

Encode or decode percent-encoded values for query strings, paths, and request payload debugging.

HTTP Headers Analyzer

Review response headers, highlight security gaps, and inspect common hardening controls.

CORS Analyzer

Detect CORS misconfigurations — wildcard origins, credential leaks, origin reflection, and null-origin bypasses.

Open Redirect Tester

Try common payloads against redirect parameters and inspect which requests are unsafe.

Domain Extractor

Pull unique domains from pasted text or fetched content to accelerate recon and cleanup work.

Subdomain Takeover Checker

Check whether hostnames point to unclaimed providers and surface likely takeover conditions.

JavaScript Secrets Finder

Scan JavaScript for tokens, keys, secrets, and other high-signal strings during source review.

ASCII Art Generator

Convert text to ASCII art using a built-in 5×5 bitmap font. Runs entirely in the browser, no external requests.

PDF Unlocker

Remove password protection from a PDF entirely in the browser. Supports AES-128, AES-256, and RC4. No uploads, no server.

PDF Password Cracker

Recover a forgotten PDF password via dictionary attack or PIN sweep. Runs entirely in the browser — no file is uploaded.