Security Tools
26 toolsPassword generators, hash tools, encryption, and security analyzers.
Create strong, secure passwords with customizable rules.
Generate MD5, SHA-1, SHA-256 hashes from text.
Generate secure SHA-256 hashes from text and files.
Analyze password security and get improvement suggestions.
Encrypt and decrypt text using AES-256 encryption.
Generate HMAC signatures for message authentication.
Generate secure random keys for APIs and encryption.
Calculate MD5, SHA-1, SHA-256, SHA-512 checksums for files.
Remove metadata from photos to protect your privacy. Strip GPS, camera info, and timestamps.
Check if your passwords have been exposed in known data breaches using k-Anonymity.
Analyze URLs for potential security threats and phishing indicators.
Create encrypted, self-destructing notes with password protection and expiration.
Verify email domain security with SPF, DKIM, DMARC, and MTA-STS checks.
Generate PGP keys, encrypt messages, and decrypt content using RSA encryption.
Test and verify TOTP two-factor authentication codes from your authenticator app.
Decode, validate, and analyze JSON Web Tokens for security vulnerabilities.
Create and sign JSON Web Tokens with custom claims and algorithms.
Sanitize user input for HTML, SQL, XSS, and other security threats.
Analyze browser cookies for security attributes like Secure, HttpOnly, and SameSite.
Compare file or text hashes to verify integrity using SHA-256, SHA-512, and more.
Validate passwords against custom patterns, common passwords, and entropy requirements.
Analyze privacy policies for data collection, user rights, and compliance issues.
Generate .reg files, PowerShell scripts, and batch files to control Windows Update behavior. Disable auto-updates, block restarts, manage driver updates.
Validate email addresses for proper format and syntax.
Validate and format phone numbers from any country with E.164 and international formats.
Validate and convert phone numbers to E.164 international format with batch support.
About Security Tools
FindUtils provides 26 free browser-based security tools for password generation, data hashing, text encryption, JWT token verification, security header analysis, and vulnerability checking. All 26 tools use the Web Crypto API and process data locally in your browser for maximum privacy. Generate cryptographically secure passwords with customizable length and character sets, compute MD5, SHA-256, and SHA-512 hashes, encode and decode JWT tokens, and analyze HTTP security headers against best practices.
Frequently Asked Questions
Are these security tools safe to use?
Yes. All 26 security tools run entirely in your browser using JavaScript and the Web Crypto API. Passwords you generate, text you encrypt, hashes you compute, and JWT tokens you decode are never sent to any server. There is no server-side processing, no data collection, and no network transmission of your sensitive inputs. This client-side architecture is fundamentally more secure than cloud-based security tools that require uploading your data to remote servers. You can verify this by monitoring your browser's network tab while using any tool. FindUtils security tools are safe for handling production passwords, API keys, authentication tokens, and other sensitive security data.
Can I trust the password generator?
The FindUtils password generator uses the Web Crypto API's crypto.getRandomValues() function, which provides cryptographically secure pseudo-random number generation (CSPRNG). This is the same entropy source used by browsers for TLS/SSL connections and is considered secure for generating passwords, tokens, and cryptographic keys. The generator runs locally in your browser with no server communication. You can customize password length from 4 to 128 characters and select character sets including uppercase, lowercase, numbers, and special symbols. The tool also displays real-time password strength analysis using the zxcvbn algorithm, showing estimated crack time and entropy bits for each generated password.
What hash algorithms are supported?
FindUtils supports a comprehensive range of hash algorithms for both text and file hashing. For text hashing, available algorithms include MD5 (128-bit), SHA-1 (160-bit), SHA-256 (256-bit), SHA-384 (384-bit), SHA-512 (512-bit), and HMAC variants of each algorithm for keyed hashing. The file hash tool supports the same algorithms and can compute checksums for files of any size by processing them in chunks using the browser's streaming API. All hashing uses the native Web Crypto API for maximum performance. The tools display results in hexadecimal and Base64 encoding. You can use these tools to verify file integrity, generate content-addressable hashes, or validate checksums against known values.
Can I check if my password has been leaked?
Yes. The FindUtils password breach checker uses the Have I Been Pwned (HIBP) API with a k-anonymity privacy model. When you enter a password to check, the tool computes its SHA-1 hash locally in your browser, then sends only the first 5 characters of the hash prefix to the HIBP API. The API returns all known breached password hashes that share that prefix, and your browser checks locally whether your full hash appears in the returned set. This means your actual password, and even its complete hash, is never transmitted over the network. The HIBP database contains over 12 billion compromised credentials from major data breaches, making it the most comprehensive breach database available.