πŸ”Ž Source Code Analyzer

Paste HTML/JS source code and auto-find flags, comments, hidden fields, endpoints, secrets & more.

πŸ“‘ HTTP Header Inspector

Paste HTTP response headers to analyze security configs, find hidden info, and detect misconfigurations.

πŸ”— URL & Parameter Analyzer

Dissect URLs, extract parameters, detect injection points, and find interesting endpoints.

πŸ—„οΈ SQL Injection Toolkit

Generate SQLi payloads for Union, Boolean, Time-based, and Error-based injection. Supports MySQL, PostgreSQL, SQLite, MSSQL.

🧩 SSTI Exploit Generator

Server-Side Template Injection payloads for Jinja2, Twig, Mako, Pug, ERB, Velocity, Freemarker.

⚠️ XSS Payload Generator

Cross-Site Scripting payloads with WAF bypass, encoding tricks, and context-aware generation.

πŸ’€ Command Injection

OS command injection payloads for Linux & Windows, with filter bypass techniques.

πŸ“ LFI / Path Traversal

Local File Inclusion & path traversal payloads with filter bypass (null byte, double encoding, wrappers).

🌐 SSRF Payloads

Server-Side Request Forgery payloads with IP bypass, protocol tricks, and cloud metadata targets.

πŸ“€ File Upload Bypass

Generate malicious filenames, MIME types, and web shell payloads to bypass upload filters.

🎫 JWT Decoder & Forger

Decode JWT tokens, edit claims, test none algorithm, brute-force weak secrets, and forge tokens.

πŸ†” IDOR Helper

Generate ID sequences, UUID variations, and encoding tricks to test Insecure Direct Object References.

πŸ”„ Universal Encoder / Decoder

Multi-format encode/decode: Base64, URL, HTML, Hex, Unicode, Binary. Recursive auto-decode to find hidden data.

🐚 Reverse Shell Generator

Generate reverse shell one-liners for any language. Includes listener commands.

🏁 Ultimate Flag Finder

Paste any data β€” tries ALL possible decodings, encodings, and patterns to find flags. The nuclear option.

πŸ“¨ HTTP Request Builder

Build and visualize HTTP requests. Generate cURL, Python requests, and fetch() code.