Free Security Tools
Six focused security tools for developers. No account required. No data stored. Inspired by Anthropic's Project Glasswing.
Security Headers Checker
Audit any website's HTTP security headers against OWASP and Mozilla Observatory recommendations. Get a per-header grade and specific fix instructions.
- βContent-Security-Policy (CSP)
- βHTTP Strict Transport Security (HSTS)
- βX-Frame-Options, X-Content-Type-Options
- βReferrer-Policy, Permissions-Policy
JWT Decoder & Debugger
Decode JWT tokens in real time directly in your browser. Flags dangerous algorithms (alg:none), expired tokens, missing claims, and other security misconfigurations.
- βDecode header and payload instantly
- βDetect alg:none and weak algorithms
- βCheck expiry and issued-at timestamps
- βFlag missing security claims
Secret Scanner
Paste code, config files, or environment files to detect accidentally committed secrets. Covers API keys, tokens, certificates, passwords, and more.
- βAWS, GCP, Azure credentials
- βGitHub, GitLab, NPM tokens
- βStripe, Twilio, SendGrid keys
- βPrivate keys and certificates
Dependency Vulnerability Checker
Paste your package.json, requirements.txt, or Gemfile to check for known CVEs in your dependencies. See severity ratings and recommended upgrade paths.
- βnpm / yarn (package.json)
- βPython (requirements.txt)
- βCVE severity (critical/high/medium/low)
- βRecommended fix versions
OWASP Top 10 Checklist
Interactive OWASP Top 10 checklist tailored to your application stack. Track what you've covered, what needs attention, and get guidance on each category.
- βAll OWASP Top 10 2021 categories
- βStack-specific guidance
- βExportable audit report
- βLinks to OWASP resources
Coming Soon
AI Security Code Review
Submit a code snippet for AI-powered security analysis. Inspired by Anthropic's Project Glasswing, this tool finds injection risks, auth flaws, and insecure patterns.
All tools are free. No account needed.
Inspired by Anthropic's Project Glasswing initiative. Learn about Claude Mythos β