Incident Response Toolkit
When an incident breaks, every second counts. Incident responders need to decode payloads, correlate timestamps, hash files, and extract indicators of compromise — all under pressure. These free, browser-based tools provide instant access to the utilities you need during the critical early hours of an investigation. Everything runs client-side, so sensitive incident data stays in your browser.
Base64 Encoder / Decoder
Attackers love Base64. Decode obfuscated PowerShell commands, encoded payloads in phishing emails, and hidden strings in malware droppers. One of the first tools you reach for when analyzing a suspicious artifact.
MD5 / Hash Generator
Generate file hashes for malware samples, suspicious executables, and recovered artifacts. Cross-reference hashes with VirusTotal, MISP, and your internal threat intelligence feeds to identify known threats.
Timestamp Converter
Build accurate incident timelines by converting Unix epoch timestamps from firewall logs, SIEM events, cloud audit trails, and endpoint telemetry into human-readable dates across time zones.
IP Address Lookup
Look up attacker IP addresses to determine geographic origin, hosting provider, and ASN. Identify whether traffic comes from a known cloud provider, VPN exit node, or bulletproof hosting service.
Hex Converter
Decode hex-encoded payloads from packet captures, malware analysis, and memory forensics. Convert between hex and ASCII to reveal obfuscated strings in binary artifacts.
URL Encoder / Decoder
Decode obfuscated URLs from phishing campaigns and watering-hole attacks. Reveal the actual destination behind chains of percent-encoded redirects used to evade email security filters.
RegExp Tester
Build regex patterns on the fly to extract IOCs from log dumps, parse attacker commands from process execution logs, or create detection rules for your SIEM during active response.
JSON Formatter & Validator
Pretty-print JSON from cloud API responses, SIEM query results, and threat intelligence feeds. The structured view helps you quickly identify the relevant fields in large, nested payloads.
Unicode Converter
Decode Unicode-encoded strings used by attackers to bypass security controls. Reveal punycode domains, homograph characters, and obfuscated text in phishing artifacts.
Code Diff Tool
Compare configuration files before and after a breach to identify unauthorized changes. Diff compromised scripts against known-good baselines to pinpoint the attacker's modifications.
User-Agent Parser
Analyze user-agent strings from web server logs to identify unusual clients, automated tools, and attacker infrastructure. Spot discrepancies between claimed and actual browser capabilities.
Duplicate Line Remover
Deduplicate IOC lists, extracted IP addresses, and log entries before sharing with other teams or importing into containment tools. Clean data accelerates response.