// SECURITY TOOLKIT
Defensive analyst tools, built in.
Nine practical tools for hardening and triage — all running natively on the platform. Network tools are rate-limited and refuse internal targets.
JWT Inspector
Defensive utilities only. Network tools refuse internal/reserved addresses and are rate-limited.
Frequently asked questions
Is it safe to paste a JWT here?
The token is decoded in your session and not stored. Still, avoid pasting production tokens that are currently valid — rotate anything you share anywhere.
Why is "alg: none" dangerous?
It tells verifiers to skip signature checks, letting attackers forge tokens. Always require a strong algorithm like RS256 or ES256.