Developer tools for security engineers

Find leaked secrets and PII, sanitize debugging artifacts, and verify signatures before anything is shared — all locally, so sensitive material never leaves your machine.

Run the Log Sanitizer workflow → Browse security tools →

Common daily tasks

Remove secrets/PII before sharing logs
Sanitize HAR files before sending to vendors
Verify webhook signatures
Inspect JWT claims safely
Check certificate expiry/subject
Generate hash digests for verification

Recommended workflows

Log Sanitizer — redact PII then scan for secrets.
HAR Redact Prep — snippet redact and scan, then HAR Sanitizer.
Base64 Decode Secret Scan — decode a Base64 payload and scan for secrets.
JWT Claims Secret Scan — decode JWT claims and flag secrets.

Top tools for security engineers

Secrets Scanner

Scan logs, payloads and config for exposed API keys, tokens and passwords.

Scan for secrets →

PII Detector & Redactor

Detect and redact emails, phone numbers, IP addresses and card numbers from text.

Redact PII →

HAR Sanitizer

Redact cookies, tokens and Authorization headers from HAR files before sharing.

Sanitize a HAR file →

Webhook Signature Verifier

Recompute Stripe/GitHub/Slack/custom HMAC signatures to debug mismatches.

Verify a webhook →

See the full security & debugging tool cluster →

Why browser-local matters for security engineers

Security work means handling logs, tokens, HAR captures and signing secrets that must not be exposed. Your pasted tool data is processed locally in your browser and is not uploaded for tool processing. That means you can scan and redact sensitive material without trusting a third-party server.

FAQ

Is sensitive data uploaded when I scan for secrets?

No. Your pasted tool data is processed locally in your browser and is not uploaded for tool processing, so logs, tokens and PII are scanned in memory and never sent to a server.

How do I remove secrets from a log before sharing it?

Run the Secrets Scanner (or the Log Sanitizer workflow) to detect and mask API keys, tokens and passwords, then copy the redacted output.

Should I sanitize a HAR file before sending it to support?

Yes. HAR files contain cookies, Authorization headers and request bodies; the HAR Sanitizer redacts them locally before you share the file.

Can I redact PII like emails and credit-card numbers?

Yes. The PII Detector & Redactor finds emails, phone numbers, IP addresses and Luhn-valid card numbers and masks them, all in your browser.

API developers — decode tokens, verify webhooks, debug responses.
DevOps / SRE — validate manifests, scan configs for secrets.
Security and debugging tools — the full tool cluster.
Sanitize a HAR file before sharing it with support