CyberChef
CyberChef CyberChef is the open-source web app from GCHQ that chains encoding ops like Base64 to hex conversions, URL percent-escapes, and hash generations (MD5/SHA) in a drag-and-drop recipe for decoding obfuscated strings or crafting payloads. Clone the repo and run locally to avoid online traces, iterating transforms with previews for precise reversals. GitHub-native and modular, it's the ultimate encoder lab for pentesters mangling data offline without limits.
Explore →hash-bash
hash-bash hash-bash is the bash script suite for quick hashing (MD5, SHA variants) and Base64/hex encoding/decoding via one-liners, ideal for terminal workflows on compromised hosts or local tests. Fork it to add custom algos, piping inputs through functions for chained ops like URL-safe Base64. Open-source and script-simple, it's the pocket toolkit for solo hackers generating identifiers without GUI fluff.
Explore →base64-url
base64-url base64-url is the Go library for URL-safe Base64 encoding/decoding, stripping pads and handling non-alphabetic chars for JWT or query param mangling in API fuzzing. Integrate via go get for custom tools, converting hex strings to safe formats with minimal code. Open-source and lightweight, it's the precision converter for devs embedding encoders in their recon scripts.
Explore →hex-to-base64
hex-to-base64 hex-to-base64 is the Python script that flips hex dumps to Base64 or vice versa, with URL encoding options for seamless payload crafting in web exploits or log parsing. Run it standalone or import as a module, adding salts for hash-like twists on the fly. Open-source and dual-purpose, it's the bridge builder for analysts transmuting formats in forensic chains.
Explore →url-encoder-decoder
url-encoder-decoder url-encoder-decoder is the Node.js CLI for percent-encoding URLs and query strings, supporting UTF-8 and HTML entities for cleaning or obfuscating params in Burp requests. npm install and run with flags for batch files, decoding logs or generating safe links effortlessly. Open-source and JS-native, it's the string surgeon for web pentesters prepping payloads without browser dependencies.
Explore →xxHash
xxHash xxHash is the ultra-fast non-cryptographic hasher library with CLI wrappers for generating 32/64-bit IDs from files or strings, outpacing MD5 for large-scale integrity checks. Build from source for custom bindings, streaming hashes for real-time verification in scripts. Open-source and speed-obsessed, it's the lightning ledger for individuals hashing streams without bottlenecks.
Explore →base45
base45 base45 is the compact encoder for vaccine certs or QR payloads, converting binary to text with fewer chars than Base64 for tight spaces like SMS exploits. Go-based CLI for encode/decode, with padding options for hex inputs. Open-source and niche-efficient, it's the squeeze tool for pentesters fitting data into constrained channels.
Explore →hash-identifier
hash-identifier hash-identifier is the type detective that probes strings for hash formats (MD5, SHA, bcrypt) with entropy analysis, aiding decodes or cracks by suggesting algos. Python script for CLI runs on mystery artifacts, outputting probabilities for next steps. Open-source and probabilistic, it's the format fortune-teller for forensics folks unraveling unknown encodings.
Explore →urlsafe-base64
urlsafe-base64 urlsafe-base64 is the Python module for RFC-compliant URL-safe encoding/decoding, swapping +/ for -_ to avoid percent-escapes in web params or tokens. Import and call on strings or bytes, chaining with hex for hybrid transforms. Open-source and standard-strict, it's the safe harbor for devs securing URLs without extra munging.
Explore →hex2bin