All tools
Every BlueTeamKit utility — no signup, client-side where possible, honest output always.
Check & assess
Security Headers Checker
Grade any site's HTTP security headers — CSP, HSTS, frame protection — with plain-English fixes.
DNS Lookup
Query A, MX, TXT, SPF, DMARC and more over DNS-over-HTTPS. Includes one-click email-auth checks.
CVE Lookup
CVE details straight from NVD: CVSS score and vector, CISA KEV status, weaknesses, references.
Email Header Analyzer
Paste raw email headers: hop-by-hop path, SPF/DKIM/DMARC results, spoofing red flags.
Fix & harden
Security Headers Generator
Pick your headers, get copy-paste config for nginx, Apache, Caddy, Cloudflare, IIS, and Express.
CVSS 3.1 Calculator
Score vulnerabilities to the FIRST spec: base and temporal metrics, severity rating, vector string both ways.
Decode & convert
JWT Decoder
Decode JSON Web Tokens locally. Header, claims, expiry sanity checks. The token never leaves your machine.
Decoder Toolbox
Base64, URL, hex, SHA hashes, epoch timestamps — the everyday conversions, all client-side.
Client-side tools never transmit your input; live checks state exactly what they fetch. Scoring and grading logic is documented on the methodology page.