All tools

Every BlueTeamKit utility — no signup, client-side where possible, honest output always.

Check & assess

live check

Security Headers Checker

Grade any site's HTTP security headers — CSP, HSTS, frame protection — with plain-English fixes.

live check

DNS Lookup

Query A, MX, TXT, SPF, DMARC and more over DNS-over-HTTPS. Includes one-click email-auth checks.

live data · NVD

CVE Lookup

CVE details straight from NVD: CVSS score and vector, CISA KEV status, weaknesses, references.

100% in-browser

Email Header Analyzer

Paste raw email headers: hop-by-hop path, SPF/DKIM/DMARC results, spoofing red flags.

Fix & harden

100% in-browser

Security Headers Generator

Pick your headers, get copy-paste config for nginx, Apache, Caddy, Cloudflare, IIS, and Express.

100% in-browser

CVSS 3.1 Calculator

Score vulnerabilities to the FIRST spec: base and temporal metrics, severity rating, vector string both ways.

Decode & convert

100% in-browser

JWT Decoder

Decode JSON Web Tokens locally. Header, claims, expiry sanity checks. The token never leaves your machine.

100% in-browser

Decoder Toolbox

Base64, URL, hex, SHA hashes, epoch timestamps — the everyday conversions, all client-side.

Client-side tools never transmit your input; live checks state exactly what they fetch. Scoring and grading logic is documented on the methodology page.