// arsenal

TOOLS

Three operational kits to audit, exploit and defend.

// 01

PQC Toolkit

KEM · Signatures · Hybrid

Drop-in post-quantum cryptography across Next.js, Python and PHP. Functional code, downloadable.

$ ml_kem768.encapsulate(server_pub)
OPEN TOOL →
// 02

Vuln Scanner

24 signatures · 7 modules

Catalog of known and exploitable holes. Pipe a target, get a hit-list. Manual included.

$ scan --target https://you.tld --modules tls,headers,cms,pq
OPEN TOOL →
// 03

Zero-Day Hunter

AI co-pilot · static + semantic

AI-assisted code review for previously unseen weaknesses. Paste, scan, triage.

$ hunt --lang python --file app.py --depth deep
OPEN TOOL →
// 04

Mosca calculator

Theorem · deadlines · Q-day

X + Y > Z: translates secret shelf life and migration time into a concrete deadline before Q-day.

$ mosca(secret=10, migration=3, qday=2030)
OPEN TOOL →
// 05

Shor resource estimator

RSA · qubits · Toffolis

Physical qubits, Toffoli gates and wall-clock time Shor needs to factor your RSA.

$ estimate(rsa_bits=2048, p_phys=3e-4)
OPEN TOOL →
// 06

Grover-on-AES

AES · 2^n/2 · security

Effective AES-128/192/256 break time under Grover by adversary quantum capacity.

$ grover(aes=192, rate=1e9)
OPEN TOOL →
// 07

JWT decoder + PQ audit

JWT · JOSE · alg audit

Decode header, payload, signature. Flags alg:none, expired and Shor-vulnerable algorithms.

$ jwt.decode(token) → alg: RS256 ← Shor-vulnerable
OPEN TOOL →
// 08

TLS + PQ probe

cert · headers · hybrid

Probe a host, read its certificate, measure latency, report hybrid KEX hints.

$ probe --host cloudflare.com --port 443
OPEN TOOL →
// 09

Security headers analyzer

CSP · HSTS · grade

A-F grade + checklist of HSTS, CSP, X-Frame-Options, Permissions-Policy and more.

$ analyze --url https://example.com
OPEN TOOL →
// 010

X.509 certificate analyzer

PEM · ASN.1 · OID · PQ

Parse a PEM in the browser. Issuer, validity, signature, alert if expiring soon.

$ parsePEM(pem) → ML-DSA-65 ← PQ-safe
OPEN TOOL →
// 011

Hash + HMAC

sha2 · sha3 · hmac

SHA-1/256/384/512 plus HMAC with any key. SubtleCrypto in the browser.

$ sha384(msg) · hmac(sha256, key, msg)
OPEN TOOL →
// 012

AEAD playground

AES · GCM · 256-bit

Encrypt and decrypt with AES-256-GCM or AES-128-GCM. Fresh keys and nonces on one click.

$ aes-256-gcm.encrypt(key, iv, pt, aad)
OPEN TOOL →
// 013

Passwords + entropy

entropy · strength · crack

Generate passwords with visible entropy bits and measure any existing password.

$ gen(len=20, classes=[a-z,A-Z,0-9,!@#])
OPEN TOOL →
// 014

TOTP / HOTP

RFC 6238 · base32

RFC 6238/4226 2FA codes. Paste a base32 secret (otpauth://) and see the current code + next 4.

$ totp(secret, alg=SHA-1, digits=6, period=30)
OPEN TOOL →
// 015

Encoder / decoder

b64 · hex · url · entities

Base64, base64url, hex, URL, ROT13, JS escape, HTML entities. Bidirectional instant.

$ "hello".btoa() === "aGVsbG8="
OPEN TOOL →
// 016

UUID + ULID

v4 · v7 · ulid · nanoid

UUID v4 (random), v7 (timestamp-prefixed), ULID, nanoid, snowflake. Batches up to 100.

$ uuid.v7() → 0192a4e8-7b3f-7c2d-9af1-...
OPEN TOOL →
// 017

Diceware passphrase

EFF · 7-word · 90-bit

Readable passphrases with measured entropy. EFF wordlist. 7 words ≈ 90 bits ≈ PQ-ready.

$ dice 5d6 ×7 → correct-horse-battery-staple-…
OPEN TOOL →
// 018

CIDR / IP calculator

IPv4 · IPv6 · subnets

Range, mask, broadcast, host count and subnets. IPv4 and IPv6.

$ cidr 10.0.0.0/22 → 1022 hosts
OPEN TOOL →
// 019

DNS-over-HTTPS

DoH · TXT · CAA · DNSSEC

Query A, AAAA, MX, TXT, NS, SOA, CAA, DNSKEY against DoH resolvers.

$ dig +short example.com TXT @1.1.1.1
OPEN TOOL →
// 020

Regex tester

JS · groups · timing

JS pattern, flags, named groups, all matches, timing.

$ /(?<host>[\w.-]+):(?<port>\d+)/g
OPEN TOOL →
// 021

JSON + JSONPath

lint · pretty · query

Validate, format, minify and query JSON with JSONPath ($.store.book[*].title).

$ $.users[?(@.age>18)].email
OPEN TOOL →
// 022

BIP39 mnemonic

seed · entropy · offline

12/15/18/21/24 words. Visible entropy, checksum verification, offline.

$ bip39.gen(strength=256) → 24 words
OPEN TOOL →
// 023

SSH key parser

ssh-rsa · ed25519 · ecdsa

OpenSSH public: algorithm, SHA-256/MD5 fingerprint, bits, comment.

$ ssh-keygen -lf id_ed25519.pub
OPEN TOOL →
// 024

CBOM generator

CycloneDX · PQ readiness

CycloneDX-style Cryptography Bill of Materials from your inventory.

$ cbom --format cyclonedx --pq-tag
OPEN TOOL →
// 025

Timestamp converter

epoch · ISO · zones

Unix, ms, ISO 8601, RFC 3339, IANA zones, deltas.

$ 1717372800 → 2024-06-03T00:00:00Z
OPEN TOOL →
// 026

Cron parser

crontab · next · explain

Explain a cron expression in human language and predict the next 10 runs.

$ 0 9 * * 1-5 → weekdays at 09:00
OPEN TOOL →
// 027

HTTP status reference

RFC 9110 · 1xx-5xx

Instant HTTP status lookup with explanation, RFC and when to use.

$ 429 → Too Many Requests
OPEN TOOL →
// 028

QR generator

SVG · offline · wifi

Offline QR as SVG. Text, URL, wifi (WIFI:T:WPA;S:…;P:…;). No network.

$ qr.svg("https://qbit404.com")
OPEN TOOL →
// 029

Markdown live

CommonMark · safe · export

Live Markdown render with safe sanitization. Export HTML.

$ md → html, scripts removed
OPEN TOOL →
// 030

Base32 / Base58 / Base62

RFC 4648 · bitcoin

Encode/decode between Base32 RFC 4648, Base58 Bitcoin and Base62 URL-safe.

$ base58("hello") → "Cn8eVZg"
OPEN TOOL →
// 031

URL parser

IDN · query · canonical

Components, query sort, punycode/IDN, canonical rebuild.

$ url.parse("https://qbit404.com/news?q=pqc")
OPEN TOOL →
// 032

Classical ciphers

caesar · vigenère · atbash

Caesar, ROT, Vigenère, Atbash, Playfair. Educational, never production.

$ vigenere("attack", key="LEMON")
OPEN TOOL →