ToolWox
Log inSign up

Developer Tools

Test regex, decode and sign JWTs, and generate MD5, SHA and bcrypt hashes.

Developer Tools list

Hash Generator

Hash text with MD5, SHA-1, SHA-256, SHA-384 and SHA-512 — all at once.

SHA256 Generator

Generate the SHA-256 hash of any text, instantly and locally.

MD5 Generator

Generate the MD5 hash of any text, instantly and locally.

Regex Tester

Test regular expressions live with match highlighting, capture groups and every JavaScript flag.

Regex Generator

Build common regular expressions from ready-made presets, with explanations and a live tester.

JWT Decoder

Decode a JSON Web Token to read its header and payload as formatted JSON — entirely in your browser.

JWT Encoder

Build and sign an HS256 JSON Web Token from your header, payload and secret — all in the browser.

JWT Inspector

Decode a JWT, read humanized claims with expiry status, and optionally verify the HS256 signature.

SHA1 Generator

Generate a SHA-1 hash from any text instantly, right in your browser.

SHA512 Generator

Generate a 512-bit SHA-512 hash from any text instantly in your browser.

bcrypt Generator

Hash passwords with bcrypt and an adjustable cost factor, locally in your browser.

bcrypt Compare

Check whether a plaintext password matches a bcrypt hash, locally in your browser.

About Developer Tools

Developer tools cover the small, high-frequency tasks programmers hit every day: testing a regular expression against sample text and watching every match light up, assembling a pattern from common building blocks, decoding, encoding or inspecting JSON Web Tokens, and hashing text with MD5, SHA-1, SHA-256, SHA-512 or bcrypt. Instead of bouncing between a regex playground, a JWT debugger, a hash generator and a snippet of throwaway code, you get them side by side in one fast, distraction-free workspace.

Every tool here runs entirely in your browser. The text you test a regex against, the tokens you paste to inspect — which often carry user identifiers, scopes and claims — and the passwords or secrets you hash never leave your machine. SHA digests use the native Web Crypto API, MD5 uses a self-contained implementation, and bcrypt runs a real Blowfish-based key schedule with a configurable cost factor. There is no server round trip, so matches re-highlight, tokens re-decode and hashes recompute the instant you type.

These tools are built wide. Each one takes the full width of the page with no sidebar, giving regex matches, decoded token payloads and hash output the horizontal room they need to stay readable. Use them together across a debugging session: craft a pattern with the generator, validate it in the tester, decode the JWT it was meant to match, then hash the credential behind it. A quick note on choosing a hash: MD5 and SHA-1 are fast and fine for non-security checksums but broken for anything adversarial; SHA-256 and SHA-512 are the modern default for integrity; and bcrypt, being deliberately slow and salted, is the right choice for storing passwords.

Frequently asked questions

Are these developer tools free?
Yes. Every developer tool on this site is free, with no sign-up and no usage limits.
Is my regex input, JWT or password sent to a server?
No. Regex matching, JWT decoding and hashing all run entirely in your browser using JavaScript and the Web Crypto API, so your test strings, tokens and secrets never leave your device. Signature verification, when you supply a secret, also happens locally.
Which hash should I use for passwords?
Use bcrypt. It is deliberately slow and automatically salted, which makes brute-force and rainbow-table attacks expensive. Plain MD5, SHA-1 or SHA-256 are far too fast and should never be used to store passwords on their own.
Can a JWT decoder read encrypted tokens?
A standard JWT is signed, not encrypted: its header and payload are only Base64URL-encoded, so anyone can decode and read them. These tools decode that structure. Decoding is not the same as verifying — the signature check confirms the token has not been tampered with.