How to test a zip password online for free
- Step 1Open the Archive Password Tester — Go to archive-password-tester. Everything runs client-side, so there is nothing to install and no account required for the free tier.
- Step 2Drop your encrypted ZIP — Drag a single
.ziponto the dropzone or click to pick it. This tool reads ZIP archives via zip.js — it does not decrypt 7z or RAR passwords. For a 7z/RAR you would extract elsewhere; for testing encryption presence first, see encrypted-archive-detector. - Step 3Type the candidate password — Enter the password into the masked Password field (placeholder:
Type the password to verify). Leaving it empty triggersEnter a password to test.— the tool will not guess for you. - Step 4Run the test — Start processing. The tool fetches the central directory, locates the first
encrypted && !directoryentry, and attempts to decrypt just that entry's data. - Step 5Read the verdict — The metrics panel shows Verdict (
correct,incorrect, anerror: …, orno encrypted entries found in archive) and Tested entry (the filename it checked, or—).correctmeans the password unlocks the archive. - Step 6Save or copy the report — Copy the JSON to your clipboard or download it as
<name>-password-test.jsonfor an audit trail. The body is{ filename, testedEntry, verdict }.
What each verdict means
The tool decrypts the first encrypted, non-directory entry and reports one of these verdicts. Verdict strings come straight from the processor's testPassword logic.
| Verdict | What happened | What to do next |
|---|---|---|
correct | The first encrypted entry decrypted cleanly with the password you typed | This is the right password — use it to extract via multi-format-extractor or selective-extractor |
incorrect | zip.js threw an error whose message contained password, invalid, or crc | Wrong password (or wrong character/case). Try the next candidate; there is no recovery from a truly lost password |
error: <message> | Decryption failed for a reason other than a password/CRC mismatch (e.g. unsupported method, corrupt entry) | The archive may be damaged — try archive-integrity-tester or corrupted-zip-repair |
no encrypted entries found in archive | Every entry in the ZIP is stored unencrypted (no entry had the encrypted flag set) | This ZIP has no password to test. Confirm with encrypted-archive-detector |
Free vs paid tiers for this tool
Archive-family limits applied per file. A password test still needs to open the whole central directory, so the entry-count limit matters as much as file size.
| Tier | Max file size | Max entries / archive | Files per run | Cost |
|---|---|---|---|---|
| Free | 50 MB | 500 entries | 1 | $0, no signup |
| Pro | 500 MB | 50,000 entries | 20 | Paid |
| Pro-media | 2 GB | 500,000 entries | 100 | Paid |
| Developer | 2 GB | 500,000 entries | Unlimited | Paid |
Cookbook
Real verify-don't-extract scenarios. The JSON shown is the exact { filename, testedEntry, verdict } shape the tool emits, and the verdict labels are the literal strings from the processor.
Confirm the right password before a slow extract
You have a 4 GB encrypted ZIP and three candidate passwords. Extracting to test each one would take minutes per try. Testing the first entry takes milliseconds, so you find the right one fast, then extract once.
Input: backup-2026.zip (4.1 GB, AES entries)
Password tried: "Spring#2026"
Report:
{
"filename": "backup-2026.zip",
"testedEntry": "db/dump.sql",
"verdict": "correct"
}
Now extract once with confidence instead of three failed full extractions.A wrong password from the manager
The value you copied from your password manager was for a different archive. The tool tells you immediately rather than after a long failed extraction.
Input: client-handoff.zip (ZipCrypto)
Password tried: "Welcome123"
Report:
{
"filename": "client-handoff.zip",
"testedEntry": "README.txt",
"verdict": "incorrect"
}The ZIP isn't actually encrypted
Someone said the archive was 'password protected' but the entries are stored in plaintext. The tester reports that there is nothing to test.
Input: shared-folder.zip (no encrypted entries)
Password tried: "anything"
Report:
{
"filename": "shared-folder.zip",
"testedEntry": null,
"verdict": "no encrypted entries found in archive"
}Working down a candidate list by hand
You wrote down four likely passwords during a project. Test them one at a time — the tool is fast enough to make this a few-seconds task per candidate.
ourproject2025 -> incorrect OurProject2025 -> incorrect OurProject_2025! -> correct <- tested entry: assets/logo.png The third candidate decrypts the first entry. Stop here.
Reading the saved JSON report later
Download the verdict so a teammate or your future self knows which password matched which archive without re-running anything.
$ cat invoices-q4-password-test.json
{
"filename": "invoices-q4.zip",
"testedEntry": "2025-12.csv",
"verdict": "correct"
}Edge cases and what actually happens
Password field left empty
RejectedSubmitting with no password throws Enter a password to test. The tool tests only the password you type — it never tries blank or default passwords on your behalf.
ZIP has no encrypted entries
By designIf no entry has the encrypted flag, the verdict is no encrypted entries found in archive and testedEntry is null. There is no password to verify. Confirm encryption with encrypted-archive-detector.
Only the first encrypted entry is tested
ExpectedMixed archives can contain plaintext and encrypted entries. The tool decrypts the first encrypted, non-directory entry only. If different entries used different passwords (unusual), it reflects the first one's result.
Wrong character or case in the password
incorrectZIP passwords are case- and byte-sensitive. A trailing space, smart-quote, or wrong case yields incorrect. Retype carefully — the field is masked, so paste rather than hand-type long passwords.
7z or RAR file dropped
Unsupported formatThis tool decrypts ZIP via zip.js; it cannot test 7z or RAR passwords. The reader will not find ZIP structure and the test cannot complete. Use the appropriate native tool for 7z/RAR.
Corrupt or truncated encrypted entry
errorIf the entry is damaged so decryption fails for a non-password reason, the verdict is error: <message> rather than incorrect. Repair with corrupted-zip-repair first.
Archive over the tier limit
413 too largeA ZIP above your tier's file-size or 500/50,000/500,000 entry-count cap is rejected before processing. The whole central directory must be read to find the encrypted entry, so entry count counts.
AES vs ZipCrypto
SupportedBoth are handled — zip.js detects each entry's encryption method automatically. You do not pick a method; you just type the password and the reader applies the right algorithm.
Hoping to recover a forgotten password
Not a recovery toolThis verifies a password you already have. It does not brute-force, dictionary-attack, or recover lost passwords. If the password is truly lost and the archive uses AES, there is no feasible recovery — restore from backup.
Correct password but the file still won't extract elsewhere
PreservedA correct verdict means the first encrypted entry decrypts. If another tool still fails, the issue is that tool's format support, not the password — confirm full integrity with archive-integrity-tester.
Frequently asked questions
Is this really free?
Yes. The free tier tests ZIPs up to 50 MB / 500 entries with no signup. Larger archives need a paid tier (Pro 500 MB / 50,000 entries, Pro-media 2 GB / 500,000 entries, Developer 2 GB / 500,000 / unlimited files), but a one-off forgotten-password check is free.
Does my ZIP get uploaded anywhere?
No. The tool runs entirely in your browser using zip.js. The encrypted file and the password you type stay on your machine — there is no server-side processing path for archive tools.
Can it brute-force or recover a lost password?
No. It tests exactly one password — the one you type — at a time. It is a verifier, not a cracker. If the password is genuinely lost and the archive uses AES, recovery is computationally infeasible; restore from a backup instead.
Why not just try to extract the archive?
Extracting a multi-gigabyte ZIP to test a password takes minutes because every entry is decrypted. This tool decrypts only the first encrypted entry, so you get the same yes/no answer in milliseconds.
Does it support AES-encrypted ZIPs?
Yes. Both AES (WinZip/7-Zip-style AES) and legacy ZipCrypto entries are supported. zip.js detects each entry's encryption method automatically — you only supply the password.
What does 'no encrypted entries found in archive' mean?
Every entry in the ZIP is stored unencrypted, so there is no password to test. The archive is not password-protected. Verify with encrypted-archive-detector.
Can it test 7z or RAR passwords?
No. It decrypts ZIP archives via zip.js. 7z and RAR password verification is out of scope for this tool. For those, use the appropriate native utility.
What output do I get?
A JSON report: { filename, testedEntry, verdict }, downloadable as <name>-password-test.json. The on-screen metrics panel shows the Verdict and the Tested entry name.
Why does it say 'incorrect' when I'm sure the password is right?
Check for a trailing space, smart-quotes from copy-paste, or a case difference — ZIP passwords are byte-exact. Paste the value rather than hand-typing it into the masked field.
Why did I get an 'error:' verdict instead of incorrect?
The decryption failed for a non-password reason — usually a corrupt or unsupported entry. Try corrupted-zip-repair or archive-integrity-tester.
Does testing the password modify my archive?
No. The operation is read-only — it decrypts one entry into memory and discards it. Your original ZIP on disk is never altered.
I confirmed the right password — what now?
Extract the contents with multi-format-extractor for the whole archive, or selective-extractor to pull only matching files.
Privacy first
Every JAD Archive tool runs entirely in your browser using fflate, @zip.js/zip.js, and the libarchive WASM bridge. Your archives never leave your device — verified by zero outbound network requests during processing.