Metadata scrubbing, PII redaction, AES-256 encryption, hash fingerprints, hex / entropy / steganography forensics. Cipher tables, real error strings, and cookbook examples for every workflow — every page runs the same browser-native engine.
References with full cipher tables, real error strings, and cookbook examples.
Strip the GPS coordinates, camera serial, and timestamps your iPhone bakes into every JPEG — entirely in your browser, with no upload and no account. The GPS / Geotag Remover hands off to the JAD EXIF Scrubber, which re-encodes the image through an HTML Canvas so the saved file carries no EXIF, IPTC, or XMP block at all. Works on any image your browser can open (JPEG, PNG, WebP, GIF, BMP); HEIC must be converted to JPEG first. Verified by zero network requests during processing.
Open referenceEmpty the PDF document-information dictionary — Author, Creator, Producer, Title, Subject, Keywords — and reset both date stamps before sharing a contract, filing, or disclosure. Runs through the canonical PDF Metadata Scrubber, 100% in your browser, with no upload.
Open referenceRemove author, last-modified-by, total-editing-time, comments, and custom document properties from .docx, .xlsx, and .pptx files entirely in your browser before they leave the building. The wiper unzips the OOXML container, deletes docProps/core.xml, docProps/app.xml, docProps/custom.xml, the embedded thumbnail, and every comments / people / threadedComments stream, then repacks — VBA macros survive, no upload, no server round-trip on the browser path.
Open referenceStrip Adobe / DJI / iPhone / camera identifiers, GPS coordinates, and capture timestamps from MP4, MOV, MKV, and WebM with FFmpeg's `-map_metadata -1` and stream-copy. Lossless — never re-encodes — and runs entirely in your browser tab.
Open referenceCarve out every embedded JPEG preview hidden inside a file — EXIF/IFD1 thumbnails in photos, MPF (Multi-Picture) frames, video and PSD preview JPEGs — by scanning the raw bytes for SOI/EOI markers. The extractor pulls each candidate JPEG (1 KB–200 KB, up to 16 per file) into a downloadable ZIP, read-only, entirely in your browser. Developer-tier forensic tool: the original file is never modified.
Open referenceAuto-detect and mosaic every face in a video locally in your browser using the BlazeFace short-range model (MediaPipe FaceDetector). Irreversible nearest-neighbour pixelation, no upload, output as MP4 — the documentary / news anonymisation look for GDPR and CCPA publication. Up to 12 face tracks per clip, with sample-rate, pixel-size and padding controls.
Open referenceStrip GPS coordinates and EXIF location data from photos in your browser. No upload, no account.
Strip the GPS coordinates, camera serial, and timestamps your iPhone bakes into every JPEG — entirely in your browser, with no upload and no account. The GPS / Geotag Remover hands off to the JAD EXIF Scrubber, which re-encodes the image through an HTML Canvas so the saved file carries no EXIF, IPTC, or XMP block at all. Works on any image your browser can open (JPEG, PNG, WebP, GIF, BMP); HEIC must be converted to JPEG first. Verified by zero network requests during processing.
ReadPixel, Samsung Galaxy, and other Android cameras write your exact latitude/longitude into every JPEG when Save Location is on. The GPS / Geotag Remover hands the file to the JAD EXIF Scrubber, which re-encodes the photo through an HTML Canvas so the saved copy has no EXIF, IPTC, or XMP block at all — no GPS, no device fingerprint, no timestamp. Runs 100% in your browser with no upload and no account. JPEG re-encodes at quality 0.95; PNG/WebP/BMP/GIF export as PNG. HEIF must be converted to JPEG first.
ReadListing photos shot on a phone carry the property's exact GPS coordinates and the agent's device fingerprint in their EXIF. The GPS / Geotag Remover hands off to the JAD EXIF Scrubber, which re-encodes each photo through an HTML Canvas so the saved file has no EXIF, IPTC, or XMP block — no coordinates, no camera serial, no capture time. Runs entirely in your browser, no upload, no account. JPEG re-encodes at quality 0.95; other formats export as PNG. Batch-clean a whole listing on a paid tier.
ReadSome platforms strip EXIF on upload and some don't — and you can't always tell which. The GPS / Geotag Remover removes the risk by handing off to the JAD EXIF Scrubber, which re-encodes your photo through an HTML Canvas so the file you upload has no EXIF, IPTC, or XMP block at all — no GPS, no camera fingerprint, no timestamp. Runs 100% in your browser, no upload, no account. JPEG re-encodes at quality 0.95; other formats export as PNG.
ReadWhen a photo could expose where a source, witness, or vulnerable person is, the GPS coordinates baked into its EXIF are a direct risk. The GPS / Geotag Remover hands off to the JAD EXIF Scrubber, which re-encodes the image through an HTML Canvas so the saved file has no EXIF, IPTC, or XMP block at all — no coordinates, no timestamp, no device fingerprint. Runs 100% in your browser with no upload and no account, so the sensitive file never touches a server. JPEG re-encodes at quality 0.95; other formats export as PNG.
ReadRemove PDF author, title, producer, dates, and edit history before sharing. Browser-only.
Empty the PDF document-information dictionary — Author, Creator, Producer, Title, Subject, Keywords — and reset both date stamps before sharing a contract, filing, or disclosure. Runs through the canonical PDF Metadata Scrubber, 100% in your browser, with no upload.
ReadBefore a records officer posts a responsive PDF to a FOIA reading room, empty the document-info dictionary — Author, Creator, Producer, Title, Subject, Keywords — and reset both date stamps so the file itself reveals no drafter, no toolchain, and no internal timeline. Runs through the canonical PDF Metadata Scrubber, 100% in your browser, no upload.
ReadBefore you upload a CV to an ATS or email it to a recruiter, empty the PDF document-info fields — Author, Creator, Producer, Title, Subject, Keywords — and reset both date stamps so a hiring manager cannot read your real name from /Author, see how many times you re-saved it, or tell which template you used. Runs through the canonical PDF Metadata Scrubber, 100% in your browser, no upload.
ReadBefore you upload a manuscript to a double-blind review system, empty the PDF document-info fields — Author, Creator, Producer, Title, Subject, Keywords — and reset both date stamps so a reviewer cannot read your name from /Author in Document Properties. Runs through the canonical PDF Metadata Scrubber, 100% in your browser, no upload.
ReadBefore a press release, white paper, or investor PDF goes public, empty the document-info fields — Producer, Creator, Author, Title, Subject, Keywords — and reset both date stamps so the published file does not fingerprint your exact software stack, name an internal staffer, or reveal an embargo-breaking edit time. Runs through the canonical PDF Metadata Scrubber, 100% in your browser, no upload.
ReadRemove author, comments, and custom properties from .docx, .xlsx, .pptx files in-browser. No upload.
Remove author, last-modified-by, total-editing-time, comments, and custom document properties from .docx, .xlsx, and .pptx files entirely in your browser before they leave the building. The wiper unzips the OOXML container, deletes docProps/core.xml, docProps/app.xml, docProps/custom.xml, the embedded thumbnail, and every comments / people / threadedComments stream, then repacks — VBA macros survive, no upload, no server round-trip on the browser path.
ReadRemove Creator, Last Modified By, Company, Total Editing Time, and reviewer comment streams from a .docx, .xlsx, or .pptx so a double-blind manuscript or supplement carries no author fingerprint. Runs in your browser with JSZip — it unzips the OOXML container, deletes docProps/core.xml, docProps/app.xml, docProps/custom.xml, the embedded thumbnail, and every Word comment / people / threadedComments stream, then repacks. Track changes inside the body are NOT touched — accept them in Word first.
ReadClean the hidden metadata out of a Word, Excel, or PowerPoint file before you send it to a recruiter. The wiper unzips the OOXML container in your browser with JSZip and deletes docProps/core.xml (Author, Last Modified By), docProps/app.xml (Company, Total Editing Time), docProps/custom.xml, the embedded thumbnail, and any leftover comment streams, then repacks with a -clean suffix. It strips properties, not visible text — your name stays on the page; the template's original author and your edit history leave the file.
ReadBefore a freelancer or agency hands a .docx report, .xlsx model, or .pptx deck to a client, this wiper removes the internal fingerprint Office buried in the container. Running in your browser with JSZip, it deletes docProps/core.xml, docProps/app.xml, docProps/custom.xml, the embedded thumbnail, and every Word / Excel / PowerPoint comment and people / persons / commentAuthors stream, then repacks with a -clean suffix. VBA macros are preserved; legacy binary formats are rejected.
ReadGovernment and public-body teams preparing a FOIA or public-records release can strip the hidden metadata from a .docx, .xlsx, or .pptx before it goes public. The wiper runs in your browser with JSZip: it deletes docProps/core.xml, docProps/app.xml, docProps/custom.xml, the embedded thumbnail, and every comment / people / persons / commentAuthors stream, then repacks with a -clean suffix. It removes metadata only — redactions to the visible text must be applied in the source document first.
ReadRemove every ID3v1 / ID3v2 tag and embedded artwork from MP3 files in-browser. Full anonymization.
Remove every ID3v1 and ID3v2 tag, embedded album art, APEv2 footer, and Lyrics3v2 block from an MP3 in your browser. The audio frames are copied byte-for-byte, so quality never changes. Server-safe path available for the JAD runner.
ReadBefore a podcast episode ships, wipe the ID3v2 block that carries your private staging feed URL, internal episode notes, host machine encoder name, and embedded cover art. The audio frames are sliced out byte-for-byte, so the published file plays identically with every tag empty.
ReadThe embedded album-art JPEG in an MP3's ID3v2 APIC frame is usually 100-500 KB of the file. Removing the whole ID3v2 block takes the art with it, shrinking the file and clearing any unreleased or working cover — with the audio copied byte-for-byte.
ReadThe ID3 Ghoster's server-safe path returns each cleaned MP3 as base64 plus exact byte counts, so you can loop a whole folder through the JAD runner. Same byte-accurate strip as the browser, scriptable for pipelines that need removedBytes per file.
ReadAn MP3's ID3 tag often names your encoder (LAME, iTunes, Fraunhofer) and tagging software in TENC/TSSE frames — a workflow fingerprint. The ID3 Ghoster removes the whole tag in one click, copying the audio frames byte-for-byte so nothing attributable survives except the audio itself.
ReadStrip Adobe / DJI / iPhone / camera identifiers and GPS from MP4 / MOV containers. Browser-based.
Strip Adobe / DJI / iPhone / camera identifiers, GPS coordinates, and capture timestamps from MP4, MOV, MKV, and WebM with FFmpeg's `-map_metadata -1` and stream-copy. Lossless — never re-encodes — and runs entirely in your browser tab.
ReadWipe GPS coordinates, home-point location, model name, and firmware strings that DJI and other drones embed in MP4 / MOV files. Lossless `-map_metadata -1` stream-copy that runs in your browser tab — your footage never uploads.
ReadRemove the `com.apple.quicktime` GPS, make/model, and capture-date tags iOS writes into every .MOV and .MP4 before you post to social. Lossless `-map_metadata -1` stream-copy that runs in your browser — your video never uploads.
ReadWipe the `encoder` / `Lavf` software stamp, project title, chapters, and export date that Premiere, DaVinci, and HandBrake write into deliverables. Lossless `-map_metadata -1` stream-copy that runs in your browser — clean, white-label client files.
ReadPlatforms don't reliably strip GPS, device, and capture-date tags from your source upload. Batch-scrub a folder of MP4 / MOV / MKV / WebM clips with lossless `-map_metadata -1` stream-copy that runs in your browser — no upload, no quality loss.
ReadFind and extract embedded thumbnails inside JPEG APP1, MP4 udta, and PSD layer previews. Forensic tool.
Carve out every embedded JPEG preview hidden inside a file — EXIF/IFD1 thumbnails in photos, MPF (Multi-Picture) frames, video and PSD preview JPEGs — by scanning the raw bytes for SOI/EOI markers. The extractor pulls each candidate JPEG (1 KB–200 KB, up to 16 per file) into a downloadable ZIP, read-only, entirely in your browser. Developer-tier forensic tool: the original file is never modified.
ReadWhen someone blurs a face or pixelates a license plate in a photo editor but only the main image is rewritten, the embedded EXIF preview can still hold the un-blurred original. This carver scans the raw bytes of any file for `FF D8 FF ... FF D9` JPEG previews between 1 KB and 200 KB, pulls up to 16 of them into a ZIP, read-only and 100% in your browser — surfacing the un-redacted copy a sloppy blur left behind.
ReadStaged, sky-replaced, or object-removed property photos often keep the un-edited original inside their embedded JPEG preview. This carver scans the raw bytes of a listing photo for `FF D8 FF ... FF D9` JPEG previews between 1 KB and 200 KB, carves up to 16 into a ZIP, read-only and 100% in your browser — so a buyer, agent, or appraiser can see what the listing image looked like before the edit.
ReadA heavily filtered or face-tuned profile photo can still carry the un-filtered original inside its embedded JPEG preview. This carver scans the raw bytes of a photo for `FF D8 FF ... FF D9` JPEG previews between 1 KB and 200 KB, pulls up to 16 into a ZIP, read-only and 100% in your browser — so you can compare the polished image against the version the camera actually captured.
ReadBefore a retoucher, brand team, or designer publishes an exported JPEG, this carver checks whether the file still carries a pre-edit preview. It scans the raw bytes for `FF D8 FF ... FF D9` JPEG previews between 1 KB and 200 KB and pulls up to 16 into a ZIP, read-only and 100% in your browser — so you find a leaking thumbnail in QA, not after the asset is live.
ReadAuto-detect and pixelate faces across batches of photos and videos. GDPR-friendly, browser-based.
Auto-detect and mosaic every face in a video locally in your browser using the BlazeFace short-range model (MediaPipe FaceDetector). Irreversible nearest-neighbour pixelation, no upload, output as MP4 — the documentary / news anonymisation look for GDPR and CCPA publication. Up to 12 face tracks per clip, with sample-rate, pixel-size and padding controls.
ReadFilming a listing video and caught a neighbour, a passer-by, or a tenant in shot? Auto-detect and mosaic every face in the clip locally in your browser before it goes on Zillow, Rightmove, or YouTube. BlazeFace short-range detection, irreversible nearest-neighbour pixelation, MP4 out, no upload. Tune Sample rate, Pixel size, and Padding for walking-pace footage.
ReadReleasing body-worn camera or dashcam footage under a public-records / FOIA request? Auto-detect and irreversibly pixelate every face locally in your browser before disclosure — no upload, no cloud, no chain-of-custody risk. BlazeFace short-range detection, nearest-neighbour mosaic, MP4 out. Tune Sample rate, Pixel size, and Padding for fast-motion, low-light footage.
ReadSharing a lesson recording, a school event, or a teaching-practice clip but some students don't have media consent? Auto-detect and irreversibly mosaic every face locally in your browser before the video leaves your laptop. BlazeFace short-range detection, nearest-neighbour pixelation, MP4 out, no upload — safe for footage of minors. Tune Sample rate, Pixel size, and Padding.
ReadTurning a consultation, procedure, or telehealth recording into teaching or conference material? Auto-detect and irreversibly mosaic every face locally in your browser so patient footage never touches a cloud. BlazeFace short-range detection, nearest-neighbour pixelation, MP4 out, no upload. Tune Sample rate, Pixel size, and Padding for clinical lighting and limited movement.
ReadDetect and redact email addresses, phone numbers, and mailing fields from CSV / JSON / TXT in-browser.
Drop a CSV, JSON, Markdown, TXT, or spreadsheet file and the Email & Phone Scrubber redacts six PII categories in-browser — emails, phone numbers, IBANs (mod-97 verified), credit cards (Luhn verified), US SSNs, and UK National Insurance numbers — replacing each match with a fixed [REDACTED_*] tag. No upload, no options to configure, runs the instant you drop the file.
ReadBefore you fine-tune or RAG-index a CSV/JSON/JSONL corpus, drop it into the Email & Phone Scrubber to redact six PII categories in your browser — emails, phones, IBANs (mod-97 verified), credit cards (Luhn verified), US SSNs, and UK NI numbers — each replaced with a fixed [REDACTED_*] tag. No upload, no options, runs locally so raw customer data never leaves your machine.
ReadAbout to hand a CRM contact export to an agency, contractor, or partner? Drop the CSV/JSON/XLSX into the Email & Phone Scrubber and it redacts six PII categories in-browser — emails, phones, IBANs (mod-97), credit cards (Luhn), US SSNs, UK NI numbers — each as a fixed [REDACTED_*] tag. No upload, no options, fully local so the contact list never leaves your laptop.
ReadExporting helpdesk tickets for analysis, QA, or a knowledge base? Drop the CSV/JSON/TXT into the Email & Phone Scrubber and it redacts six PII categories in your browser — emails, phones, IBANs (mod-97), credit cards (Luhn), US SSNs, UK NI numbers — each as a fixed [REDACTED_*] tag. No upload, no options, fully local so customer messages never leave your machine.
ReadPasting a JSON log into a bug report, ticket, or paste service? Drop the .json/.txt file into the Email & Phone Scrubber first and it redacts six PII categories in-browser — emails, phones, IBANs (mod-97), credit cards (Luhn), US SSNs, UK NI numbers — each as a fixed [REDACTED_*] tag, keeping the JSON valid. No upload, no options, fully local.
ReadManually mark and permanently burn out signatures or handwriting from documents. Pixel-level redaction.
Draw a rectangle over a handwritten signature, initials, or margin note and burn it out at the pixel level — the region is overwritten with solid black and the file is re-encoded as PNG, so there is no hidden layer left to recover. Runs entirely in your browser on the HTML Canvas; nothing is uploaded. Works on raster images (PNG, JPG, scanned-page exports); for the searchable text layer in a born-digital PDF, use the dedicated PDF redactor instead.
ReadHR teams routinely scan signed I-9s, offer letters, NDAs, and policy acknowledgements, then forward the image to a manager, a benefits broker, or a shared drive. The wet-ink signature is personal data you usually do not need to pass along. Draw a rectangle over the signature, burn it to solid black, and download a flat PNG with no recoverable layer underneath — all in your browser, so the personnel file never leaves your machine. Image rasters only (PNG, JPG, GIF, WebP, BMP); for a born-digital PDF with a real text layer use the dedicated PDF redactor instead.
ReadPublic-records and FOIA officers must release documents while withholding personal signatures under exemptions for privacy. A black box added in a PDF viewer is a deletable annotation — the released file can be un-redacted by anyone who flattens it. Draw a rectangle over the signature, burn it to solid black, and download a flat PNG with no recoverable layer underneath. Runs entirely in your browser on the HTML Canvas; nothing uploads. Image rasters only (PNG, JPG, GIF, WebP, BMP); for a born-digital PDF text layer, use the dedicated PDF redactor.
ReadAbout to post a screenshot of a signed contract, a delivery slip, or a check to a forum, a support ticket, or social media? The signature in it can be lifted, traced, or forged. Draw a rectangle over the signature, burn it to solid black, and download a flat PNG with no recoverable layer underneath — all in your browser, so the screenshot never uploads. Works on any raster the browser decodes (PNG, JPG, GIF, WebP, BMP), which is exactly what screenshots are.
ReadSharing a scanned prescription, lab requisition, or clinical note for a referral, an insurance appeal, or a research dataset often means a clinician's signature is along for the ride. Draw a rectangle over the signature, burn it to solid black, and download a flat PNG with no recoverable layer underneath — all in your browser, so the protected health record never uploads. Image rasters only (PNG, JPG, GIF, WebP, BMP); for a born-digital PDF text layer, use the dedicated PDF redactor.
ReadAuto-detect emails, phone numbers, and SSNs in PDFs and apply true redaction (text removed, not just covered).
Scan every text-layer page of a PDF for emails, phone numbers, US Social Security Numbers, and long card-number runs, then draw black redaction boxes over each match in your browser. Read the important caveat first: this is a **visual** black-box redaction (a filled rectangle drawn over the text with pdf-lib) — the glyphs stay in the PDF content stream and can still be copied or extracted, so for compliance you must flatten or rasterise afterward.
ReadStrip a candidate's email and phone from a resume or CV PDF before you circulate it to a hiring panel, so screeners judge skills not identity. Honest caveat first: this draws a black box over each match with pdf-lib but does NOT delete the glyphs from the content stream — `Ctrl+A → copy` still recovers them, so flatten or rasterise the file before sending.
ReadBox out 13–16 digit card-number runs on invoice, receipt, and statement PDFs before you archive or forward them. Read the caveat first: this is a **visual** black box drawn with pdf-lib — the digits stay in the content stream and the pattern has **no Luhn check**, so it over-boxes long order/account numbers and never deletes text until you flatten or rasterise.
ReadCover patient SSNs (dashed `NNN-NN-NNNN`) and phone numbers on born-digital medical record PDFs before sending them to a referral, insurer, or patient. Caveat first: this is a **visual** black box drawn with pdf-lib — the text stays in the content stream and `Ctrl+A → copy` recovers it, and it does NOT detect names, MRNs, or dates of birth. Flatten or rasterise before release.
ReadA free, browser-only first pass that auto-detects emails, phones, SSNs, and card runs and draws black boxes with pdf-lib — versus Acrobat's true content-stream redaction. The honest difference: this tool's boxes are **visual** (text stays in the stream, copy-paste recovers it) until you flatten or rasterise, so use it to speed the find, then finalise.
ReadEncrypt files with AES-256-GCM and PBKDF2 key derivation. 100% local — your password never leaves your device.
Encrypt any single file with AES-256-GCM and a PBKDF2-derived key (100,000 iterations, SHA-256) entirely in your browser. The 16-byte salt, 12-byte IV, ciphertext, and GCM auth tag are packed into one self-contained `.aes` blob. Your passphrase is never transmitted; lose it and the file is unrecoverable by design.
ReadEmail is plaintext in transit and stored unencrypted on mail servers. Encrypt the attachment with AES-256-GCM and PBKDF2 (100,000 iterations, SHA-256) in your browser first, then send the `.aes` blob and share the passphrase over a separate channel. The recipient decrypts in the same tool — no account, no plugin, no shared key infrastructure.
ReadA lost or stolen USB drive hands over every file on it. Encrypt your backup archive with AES-256-GCM and PBKDF2 (100,000 iterations, SHA-256) in your browser first, so the drive holds only an unreadable `.aes` blob. No passphrase ever leaves your device; lose the drive and the data stays sealed.
ReadTax returns, bank statements, and pay stubs are pure PII and account data. Encrypt them with AES-256-GCM and PBKDF2 (100,000 iterations, SHA-256) entirely in your browser before archiving or sending to an accountant. The passphrase never leaves your device, and authenticated encryption proves the records were not altered.
ReadAPI keys, database URLs, and `.env` files do not belong in git or chat. Encrypt them with AES-256-GCM and PBKDF2 (100,000 iterations, SHA-256) in your browser, commit only the `.aes` blob, and share the passphrase over your team's secret channel. The passphrase never leaves your device; tampering with the blob fails decryption.
ReadGenerate SHA-1, SHA-256, SHA-512, and MD5 hashes of any file in your browser. Streaming, chunked, no upload.
Compute MD5, SHA-1, SHA-256, and SHA-512 of a file in one pass, entirely in your browser via the Web Crypto API. No upload, no options to configure — drop a file, get four digests, copy or download the JSON report. Output matches `shasum`, `sha256sum`, and `certutil` byte-for-byte.
ReadTwo files with different names can be byte-for-byte identical — and a hash is the only way to prove it. Fingerprint each file with the Multi-Hash Fingerprinter and group by SHA-256: identical digest means identical bytes, regardless of filename, folder, or timestamp. Runs entirely in your browser via the Web Crypto API — nothing is uploaded.
ReadPin a dependency tarball, release binary, or build artifact to its exact SHA-256 so a swapped or tampered file in your pipeline is caught immediately. The Multi-Hash Fingerprinter computes MD5/SHA-1/SHA-256/SHA-512 locally — and runs server-safe through a paired runner, so private packages and internal builds are hashed without ever being uploaded.
Read"It works on my machine" often comes down to a different file. Attach a SHA-256 to your bug report and both sides can confirm they're testing byte-for-byte the same input. The Multi-Hash Fingerprinter computes MD5/SHA-1/SHA-256/SHA-512 in your browser via the Web Crypto API — paste the digest into the ticket without ever uploading a confidential file.
ReadA corrupted firmware image can brick a device — so confirm its SHA-256 matches the vendor's published checksum before you write it. The Multi-Hash Fingerprinter computes MD5/SHA-1/SHA-256/SHA-512 of a `.bin`, `.img`, BIOS update, or router/IoT firmware locally via the Web Crypto API, with no upload, so you catch a bad download before it reaches the chip.
ReadGenerate PGP keys, sign messages, and verify signatures locally with OpenPGP.js. Private keys never leave your device.
Generate an Ed25519 or RSA-4096 PGP key pair, cleartext-sign a message with a pasted private key, or verify a signed block against a public key — all client-side with OpenPGP.js. The private key and passphrase you paste stay in the browser tab; nothing is transmitted to JAD servers.
ReadPaste a -----BEGIN PGP SIGNED MESSAGE----- block and the sender's public key to confirm the signature is genuine and the text is unaltered — entirely in your browser tab with OpenPGP.js. No GnuPG, no command line, no upload to any server.
ReadGenerate an Ed25519 or RSA-4096 PGP key pair with OpenPGP.js entirely in your browser tab — usable offline on an air-gapped machine. The passphrase-encrypted private key is handed to you as a downloadable pgp-keypair.json; JAD keeps no copy.
ReadAttach a verifiable PGP signature to a public statement, declaration, or notice while keeping the text fully readable. The sign action runs OpenPGP.js in your browser tab — your private key and passphrase never leave the page — and outputs an armored signed-message.asc.
ReadVerify the PGP cleartext signature on a project's SHA-256 checksum manifest in your browser, then hash your download and match it line for line. OpenPGP.js runs in-tab; nothing is uploaded, and the public API returns 400 for this tool.
ReadMeasure password strength using zxcvbn — the same library Dropbox uses. Offline, never transmitted.
Audit a single password in your browser with zxcvbn 4.4.2 — the same engine Dropbox built. Get a 0–4 score, four real-world crack-time estimates (online-throttled, online, offline-slow, offline-fast-GPU), the matched weak patterns (dictionary, repeat, keyboard, date, sequence), and concrete suggestions. The password you type is never transmitted by the browser tool — paste it, read the report, close the tab.
ReadDrop the 'one uppercase, one digit, one symbol' composition rule and screen passwords by real guessability instead. Paste a candidate to see its zxcvbn 4.4.2 score (0–4), the matched weak patterns, and four crack-time estimates — so you can set a defensible score floor (score 3 or 4) for your account-creation flow that aligns with NIST SP 800-63B. Runs entirely in your browser; the password is never transmitted by the tool.
ReadStop guessing whether a memorable four-word passphrase beats a generated random string. Paste each into the zxcvbn 4.4.2 auditor and compare the raw guesses_log10 — the precise metric the 0–4 score hides — alongside four crack-time estimates. See exactly how long a passphrase has to be to match 16 random characters, all in your browser, with the password never transmitted by the tool.
ReadWorried a strength checker is harvesting the password you type? This zxcvbn 4.4.2 auditor runs as plain JavaScript in your browser tab, so the password you paste never leaves your machine via the tool — and you can prove it yourself in DevTools by watching the Network panel stay empty as you type. Get the full score, crack times, and weak-pattern breakdown with nothing transmitted.
ReadNeed to score thousands of synthetic or test passwords in a pipeline? This tool's server-safe API runs zxcvbn 4.4.2 server-side and returns score, crackTime, feedback, and guesses as JSON for each password you submit. Loop one password per call to audit a generated dataset, validate a wordlist, or regression-test a policy — without a per-password browser session. Use it for synthetic data only; real secrets belong in the browser tool.
ReadCompute hashes of two files in parallel and report whether they are byte-identical. Plus first-difference offset.
Drop two files; the File Integrity Monitor computes the SHA-256 of each in parallel using the browser Web Crypto API, reports whether they are byte-identical, and — when they differ — pinpoints the exact byte offset of the first divergence with a 16-byte hex window from each side. Output is a downloadable JSON integrity report (integrity-report.json) you can attach to an audit trail or chain-of-custody record. Everything runs locally; neither file leaves the tab.
ReadDownloaded an installer, ISO, or firmware image from a mirror and want to be sure it arrived unaltered? Drop your download as file B and a trusted copy as file A; the File Integrity Monitor computes the SHA-256 of each with the browser Web Crypto API, reports whether they are byte-identical, and pinpoints the first differing byte (with a 16-byte hex window each side) when they are not. Output is a downloadable integrity-report.json. Both files stay in the tab — nothing is uploaded to any mirror or server.
ReadA backup is only worth what it restores. Drop the live source file as A and the restored copy as B; the File Integrity Monitor computes the SHA-256 of each with the browser Web Crypto API, reports byte-for-byte identity, and pinpoints the first divergence (with a 16-byte hex window each side) when a restore is silently wrong. Output is a downloadable integrity-report.json for your DR runbook. Both files stay local — production data never leaves the tab.
ReadCold storage rots quietly. Drop a pristine copy as A and an archived copy as B; the File Integrity Monitor computes the SHA-256 of each with the browser Web Crypto API, reports byte-for-byte identity, and pinpoints the first corrupted byte (with a 16-byte hex window each side) when bit-rot has set in. Output is a downloadable integrity-report.json. Both files stay local — your archive never leaves the tab.
ReadMoved a file over SFTP, S3, a USB drive, or a flaky network share and need to be sure it landed unaltered? Drop the source as A and the received copy as B; the File Integrity Monitor computes the SHA-256 of each with the browser Web Crypto API, reports byte-for-byte identity, and pinpoints the first differing byte (with a 16-byte hex window each side) when a transfer corrupted the file. Output is a downloadable integrity-report.json. Both files stay local — neither leaves the tab.
ReadDetect files where the extension lies about the content. Identifies double-extension malware risks instantly.
Read a file's magic bytes in your browser and detect when the extension lies about the real content. Catches the .docx that is actually a Windows PE, the .pdf that is really a ZIP, and the photo.jpg.exe double-extension lure — using the file-type library's 155-format signature set, fully client-side.
ReadCompare magic-byte content detection against file-extension matching: where each fails, why renaming defeats extension filters, and why this validator (file-type, 155 formats) trusts byte signatures over filenames. Includes a side-by-side reliability matrix.
ReadHow SOC analysts and incident responders use browser-side magic-byte validation to triage suspicious attachments before sandbox detonation: read the header without executing the file, flag content/extension mismatches, and document the result for the ticket.
ReadA developer's guide to file signatures: how offset-based magic-byte detection works, why ZIP/OOXML need offset-0 checks, how the file-type library (155 formats) decides a type, and how this validator compares the detected extension to the claimed one for upload validation.
ReadAnswers to the most common magic-byte file-validation questions: supported formats (file-type, 155), how detection works, what match / mismatch / unknown results mean, privacy guarantees, tier limits, and when to escalate a mismatch.
ReadInspect the first 256B (Free), 1KB (Pro), or 8KB (Developer) of any file as hex with offset and ASCII sidebar.
Render the opening bytes of any file as a classic hex dump in your browser: an 8-digit offset column, 16 uppercase hex bytes per row, and an ASCII sidebar where printable bytes (0x20–0x7E) show as characters and everything else as a dot. The window is tier-capped — 256 B Free, 1 KB Pro / Pro+Media, 8 KB Developer — enough to read magic bytes, container signatures, and embedded strings without installing xxd or HxD.
ReadCompare full desktop hex editors (HxD, 010 Editor, xxd) against a browser-based, read-only hex inspector for file-header work. Understand exactly what each gives you — write access, file size, offsets, ASCII sidebar — and when read-only inspection of the first 256 B / 1 KB / 8 KB is all you need.
ReadHow incident responders read a suspicious file's first bytes before detonation: confirm the MZ/PE stub, follow e_lfanew at 0x3C to the PE signature, spot packed headers as a wall of dots in the ASCII sidebar, and chain to entropy and magic-byte checks — all read-only, in-browser, no execution.
ReadA developer's offset-by-offset reference for the headers you read while writing parsers and validators: PE (MZ + e_lfanew), ELF, PNG (IHDR), JPEG markers, ZIP/OOXML local file header, PDF, and MP4 ftyp — with endianness notes and exactly how each field appears in the Hex Header Inspector's offset/hex/ASCII dump.
ReadStraight answers about the browser-based Hex Header Inspector: the tier byte windows (256 B / 1 KB / 8 KB), why a big file gets rejected even though it shows only the header, how to read the offset/hex/ASCII layout, what the Copy button actually copies, and which capabilities it does and doesn't have.
ReadCompute Shannon entropy per 256-byte chunk to detect encrypted regions, packed binaries, or hidden data.
Chunk any file into 256-byte windows, compute Shannon entropy for each, and plot the curve in your browser. High-entropy regions (>=7.5 bits/byte) get counted and flagged so you can triage encrypted blobs, packed executables, and hidden compressed sections — no upload, runs locally via Web Crypto-grade byte math.
ReadSignature AV matches known byte sequences; packers and cryptors defeat it by turning binaries into near-random high-entropy blobs. This guide shows how Shannon entropy analysis acts as an early-warning layer for the packed and crypted samples that score clean on AV, and how to use the two together.
ReadUse Shannon entropy as a navigation map for binaries, firmware, and memory dumps. The browser analyzer chunks files into 256-byte windows and charts the curve so you can spot encrypted payloads, embedded files, and compressed regions — then compute the byte offset and carve, before opening a disassembler.
ReadHow the analyzer computes Shannon entropy over file bytes: the formula, the fixed 256-byte sliding window, the 256-bucket frequency table, 3-decimal rounding, and the entropy signatures of common file types. Exact, implementation-grounded reference for building or interpreting an entropy profile.
ReadPlain answers about the browser entropy analyzer: what the readout numbers mean, why media files show high entropy, why encryption and compression look the same, what the amber 7.5 line is, where the tool runs, and the real tier file-size limits.
ReadSee where a photo was taken by reading EXIF GPS data and plotting it on an OpenStreetMap. Local-only.
See exactly where a JPEG was taken by reading its embedded EXIF GPS coordinates and dropping a pin on an OpenStreetMap — 100% in your browser, no upload. The tool decodes the latitude/longitude DMS triplet to decimal degrees; if the map shows your home, the photo is carrying your address. Strip it with the EXIF Scrubber before sharing.
ReadA side-by-side of a browser-native EXIF map previewer against Google Photos location features. Google Photos uploads the image and builds a location history server-side; the browser viewer reads the same latitude/longitude locally and pins it on OpenStreetMap, sending only tile requests for the area — never the file.
ReadHow investigative journalists and OSINT researchers use a browser-local EXIF GPS map previewer to read where a photo was taken, corroborate sources, and triage imagery — without ever uploading the file. The tool decodes latitude/longitude to a map pin; it does not read altitude, bearing, or timestamp, so pair it with deeper metadata checks.
ReadThe exact byte-level encoding of GPS in EXIF: the GPS sub-IFD pointed to by tag 0x8825, the degrees/minutes/seconds RATIONAL triplet, the GPSLatitudeRef / GPSLongitudeRef hemisphere flags, and the JavaScript that converts it all to decimal degrees — the same conversion the EXIF Map Previewer runs in your browser.
ReadAnswers to the common questions: which formats carry GPS (JPEG/TIFF only), exactly what the tool returns (a lat/lon map pin, not altitude or time), what OpenStreetMap receives when tiles load, why some photos show no location, and the privacy guarantees of a 100% browser-local read.
ReadDetect and extract LSB-encoded messages from PNG and BMP carriers. Browser-only forensic tool.
Extract LSB-encoded text from PNG and BMP carrier images entirely in the browser. Reads the low bit of every R, G and B channel in raster order, stops at the null terminator, and returns the payload as extracted-message.txt. Developer tier.
ReadCompare LSB steganography and AES-256 encryption as data-protection techniques: what each hides, how each is detected, and why encrypt-then-embed is the right pattern. Grounded in the browser tools that implement both.
ReadHow forensic examiners use a browser-native LSB decoder to extract covert payloads from PNG/BMP carriers recovered from devices and captures — without uploading evidence or installing a suite. Developer tier.
ReadA code-level walkthrough of least-significant-bit steganography as implemented in the JAD browser tools: Canvas getImageData, R/G/B channel iteration, MSB-first byte assembly, null termination, and exact capacity math.
ReadAnswers about the browser LSB steganography decoder: which formats actually work, what the output strings mean, the 100,000-char cap, the null terminator, why JPEG returns nothing, and the Developer-tier requirement.
ReadHide a text payload inside a PNG or BMP carrier image using LSB steganography. Browser-only.
Embed a text payload inside a raster image using least-significant-bit (LSB) steganography. Output is always a lossless PNG, the encode runs entirely in your browser via Canvas, and a NUL terminator makes the message round-trip with the Steganography Decoder. Documents the real 3-bits-per-pixel capacity, the Latin-1 / charCodeAt encoding limit, and why JPEG re-saving destroys the bits.
ReadLSB steganography hides a message but stores it as plaintext bits — anyone reading the same RGB least-significant bits recovers it. This guide documents the two-step encrypt-then-hide pattern: encrypt with AES-GCM-256 + PBKDF2 first, paste the ciphertext as the message, then embed it in a lossless PNG carrier. Covers why ciphertext is longer than plaintext, how to size the carrier, and the exact Latin-1 / NUL-terminator constraints the encoder enforces.
ReadStamp an image with ownership, copyright, or provenance text that's invisible to the eye but recoverable on demand, using LSB steganography. Documents how the encoder writes the watermark into the RGB least-significant bits of a lossless PNG, why each channel changes by at most 1 of 255, and the hard truth about robustness: this is a fragile watermark that any re-compression erases — useful for proof-of-ownership of an unmodified PNG, not for tracking images across the web.
ReadWork out exactly how many characters a carrier image can hold before you encode, using the encoder's real capacity rule: the bit stream `(chars + 1) × 8` must fit in `pixels × 3`. Documents why it's 3 bits per pixel (RGB, alpha skipped), how the NUL terminator costs one byte, why ciphertext needs a bigger carrier, and how to avoid the 'Message too large' error by picking the right image up front.
ReadAuthor capture-the-flag steganography challenges that hold up to scrutiny. Documents how to embed a flag into the RGB least-significant bits of a lossless PNG, why a tiny payload in a large carrier keeps the embed ratio low, how solvers extract it with the decoder, and the exact constraints — Latin-1 flags only, NUL terminator, PNG output, 100,000-character decode cap — that make a challenge solvable rather than accidentally broken.
ReadReplace name, email, address, and phone fields in CSV / JSON with @faker-js fakes. Preserves shape and types.
Turn a production CSV or JSON export into a GDPR-safe staging fixture in the browser. Detected PII columns (name, email, phone, address, city, zip, SSN/tax-id) are overwritten with @faker-js/faker values; every other column is preserved byte-for-byte. An optional numeric seed makes the output reproducible. Nothing is uploaded — PapaParse and faker run client-side.
ReadAbout to email a customer CSV to an analytics vendor, agency, or offshore contractor? Replace the name, email, phone, address, city, zip, and SSN columns with @faker-js fakes in your browser first — schema, row count, and every non-PII column survive byte-for-byte, so the vendor still gets a working file. Nothing is uploaded; PapaParse and faker run client-side.
ReadBefore a customer CSV or JSON dataset goes into a fine-tune, a RAG index, or a prompt, replace the name, email, phone, address, and SSN columns with @faker-js fakes in your browser. Column structure, row count, numeric features and labels are preserved, so the dataset still trains — but real people can't be memorised or regurgitated by the model. Nothing is uploaded.
ReadNeed to attach a data sample to a GitHub issue, a Stack Overflow question, a support ticket, or an open dataset? Replace the name, email, phone, address and SSN columns with @faker-js fakes in your browser first — the schema, row shape and the columns that actually reproduce your bug are preserved. Nothing is uploaded; PapaParse and faker run client-side.
ReadBuilding a sales demo, a Storybook story, or a seeded local dev environment? Take a real JSON or CSV export and replace the name, email, phone, address and SSN fields with @faker-js fakes in your browser. Structure, nesting, IDs and numeric fields are preserved so your UI renders exactly as it would on real data — without showing a real customer on a shared screen. Nothing is uploaded.
Read