Naar inhoud
lightbulb Welkom op de nieuwe kennisbank | We hebben de docs volledig vernieuwd met meer dan 160 features. Bekijk wat nieuw isarrow_forward

The security and forensics tools in Admin Tools

Encrypt text and files, generate strong passwords, check for data breaches, and inspect JWTs and certificates, all locally in your browser.

schedule9 min lezen event2 Jun 2026 updateBijgewerkt 31 uur open_in_new data_object

What are the security and forensics tools?

The Security and Forensics category in Admin Tools by Cloud Captains brings together the utilities that help you protect, check, and investigate sensitive data. Think of encrypting a short message or a file, creating an uncrackable password, checking whether a password shows up in a known data breach, and unpacking technical building blocks such as JWT tokens and SSL certificates.

The most important thing to know: these tools run entirely locally in your browser. Your text, files, keys, and passwords never travel to a server in the cloud. There is no telemetry and nothing is read along the way. That makes this category suitable for working with genuinely sensitive information.

You open the tools from the extension's popup window. You can find more details and the installation on the homepage: https://cloud-captains.com/admin-tools/.

info

Why local matters

With online encryption websites you send your secret text to a stranger's server. You can never be sure what happens to it there. Because these tools do their calculations inside your own browser, your data stays on your device. That is exactly what you want for passwords, keys, and confidential documents.

AES encryption for text and files

With the AES tool you encrypt text or an entire file using a password. AES (Advanced Encryption Standard) is the same standard that governments and banks rely on. The encrypted output looks like gibberish: only someone who knows the correct password can turn it back into readable content.

This is handy when you want to store or send something safely, for example a backup code, a list of login details, or a sensitive document you are emailing.

Encrypt and decrypt a message

  1. Open the extension and go to the Security and Forensics category.
  2. Choose the AES tool and paste or type your text, or select a file.
  3. Enter a strong password of your own choosing.
  4. Click encrypt and copy the unreadable output.
  5. To decrypt, paste the encrypted text back, enter the same password, and choose decrypt.
warning

No password means no recovery

The password is the only key. If you lose it, the encrypted data is permanently unreadable. There is no recovery button and no back door, precisely because no one else holds your data. Store the password separately and safely.

lightbulb

Share the key and the message separately

Send the encrypted text through one channel (such as email) and the password through another (such as a phone call). Anyone who only intercepts the message will not be able to do anything with it.

Password generator and strength meter

The password generator creates random, strong passwords for you. You can usually set the length and choose which characters are included (uppercase letters, numbers, symbols). Because the password is generated locally, it never ends up online anywhere.

The strength meter does the opposite: you type or paste a password and the tool shows how strong it is. Short, predictable passwords get a low score, while long and random ones score high.

Create a strong password

  1. Open the password generator in the Security and Forensics category.
  2. Set the length you want, the longer the better.
  3. Turn on uppercase letters, numbers, and symbols for maximum strength.
  4. Click generate and copy the result with the copy button.
  5. Paste the password straight into your password manager.
lightbulb

Use a unique password per service

Never reuse the same password in multiple places. Generate a fresh, long password for every site and keep it in a password manager. That way a breach at one service stays limited to that single service.

Have I Been Pwned: is my password in a breach?

With the Have I Been Pwned tool you check whether a password has ever turned up in a known data breach. The clever part is that your password never leaves your device while doing so. This works through a technique called k-anonymity.

In plain terms: your browser locally computes a hash (a kind of irreversible fingerprint) of your password. Then only the first five characters of that fingerprint are sent to the pwnedpasswords.com service. The service returns a list of all known fingerprints that start with those same five characters. Your browser then checks within that list whether the full fingerprint is present. So the server never learns which password you checked.

Check a password for breaches

  1. Open the Have I Been Pwned tool in the Security and Forensics category.
  2. Type or paste the password you want to check.
  3. Start the check, the tool computes the fingerprint locally.
  4. Read the result: how many times (if at all) the password appears in breaches.
  5. If it appears, replace it everywhere you use it.
info

What k-anonymity means

k-anonymity makes sure your request cannot be told apart from many others. By sharing only the first five characters of the fingerprint, your exact password disappears into a large group. The service cannot possibly trace back what you checked.

JWT decoder

A JWT (JSON Web Token) is a string that websites and apps use to keep track of who you are after you log in. It looks like a long jumble of letters, numbers, and dots. The JWT decoder splits that token apart and shows the readable content: who the user is, when the token expires, and what permissions it carries.

This is especially useful for developers and administrators who want to verify that a token is correct or figure out why a login failed. Decoding happens locally, so your token is not sent anywhere.

Inspect a JWT

  1. Open the JWT decoder in the Security and Forensics category.
  2. Paste the full token into the input field.
  3. Review the separated parts: header, data (payload), and signature.
  4. Check fields such as the expiry date and the user.
warning

Decoding is not the same as decrypting

The content of a standard JWT is only encoded, not encrypted. Anyone who has the token can read the content. So never put secrets such as passwords inside a JWT, and treat the token itself as sensitive.

Certificate viewer

With the certificate viewer you inspect the details of an SSL/TLS certificate, the digital passport a website uses to prove who it is and to secure your connection (the padlock in the address bar). The tool shows, among other things, which domain name the certificate is valid for, who issued it, and how long it stays valid.

It is handy for quickly checking whether a certificate is about to expire or was issued for the right domain.

Inspect a certificate

  1. Open the certificate viewer in the Security and Forensics category.
  2. Paste the certificate details or provide the domain.
  3. Read the validity period, the issuer, and the domain names.
  4. Watch the end date so you renew expiring certificates in time.

Hash tools

A hash is a short, fixed fingerprint of a piece of text or data. The same input always produces the same hash, but you cannot reverse a hash back into the original input. Hashes are used to check that a file has not changed in transit, or to store passwords safely.

With the hash tools you create hashes of your own text (for example using algorithms like SHA-256). This lets you compare the fingerprint of a downloaded file against the value the creator published.

Create and verify a hash

  1. Open the hash tool in the Security and Forensics category.
  2. Paste or type the text you want to hash.
  3. Choose the algorithm you want, such as SHA-256.
  4. Compare the result with the expected value to confirm integrity.
lightbulb

Hashing is one way only

A hash is not encryption. You cannot undo it to get the original back. Use hashes to check that something is unchanged, not to store secrets. To keep something secret, use the AES tool.

PGP and steganography

PGP (Pretty Good Privacy) is a well known method for encrypting and signing messages using a key pair: a public key you share and a private key that stays secret. With the PGP tool you can secure messages for a specific recipient or verify the authenticity of a signed message.

Steganography is something quite different: instead of making a message unreadable, you hide it. For example a secret text concealed inside an image, so the image looks normal but actually carries a hidden message. This too happens entirely locally.

lightbulb

Combine for extra assurance

Encryption hides the content, steganography hides the fact that there is a message at all. Anyone who wants maximum discretion can hide a PGP or AES encrypted message inside an image afterward.

Putting it all together

The Security and Forensics category gives you a complete toolbox for encryption, passwords, breach checks, and the inspection of tokens and certificates, without installing anything beyond the extension and without your data leaving your device. To get started, install the extension via https://cloud-captains.com/admin-tools/ and open the popup window.

Does my password really never leave my device with Have I Been Pwned?

No. Your browser computes a fingerprint of the password locally and sends only the first five characters of it to the service. The comparison then happens on your own device. The server cannot possibly know which password you checked. This technique is called k-anonymity.

What happens if I forget my AES password?

Then the encrypted data can no longer be recovered. The password is the only key and there is no back door or recovery feature. For that reason, store your password in a safe, separate place, such as a password manager.

What is the difference between a hash and encryption?

A hash is a one way fingerprint you use to check whether data is unchanged, and you cannot reverse it. Encryption with something like AES is reversible: with the right password you make the text readable again. Use hashes for verification and AES for confidentiality.

Is a JWT secret if I can decode it?

The content of a standard JWT is only encoded, not encrypted, so anyone who has the token can read its content. Do treat the token itself as sensitive and never put real secrets in it, such as passwords.

Is my data stored or shared anywhere?

No. The security tools run entirely locally in your browser. There is no telemetry and your text, files, and keys do not go to a server. Only specific tools that need external data, such as the breach check, make limited contact through k-anonymity, without revealing your sensitive input.

Verwant in de kennisbank

Pagina's die je verder helpen bij dit onderwerp.

Text, developer, and handy tools in Admin Tools

A practical guide to the text, developer, and utility tools in Admin Tools by Cloud Captains, almost all of which run 100% locally in your browser.

schedule7 min label3 gedeelde tags
Lees verder arrow_forward

Privacy and permissions in Admin Tools

Learn which Admin Tools run entirely in your browser, which ones call an external service, and what every Chrome permission actually does.

schedule7 min label3 gedeelde tags
Lees verder arrow_forward

Admin Tools: 130+ utilities right in your browser

Meet Admin Tools by Cloud Captains, a Chrome extension that packs more than 130 focused utilities across 11 categories, all running entirely inside your browser.

schedule8 min label3 gedeelde tags
Lees verder arrow_forward

The network and DNS tools in Admin Tools

A practical guide to the subnet calculator, DNS lookup, MAC lookup, WHOIS, speed test, ping and ASN lookup in the Admin Tools Chrome extension.

schedule9 min label2 gedeelde tags
Lees verder arrow_forward

Turning on Gemini Nano in Chrome

Enable Chrome's on-device AI (Gemini Nano) so the AI features in Admin Tools work without your text ever leaving your device.

schedule6 min label2 gedeelde tags
Lees verder arrow_forward