Free Security & IT Tools
16 professional tools for security engineers, cloud ops, and developers. Passive, privacy-focused, free.
Just Launched
Agent Skill Validator
Scan any agent skill repository for prompt injection, malicious scripts, hardcoded secrets, and quality issues. Get a safety grade with detailed findings. Free, no login.
CVE Prioritization Tool
Combine CVSS severity, EPSS exploitation probability, and CISA KEV status into one patch priority verdict. Paste up to 20 CVE IDs and get P0-P4 priorities with clear SLAs. Free, no login required.
Cloud Security Recon
Passive cloud posture scan for Azure, AWS, GCP, Vercel, Netlify, and 8 more platforms. Detects Kudu exposure, S3 leaks, preview deploys, service account secrets, and WAF quality. No credentials needed.
CVE Lookup
Search any CVE by ID or keyword. Pull live severity, CVSS score, attack vector, and references from NIST NVD. No login required.
Prompt Injection Tester
Test your AI system prompt against 10 real injection attacks. Get a security score, see which attacks succeed, and get exact fixes to harden your prompt. Free, no login.
Domain Security Report
Full passive security report for any domain: SSL, security headers, email security, technology stack, known CVEs, and subdomains. Nothing uploaded.
Email Security Checker
Test if your domain is vulnerable to email spoofing. Check SPF, DMARC, DKIM, and MTA-STS records instantly. Get a clear verdict and fix recommendations.
Cyber Trivia Game
Test your cybersecurity knowledge with 20 progressive questions on CIA Triad, OWASP Top 10, cryptography, malware, incident response, MITRE ATT&CK, and more. Beginner to Expert.
Security & Reconnaissance
12 toolsScan, assess, and harden your domains and infrastructure — all passive, nothing uploaded.
Agent Skill Validator
Scan any agent skill repository for prompt injection, malicious scripts, hardcoded secrets, and quality issues. Get a safety grade with detailed findings. Free, no login.
Vulnerability Scanner
Scan any website for security headers, SSL issues, CORS misconfigs, and cookie vulnerabilities. Get an A-F grade with one-click fix code.
CVE Prioritization Tool
Combine CVSS severity, EPSS exploitation probability, and CISA KEV status into one patch priority verdict. Paste up to 20 CVE IDs and get P0-P4 priorities with clear SLAs. Free, no login required.
Cloud Security Recon
Passive cloud posture scan for Azure, AWS, GCP, Vercel, Netlify, and 8 more platforms. Detects Kudu exposure, S3 leaks, preview deploys, service account secrets, and WAF quality. No credentials needed.
CVE Lookup
Search any CVE by ID or keyword. Pull live severity, CVSS score, attack vector, and references from NIST NVD. No login required.
Prompt Injection Tester
Test your AI system prompt against 10 real injection attacks. Get a security score, see which attacks succeed, and get exact fixes to harden your prompt. Free, no login.
Domain Security Report
Full passive security report for any domain: SSL, security headers, email security, technology stack, known CVEs, and subdomains. Nothing uploaded.
Email Security Checker
Test if your domain is vulnerable to email spoofing. Check SPF, DMARC, DKIM, and MTA-STS records instantly. Get a clear verdict and fix recommendations.
SSL Certificate Monitor
Check SSL/TLS certificates for any domain. Certificate Transparency logs, subdomain discovery, bulk check up to 10 sites.
HTTP Header Checker
Analyze HTTP response headers for any URL. Check security headers, caching, CORS, and server configuration.
Password Generator
Generate cryptographically secure passwords with customizable length and character sets. Uses Web Crypto API for true randomness.
Hash Generator
Generate SHA-256, SHA-384, SHA-512, and SHA-1 cryptographic hashes for text and files.
Networking & DNS
4 toolsDiagnose DNS records, look up IPs, plan subnets, and query domain registration data.
DNS Lookup
Look up DNS records for any domain. Check A, AAAA, MX, CNAME, NS, TXT, and SOA records.
IP Address Lookup
Find the country, city, ISP, organization, and ASN for any IP address. Useful for security investigations, threat hunting, and network troubleshooting.
Whois Lookup
Look up domain registration details including registrar, creation date, expiry, nameservers, and DNSSEC status.
Subnet Calculator
Calculate network addresses, broadcast addresses, usable hosts, and subnet masks from IP addresses and CIDR notation.
Development Utilities
4 toolsEveryday helpers — decode JWTs, format JSON, encode Base64, and parse CRON expressions. All run in your browser.
JWT Decoder
Decode and inspect JSON Web Tokens (JWT). View header, payload, claims, and check expiration.
JSON Formatter & Validator
Format, beautify, and validate JSON instantly. Syntax error detection with descriptive messages. Minify JSON for production. Runs entirely in your browser.
Base64 Encoder/Decoder
Encode and decode Base64 strings instantly. Supports text and file encoding with URL-safe mode.
CRON Expression Parser
Translate CRON expressions to plain English. Preview the next 5 scheduled run times. Use presets for common schedules like hourly, daily, weekly.
Games & Learning
2 gameTest and sharpen your DevOps & security knowledge through interactive games.
DevOps Trivia Game
Who Wants to Be a DevOps Millionaire? 20 progressively harder questions on Terraform, Kubernetes, AWS, Azure, OWASP, GitHub & more. Pick Beginner, Intermediate, or Expert.
Cyber Trivia Game
Test your cybersecurity knowledge with 20 progressive questions on CIA Triad, OWASP Top 10, cryptography, malware, incident response, MITRE ATT&CK, and more. Beginner to Expert.
Recommended Solutions
Vetted security products we recommend. Disclosure: these are affiliate links — we may earn a commission at no extra cost to you.
Why Use Protego Tools?
Built by security professionals, for security professionals.
Privacy First
All processing happens in your browser. Your data never leaves your device.
Instant Results
No waiting for servers. Get results instantly with client-side processing.
Professional Grade
Built using industry standards and best practices for accuracy.
100% Free
No subscriptions, no hidden fees. Free tools for the community.
Tools for Every Role
Whether you are a security engineer, cloud ops engineer, or developer, these tools fit your workflow.
Security Engineers
- ✓Generate a full passive attack surface report for any domain
- ✓Check if a domain can be spoofed for phishing
- ✓Discover subdomains via Certificate Transparency logs
- ✓Scan for missing security headers and SSL issues
Cloud Ops Engineers
- ✓Query DNS and verify record propagation
- ✓Look up ASN, ISP, and geolocation for any IP
- ✓Calculate subnets and plan IP addressing
- ✓Verify domain registration and nameservers
Developers
- ✓Decode and debug JWT tokens in API integrations
- ✓Format and validate JSON payloads instantly
- ✓Encode/decode Base64 for data transmission
- ✓Translate CRON expressions to plain English
Frequently Asked Questions
Are these security tools really free?
Is my data safe when using these tools?
What does the Domain Security Report check?
Can I use these tools for professional security audits?
Do I need to install anything?
Need a Custom Tool?
We're always working on new tools. Let us know what you need and we'll consider it for our roadmap.
Request a Tool