📖 HELP & DOCS

🖥️ Workstation & Privacy — Persistent Browser Workstation

What it is: MYSYSAD has evolved beyond a read-only toolkit into a Persistent Browser Workstation — a fully configurable, stateful dashboard that remembers your preferences, layout, and linked files across sessions. All state is stored exclusively inside your own browser. No account is required, no server receives your data, and no database exists.

Pinning & Starring Tools

Every tool card on the main dashboard has a ★ star icon that appears in the top-right corner when you hover over the card. Clicking the star pins the tool to the top of the grid so your most-used tools are always within reach.

• How to pin: Hover any tool card → click the ★ icon. The star turns gold and glows to confirm the pin.
• Pinned section: Pinned tools are grouped under a 📌 PINNED TOOLS header at the very top of the grid, sorted alphabetically within the group.
• All Tools section: Unpinned tools follow underneath, also sorted alphabetically, under an All Tools divider.
• How to unpin: Click the gold ★ on any pinned card to remove it from the pinned section. The card moves back to the All Tools section immediately.
• Persistence: Your pinned tool list is saved to localStorage under the key mysysad_favorites and restored every time you reload the page.
• Search compatibility: The global search (⌘K / Ctrl+K) and category filter chips work across both the Pinned and All Tools sections simultaneously — pinning does not affect discoverability.

Configuration Portability — Export & Import Pins

Your pinned layout can be exported to a .json file and imported on any other browser or device — or shared with your team so everyone starts with the same workstation layout.

• In the Recent Tools sidebar card, two small icon buttons sit next to the "clear" button:
  • 📤 (Export Pinned) — downloads a mysysad-pins.json file containing the IDs of all currently pinned tools.
  • 📥 (Import Pinned) — opens a file picker. Select a mysysad-pins.json file; the dashboard validates every tool ID against the current registry, loads the valid pins into localStorage, and immediately re-renders the grid.
• The exported JSON has the shape {"mysysad_pins": ["cidr","jwt",...], "exported": "ISO-timestamp"} — it is human-readable and editable in any text editor.
• Unknown or renamed tool IDs in an imported file are silently skipped — the import will never corrupt your existing layout.

Zero-Trust Privacy — Where Your Data Lives

MYSYSAD operates on a strict zero-trust, zero-upload architecture. Understanding this model is important when you use the dashboard with sensitive data such as JWT tokens, certificates, IAM policies, or server logs.

• No server processing: Every tool — CIDR calculator, JWT decoder, log scrubber, PKI inspector, Python sandbox — runs entirely inside your browser tab using JavaScript and WebAssembly. No input you type is sent to any MYSYSAD server.
• No database: There is no backend database. Nothing you create or configure on the dashboard is stored anywhere except your own browser's memory and storage APIs.
• localStorage scope: Data saved to localStorage (pins, scratchpad content, dark mode preference, world clock timezones, recently viewed commands) is private to your browser profile on your device. It is not synced, not transmitted, and not accessible to any server.
• IndexedDB scope: The File System Access API handle (for Local Disk Sync) is stored in IndexedDB — also private to your browser profile. It contains only a reference to a file you explicitly chose; the file's contents are never cached or transmitted.
• Python Sandbox: Files uploaded to the Python Sandbox are written into Pyodide's in-memory virtual filesystem inside a Web Worker. They exist only in RAM for the duration of your session and are gone when you close the tab.
• Log Scrubber & PKI Inspector: Log data and certificate PEM strings are processed entirely in JavaScript in your browser. They are never sent to any endpoint.
• News feed requests: The only outbound network requests MYSYSAD makes are the news feed fetches (Reddit, HN, CISA etc.) from your browser to those third-party sources — and DNS-over-HTTPS queries for the DNS Propagation Checker. No request payload contains any data you have entered.

📰 News Feeds

What it does: A full-page news aggregator pulling live stories from Reddit, Hacker News, CISA advisories, Krebs on Security, and LWN.net — filtered and sorted for sysadmins. Available at /news.html or via the 📰 News link in the top navigation.

Category Tabs

Eight feed categories, each pulling from different sources:

• Sysadmin — r/sysadmin, r/netsec, Hacker News (linux/server/devops/security queries)
• Security — r/netsec, r/cybersecurity, RSS security advisories
• Linux — r/linux, LWN.net kernel & distro coverage
• Cloud / DevOps — r/devops, r/kubernetes, cloud-focused RSS
• Government — CISA advisories, r/netsec
• Programming — r/programming, r/Python, r/javascript
• Homelab — r/homelab, r/selfhosted, r/datahoarder

Story Cards

• Each story shows a score (upvotes/points), colour-coded source badge, subreddit or origin, age, and comment count
• HN orange · REDDIT red · CISA blue · KREBS red · LWN green
• A HOT tag appears on high-scoring stories
• Hover any story row to reveal two action buttons: OPEN (opens article in new tab) and COMMENTS (goes straight to the discussion thread)

Toolbar Controls

• ⟳ REFRESH — re-fetches all sources for the current category
• Sort dropdown — order by Top Score, Most Recent, or Most Comments
• Comfy / Compact density toggle — Comfy shows full metadata and domain; Compact collapses to title + score only for scanning more stories at once
• Load More button at the bottom — stories load 40 at a time; click to page through the full set

Right Sidebar

• Stats — live counts of Stories Loaded, Sources Active, Average Score, and Hot Stories in the current feed
• Sources — toggle switches for each source (Reddit, HN, CISA, Krebs, LWN). Flip a toggle to instantly hide or show that source's stories without reloading — the Sources Active stat updates immediately
• Trending Tags — auto-extracted keywords from current story titles. Click any tag to filter the feed to only stories containing that word; click again to clear
• Score Filter — slider to set a minimum score threshold; drag right to show only high-engagement stories

🌐 CIDR Calculator

What it does: Calculates IP address ranges, subnet masks, and network information from CIDR notation.

How to use:

• Enter an IP address with CIDR notation (e.g., 192.168.1.0/24)
• Click CALCULATE
• View network details: IP range, subnet mask, broadcast address, usable hosts

⏰ Cron Generator

What it does: Generates cron expressions for scheduling tasks on Linux/Unix systems.

How to use:

• Select timing options from the dropdowns (minute, hour, day, month, day of week)
• Or enter a cron expression to see its human-readable description
• Click GENERATE to create the cron syntax
• Copy the generated expression to your crontab

🔐 JWT Decoder

What it does: Decodes JSON Web Tokens (JWT) to view header and payload information.

How to use:

• Paste a JWT token into the input field
• Click DECODE
• View the decoded header and payload in JSON format
• Check token expiration and other claims

📝 Base64 Encoder/Decoder

What it does: Encodes text to Base64 or decodes Base64 back to plain text.

How to use:

• Enter text or Base64 string in the input field
• Click ENCODE to convert text → Base64
• Click DECODE to convert Base64 → text

🔒 Hash Generator

What it does: Generates cryptographic hashes (MD5, SHA-1, SHA-256) from text input.

How to use:

• Enter text to hash
• Click GENERATE
• View MD5, SHA-1, and SHA-256 hashes
• Click any hash to copy it

🎨 Color Converter

What it does: Converts colors between HEX, RGB, and HSL formats.

How to use:

• Enter a color in any format (HEX, RGB, or HSL) or use the color picker
• Click CONVERT
• View all format conversions side by side
• Click RANDOM for a random color

📋 Regex Tester

What it does: Tests regular expressions against sample text with live match highlighting, capture group extraction, find-and-replace, and one-click Python export.

How to use:

• Type a pattern in the pattern bar — matches highlight instantly as you type
• Toggle flags using the chip buttons: g Global, i Ignore case, m Multiline, s Dotall — active flags glow in accent blue
• Matches tab: lists every match with position, length, and numbered capture groups
• Highlighted tab: shows the full test string with all matches underlined in a readable semi-transparent highlight
• Replace tab: enter a replacement string (supports $1, $2 backreferences) and click ▶ Replace
• Python Export tab: auto-generates a complete re module snippet — copy it or send it directly to the Scratchpad with → Scratchpad
• Click a Quick Pattern chip to load a preset (email, IPv4, URL, hex color, phone, etc.)

🔑 Chmod Calculator

What it does: Converts Linux file permissions between symbolic notation (rwxr-xr-x) and octal notation (755), and explains what each permission means.

How to use:

• Toggle the checkboxes for Owner, Group, and Others permissions (Read, Write, Execute)
• Or enter an octal value directly (e.g., 755, 644, 600)
• The tool instantly shows both the octal and symbolic equivalent
• Copy the chmod command with one click

📄 YAML Validator / Formatter

What it does: Validates YAML syntax, formats/pretty-prints YAML, and converts YAML to JSON.

How to use:

• Paste your YAML content into the input field
• Click VALIDATE to check for syntax errors
• Click FORMAT to pretty-print and normalize indentation
• Click TO JSON to convert the YAML to JSON format
• Error messages show line numbers to pinpoint issues quickly

🌀 Curl Builder

What it does: Generates curl commands from a visual form — choose method, URL, headers, auth, body, and options without memorizing flags.

How to use:

• Enter the target URL
• Select the HTTP method (GET, POST, PUT, PATCH, DELETE, HEAD)
• Add request headers as key-value pairs
• Choose authentication type (None, Bearer Token, Basic Auth, API Key)
• Add a request body for POST/PUT requests (JSON, form data, raw)
• Toggle options: follow redirects (-L), verbose (-v), insecure (-k), silent (-s)
• Click GENERATE to see the full curl command
• Copy with one click

🐍 Scripts Library

What it does: Provides 50+ ready-to-use Python scripts for common sysadmin tasks.

How to use:

• Click the 🐍 SCRIPTS button in the tools section
• Browse by category (ALL, SYSTEM, DOCKER, NETWORK, FILES, SECURITY)
• Use the search box to find specific scripts
• Click 📋 COPY to copy script to clipboard
• Paste into your terminal or save as a .py file

Categories:

• SYSTEM: CPU/memory monitoring, disk space, system info
• DOCKER: Container management, cleanup, resource usage
• NETWORK: Port scanning, DNS lookup, ping tests
• FILES: Find large files, batch rename, duplicate finder
• SECURITY: SSH monitoring, password tools, backups

🐍 Python Sandbox

What it does: Runs real Python entirely in your browser using Pyodide (WebAssembly). No server, no installs, no data leaves your machine. Scripts run in a background Web Worker so even infinite loops can't freeze the page.

How to use:

• Click the 🐍 SCRIPTS button, then the PYTHON SANDBOX tab
• Write or paste Python code into the editor
• Click ▶ RUN CODE — first run takes a few seconds while Pyodide loads (~10MB), then it's cached and fast
• Output appears in the green terminal panel below
• Click ⏹ KILL SCRIPT to instantly terminate any runaway script
• Click 📁 UPLOAD FILE to load a local file (logs, CSVs, configs) into the sandbox — then open it with open('filename') exactly like native Python

Test Scripts

Copy and paste these directly into the editor to verify everything is working.

Test 1 — Subnet Matcher

Tests the built-in ipaddress module. Checks a list of IPs against a VPC subnet — a real sysadmin task.

Test 2 — JSON Alert Cruncher

Tests JSON parsing. Simulates taking a raw API response from a monitoring tool and extracting only the servers that need attention.

Test 3 — Kill Switch Stress Test

Proves the Web Worker isolation works. Run this, watch it loop, then hit ⏹ KILL SCRIPT. Without the Worker this would permanently freeze the browser tab.

🌍 World Clock & Meeting Planner

What it does: Displays live time across multiple timezones with a suite of scheduling tools — a pinned UTC reference, a time-travel slider for planning windows, weekend warnings, relative offset labels, one-click schedule copying, and full JSON/YAML config export.

How to use:

• Add Clocks: Click [+] ADD or use the Quick Add chips (e.g. New York, London, Tokyo) to start tracking a city. You can maintain as many zones as you need — they display in a vertical list, ordered by UTC offset.
• Remove a Clock: Click the × button on any row to remove that timezone from your list.

Pinned UTC & UNIX Epoch

• The UTC row is always pinned at the very top of the clock list and cannot be removed — it is your universal reference anchor.
• Click anywhere on the UTC row to instantly copy the current UNIX epoch timestamp (seconds since 1 Jan 1970) to your clipboard. This is useful when filing incident reports, writing log queries, or setting token expiry values.

Plan Ahead Slider

• An orange slider sits above the clock list. Drag it left or right to shift the displayed time up to 12 hours backward or forward relative to the current moment.
• All clocks — including UTC — update instantly as you drag, so you can see what time it will be in every zone simultaneously.
• A label above the slider shows the current offset (e.g., +3h 30m or Live).
• Click ↺ Reset (or drag back to centre) to return all clocks to live time.

Relative Offsets

• Next to each timezone abbreviation (e.g., EST, JST), the clock shows a relative offset badge compared to your local browser time — for example +5h, -2h, or same.
• Offsets automatically account for DST changes in both your local zone and the target zone.

Weekend Warning

• A 💤 icon appears beside any timezone row where the currently displayed time (live or planned) falls on a Saturday or Sunday in that location.
• When using the Plan Ahead slider, the weekend warnings update in real time — making it easy to confirm that your planned window does not fall on a weekend for any team member's timezone.

Copy Schedule

• Click the 📋 Copy Times button to copy a clean, formatted schedule string of all currently visible clocks to your clipboard.
• Paste directly into Slack, Teams, email, or a ticket to share the meeting or window time across all zones at once.

Import & Export (JSON / YAML)

• Click ⬇ Export to download your current timezone list as either a JSON or YAML file — choose the format from the dropdown before exporting.
• Click ⬆ Import to restore a previously exported config file. Both JSON and YAML formats are accepted on import.
• Use export to preserve your timezone list before clearing browser cache, switching devices, or sharing a standard clock layout with your team.

💾 Scratchpad & Local Disk Sync

What it does: The Scratchpad is a persistent notepad inside the right sidebar for pasting logs, IP lists, commands, output from tools, or any temporary notes. It auto-saves to localStorage as you type. The Local Disk Sync feature extends this by linking the Scratchpad directly to a physical .txt file on your hard drive using the browser's File System Access API — so your notes survive even if browser storage is cleared.

Basic Scratchpad Usage

• Find the 📝 Scratchpad tab in the right sidebar (next to 🌍 World Clock)
• Type or paste any text — content saves automatically to localStorage
• Click 💾 Download to save the current content as a .txt file immediately
• Click 📋 Copy All to copy all content to clipboard
• Click 🗑️ Clear to erase all content
• Tools across the dashboard (Command Library, Log Parser, Security Header Tester, DNS Propagation, Systemd Generator, etc.) have → Scratchpad or → Dashboard buttons that append their output directly here

Linking a Local File — Local Disk Sync

Local Disk Sync uses the browser's File System Access API to create a persistent, bi-directional link between the Scratchpad and a physical file on your hard drive. Once linked, every write to the Scratchpad is mirrored to the file in real time.

• In the Scratchpad action bar, click 🔗 Link Local File.
• A file picker opens. Either select an existing .txt file or create a new one.
• Grant the browser write permission when prompted — this permission is scoped to that single file only.
• The Scratchpad header updates to show the linked filename (e.g., notes.txt) with a green sync indicator.
• Every keystroke now writes to both localStorage AND the linked file on disk simultaneously.
• Click 🔗 Unlink File to disconnect the file and return to localStorage-only mode.

💻 Command Reference

What it does: A searchable library of 200+ Linux/Unix commands with inline flag tooltips, risk ratings, Pipeline Tray for building multi-step one-liners, and recently viewed history.

How to use:

• Open the 💻 COMMANDS tool from the dashboard
• Use the search bar or category chips (PROCESS, NETWORK, FILES, SYSTEM, DOCKER, etc.) to find commands
• Each card shows the command name, description, example usage, and a risk level badge
• Hover any flag in an example (e.g., -r, -f) to see a tooltip explaining what that flag does
• Click 📋 COPY on a card to copy the example command
• Click → Scratchpad to append the command to your notes

Recently Viewed

• Clicking any card records it in a Recently Viewed strip shown just below the filter bar
• Up to 12 recent commands shown as green chips — click any chip to instantly jump back to that command (sets search to the command name and scrolls to it)
• History persists across page refreshes via localStorage; click ✕ Clear to reset it

Pipeline Tray

• Click ➕ Pipe on any card to add its example to the Pipeline Tray
• The Tray slides up from the bottom of the screen when it has at least one command
• Commands are joined with | — building a live shell pipeline as you add more
• Each command in the tray has an × remove button
• Click 📋 Copy Pipeline to copy the full piped string to clipboard
• Click Clear to empty the tray and collapse it

📊 Log Parser

What it does: Parses, filters, and analyses log files from NGINX, Apache, Syslog, Docker/Kubernetes, and JSON structured logs — live in your browser. Generates ready-to-copy grep, awk, and one-liner shell commands based on your active filters.

How to use:

• Paste log content into the input area, or click an Example chip to load a sample
• The format is auto-detected (NGINX access, Apache error, Syslog, Docker, JSON)
• Use the filter row to narrow results: status code (supports 4xx/5xx patterns), IP address (wildcards supported), URL pattern, HTTP method, text search, and log level
• Click ▶ PARSE — the tool renders stats, a timeline, top IPs, top URLs, and filtered log lines
• The Timeline shows a colour-coded horizontal bar: green = 2xx, amber = 4xx, red = 5xx, blue = info — hover any marker for details
• The Commands section generates three shell equivalents of your current filters: a grep chain, an awk field-based command, and an optimised one-liner
• Each command has its own COPY button and a → Scratchpad button
• Click → All to Scratchpad to send all three commands plus a filter summary as a structured audit block
• The results panel has a COPY ALL button to copy all filtered log lines as plain text

🔐 Security Header Tester

What it does: Analyses the HTTP security headers of any URL, assigns a security grade (A+ to F), and generates ready-to-paste NGINX and Apache config snippets to fix any missing headers.

Headers Checked:

• Strict-Transport-Security (HSTS) — forces HTTPS-only connections
• Content-Security-Policy (CSP) — prevents XSS and injection attacks
• X-Content-Type-Options — stops MIME-type sniffing
• Referrer-Policy — controls referrer header leakage
• Permissions-Policy — restricts camera, mic, geolocation APIs
• Cross-Origin-Opener-Policy (COOP) — isolates browsing context
• X-Frame-Options (deprecated, flagged as warning)
• X-XSS-Protection (deprecated, flagged as warning)

How to use:

• Enter a URL (or click an example chip) and click ▶ Test Security
• View the grade badge, score out of 100, and per-header status cards
• Green card = header present, red card = missing (critical ones are labelled)
• Switch between NGINX, Apache, and Recommendations tabs for remediation
• COPY buttons on each code block let you paste directly into your config
• Click → Dashboard to send a full audit report (URL, grade, missing headers, NGINX snippet) to the Scratchpad

⚙️ Systemd Service Generator

What it does: Generates production-ready .service files for Linux systemd with a live preview that updates as you type. Covers all three sections: [Unit], [Service], and [Install].

Quick Templates:

• 🌐 Web App — Node.js/Python web server with www-data user, restart=always, environment variables
• ⚙️ Background Worker — Long-running queue processor with on-failure restart
• 🐳 Docker Container — Wraps a Docker container as a systemd unit, depends on docker.service
• ⏰ Timer / Cron Job — One-shot service for use with a .timer unit
• 🗄️ Database — Database daemon with Type=notify and reload signal
• 📄 Blank — Empty template to fill from scratch

How to use:

• Click a template chip to pre-fill all fields, or start from blank
• Edit any field — the live preview (right panel) updates instantly with syntax highlighting
• Add environment variables with + Add Variable — each KEY=value pair appears as an Environment= line
• Toggle RemainAfterExit for oneshot services that should stay "active" after the command exits
• The Installation Steps box updates the service name live
• Click COPY to copy the file contents, ↓ Download to save as name.service, or → Dashboard to send the full service file + install commands to the Scratchpad

🌐 DNS Propagation Checker

What it does: Queries 12 global DNS resolvers using DNS-over-HTTPS (DoH) directly from your browser to check whether a DNS record has propagated worldwide. Detects inconsistencies and shows per-server response times.

DNS Servers Queried:

• Cloudflare, Cloudflare Security, Google (×2), Quad9, OpenDNS, AdGuard, CleanBrowsing, NextDNS, Control D, Mullvad, BlahDNS

Record Types Supported:

• A — IPv4 address | AAAA — IPv6 address | CNAME — alias
• MX — mail exchange | TXT — text records (SPF, DKIM, verification) | NS — nameserver | SOA — start of authority

How to use:

• Enter a domain (or click an example chip) and select a record type
• Click ▶ Check DNS — the tool queries all 12 resolvers sequentially
• Each server card shows: status badge, resolved value(s), and response time in ms
• Green tint = successfully resolved | Amber tint = different value from majority | Red tint = failed / CORS blocked
• A consistency banner appears when all queries complete: green = fully propagated, amber = inconsistent
• Enable the Auto-refresh toggle to re-query every 30 seconds — a countdown timer is shown
• Click → Dashboard to send a structured audit report (domain, record type, grade, per-server table, CLI verification commands) to the Scratchpad

🔑 Zero-Trust PKI Inspector

What it does: Parses X.509 certificates locally to extract expiration dates, issuers, and Subject Alternative Names (SANs) without uploading private certs to the internet.

How to use:

• Paste your PEM-encoded certificate (starting with -----BEGIN CERTIFICATE-----).
• The tool instantly decodes and highlights the Validity Period (with a days-remaining countdown).
• View the full list of SANs to ensure all required domains are covered.
• Click → Scratchpad to send a markdown summary to your notes.

🛡️ AWS IAM & K8s Policy Linter

What it does: Scans JSON (AWS IAM) or YAML (Kubernetes RBAC) policies for dangerous wildcards, overly permissive actions, and privilege escalation vectors.

How to use:

• Paste your raw IAM JSON or K8s Role YAML.
• The linter highlights CRITICAL risks (like "Resource": "*" or "Action": "iam:PassRole").
• Review the exact line numbers and risk descriptions to lock down your permissions before deployment.

🔗 Connection String Builder

What it does: Generates perfectly formatted database URIs and ready-to-use connection code snippets for PostgreSQL, MongoDB, Redis, and MySQL.

How to use:

• Select your database type from the dropdown.
• Fill in the host, port, username, password, and database name.
• The tool generates the standard URI (e.g., postgres://user:pass@host:5432/db).
• Copy the auto-generated implementation code for Python, Node.js, or Go.

🐳 Docker Compose Visualizer

What it does: Reads a docker-compose.yml file and generates a clean, interactive vis-network dependency graph of your container architecture — services, ports, volumes, networks, links, and healthcheck status.

How to use:

• Paste or upload: Paste YAML into the editor, use 📂 Open File to load a .yml file, or drag-and-drop a compose file onto the page.
• Live parsing: The graph updates automatically as you type (420ms debounce). Parse errors highlight the offending line in the editor and scroll to it.
• 4 demo topologies: The dropdown includes 3-Tier Web Stack, Monitoring (Prometheus/Grafana), Microservices (Kong/Kafka), and CI/CD Pipeline (Gitea/Drone).
• Click any node to open the service detail panel: image, build context, container name, restart policy, command, ports, networks, volumes, depends_on, environment variables, env_file, healthcheck config, labels, deploy settings, and resource limits.
• Search nodes: Type in the search box to highlight matching nodes and dim the rest. First match is auto-focused.
• Export as PNG: Click 📸 PNG to download a snapshot of the current graph for documentation or architecture reviews.
• Copy YAML: Click 📋 Copy to copy the editor content to clipboard.
• Zoom +/−: Dedicated buttons in the graph toolbar, plus fit-to-screen and physics toggle.

Parsing capabilities:

• Services: Box nodes with image name. Healthcheck-enabled services show a ♥ badge.
• Ports: Green circle nodes connected to their service.
• Volumes: Database-shaped nodes with mount path labels on edges (e.g. /var/lib/postgresql/data:ro).
• Networks: Purple ellipse nodes linking services sharing the same network.
• depends_on: Dashed arrow edges labeled "depends".
• links (Compose v2): Legacy links: directive rendered as dashed "link" edges.
• Environment variables: Shown in service tooltips (first 6 vars, then "+N more") and fully listed in the detail panel.

🏗️ Terraform Plan Analyzer

What it does: Parses the raw text output of a terraform plan command into a clean, colour-coded dashboard showing exactly what will be created, modified, or destroyed — so you can review changes safely before running terraform apply.

How to use:

• Run terraform plan in your terminal and copy the full text output.
• Paste it into the tool.
• Review the colour-coded summary: green = create, amber = modify, red = destroy.
• Pay close attention to the red To Destroy section to confirm you aren't accidentally dropping critical infrastructure.

🔐 SSO / SAML & JWT Autopsy

What it does: Decodes opaque JWT tokens and massive Base64-encoded SAML Responses to extract the critical claims needed for troubleshooting broken SSO logins — all locally, nothing sent to a server.

How to use:

• Paste your raw token or Base64 payload into the input.
• The tool auto-detects the format (SAML vs. JWT) and decodes it locally.
• Review the NameID, Issuer, Audience, and expiration timestamps in human-readable format.

☸️ Kubernetes Manifest Builder

What it does: Dynamically generates production-ready YAML for Kubernetes Deployments, Services, and Ingress resources so you don't have to write boilerplate from scratch.

How to use:

• Enter your App Name, Docker Image, Container Port, and Replica count.
• Check the boxes to include a ClusterIP Service or Nginx Ingress.
• Click Copy All to grab the combined, correctly indented YAML blocks ready for kubectl apply.
• Click → Scratchpad to save the manifest as a timestamped note.

🧹 Log Scrubber & Anomaly Finder

What it does: Processes server logs entirely in your browser to redact sensitive PII (IP addresses, emails, tokens) and isolate critical errors — safe to use with production log data.

How to use:

• Paste up to thousands of lines of raw server logs into the input area.
• Toggle Redact IPs/Emails to instantly replace them with [REDACTED] tags.
• Toggle Errors Only to strip away 200 OK traffic and surface only 4xx, 5xx, or FATAL stack traces.
• Copy the scrubbed output to safely share with vendors, support teams, or file in a ticket.

🧮 High-Powered Sysadmin Calculator

What it does: A multi-tab calculator designed specifically for infrastructure math, featuring Scratchpad integration on every tab — click → Scratchpad on any result to instantly export your calculation to the dashboard notepad for documentation or sharing.

Tab 1 — Scientific Calculator

A robust math engine with a full grid of calculator buttons and real-time expression evaluation as you type.

• Type any expression directly into the input bar — results update live. Supports standard operators (+, −, ×, ÷, ^), parentheses, π, e, mod, and scientific notation (EE).
• Auto-close parentheses: Expressions like sqrt(9 evaluate correctly — missing closing parentheses are added automatically before calculation.
• Floating-point correction: Results are normalised via toPrecision(12) to eliminate floating-point noise (e.g., 0.1 + 0.2 returns 0.3, not 0.30000000000000004).
• 2nd button toggle: Click 2nd to swap the function keys to their inverses — sin ↔ asin, cos ↔ acos, tan ↔ atan, log ↔ 10^x, ln ↔ e^x, √ ↔ x². Click 2nd again to return to primary functions.
• ANS key: Inserts the result of the last completed calculation into the current expression.

Tab 2 — Programmer Base Converter

Instantly converts between Decimal, Hexadecimal, Binary, and Octal as you type in any field. All four representations stay in sync in real time.

• Type a value into any of the four fields (DEC, HEX, BIN, OCT) — the other three update immediately.
• Uses BigInt under the hood to safely handle very large numbers beyond JavaScript's standard numeric precision (e.g., 64-bit integers from system calls or memory addresses).
• Each field shows contextual metadata below the input: bit count for binary, 0x-prefixed value for hex, 0-prefixed value for octal, and digit count for decimal.
• Quick-copy buttons next to each field let you copy that representation to your clipboard with one click — the button briefly shows ✓ Copied to confirm.
• Invalid characters for a given base (e.g., typing 9 in the binary field) show a subtle inline error message rather than silently corrupting other fields.

Tab 3 — Data Transfer Time

Estimates how long a file transfer will take based on file size, link speed, and protocol overhead.

• File Size: Enter a value and select the unit — MB, GB, TB, or PB.
• Network Speed: Enter the link speed and select Mbps, Gbps, or MB/s.
• TCP/IP Overhead: Select 0% (theoretical maximum), 10% (typical LAN), or 20% (WAN / Internet) to account for protocol framing, retransmission, and header overhead.
• Results update instantly. Estimated Transfer Time is formatted as Xd Xh Xm Xs (e.g., 2d 4h 15m 30s) and the total seconds are shown below for precision. Effective Throughput shows the net MB/s or GB/s after overhead deduction.

Tab 4 — RAID Capacity

Calculates usable storage capacity, efficiency percentage, and fault tolerance for all five common RAID levels simultaneously.

• Set Number of Drives (minimum 1, maximum 64) and Size Per Drive in GB or TB.
• Results for RAID 0, 1, 5, 6, and 10 are all shown at once in a card grid — no need to switch between modes.
• Each card shows: usable capacity (formatted in GB, TB, or PB as appropriate), storage efficiency percentage, and fault tolerance (number of drives that can fail before data loss).
• If the current drive count is below the minimum required for a RAID level (e.g., fewer than 4 drives for RAID 6), the card displays a "Requires min X drives" warning instead of a capacity figure.
• The card with the highest usable capacity is highlighted with a ★ marker as a quick guide to the most space-efficient option for your drive count.

Tab 5 — SLA & Uptime

Translates a target SLA percentage into the exact maximum allowed downtime per day, week, month, and year.

• Type any SLA percentage into the input field (e.g., 99.95) or click one of the quick-select preset buttons: 99%, 99.5%, 99.9%, 99.95%, 99.99%, 99.999%, 99.9999%.
• A live progress bar fills to visually represent the uptime percentage.
• A summary line shows how many nines of availability the SLA represents (e.g., 99.9% = 3 nines).
• The four downtime cards (Per Day, Per Week, Per Month, Per Year) display the maximum allowed downtime formatted intelligently — seconds for tight SLAs, minutes for moderate ones, and hours/days for lenient ones.

🗺️ Visual VPC Planner

What it does: An interactive visual designer for planning cloud VPC (Virtual Private Cloud) network topologies. Draw subnets, assign CIDR blocks, and let the tool automatically detect overlapping address spaces before you deploy — preventing the painful IP collision errors that are impossible to fix without re-provisioning.

How to use:

• Enter your top-level VPC CIDR block (e.g., 10.0.0.0/16) in the VPC field to set the overall address space boundary.
• Click + Add Subnet to create a new subnet block. Give it a name (e.g., public-us-east-1a), a CIDR (e.g., 10.0.1.0/24), and a type (Public, Private, or Database).
• The visual canvas updates immediately, rendering each subnet as a labelled block colour-coded by type: blue = public, green = private, amber = database.
• If two subnets overlap, a ⚠️ COLLISION DETECTED banner appears on both offending subnets identifying the conflicting ranges — no deployment can proceed until resolved.
• Hover any subnet block to see its full CIDR details: network address, broadcast, usable host range, and total host count.
• Drag subnet blocks to reorganise the canvas layout — this is purely visual and does not change the CIDR assignments.
• Click 📋 Copy as Terraform to export your subnet layout as a ready-to-use aws_subnet resource block for each defined subnet.
• Click 💾 Export JSON to save your entire VPC plan and reload it later.

🚇 SSH Tunnel Builder

What it does: A visual form-based builder for SSH port forwarding commands. Supports all three tunnelling modes — Local, Remote, and Dynamic (SOCKS5) — and auto-generates both the ready-to-run ssh command and the corresponding ~/.ssh/config block so you can make the tunnel permanent without remembering obscure flags.

Tunnel Modes:

• Local Forwarding (-L): Binds a port on your local machine and forwards traffic through the SSH server to a remote host:port. Use this to access a database or internal web app behind a firewall from your workstation.
• Remote Forwarding (-R): Binds a port on the SSH server and forwards traffic back to your local machine. Use this to expose a local dev server to a remote system (reverse tunnel).
• Dynamic Forwarding (-D): Opens a SOCKS5 proxy on a local port. Route any application through it to make traffic appear to originate from the SSH server. Useful for browsing internal services as if you were on-network.

How to use:

• Select your tunnel mode (Local, Remote, or Dynamic) using the tab buttons at the top.
• Fill in the SSH Host (jump server address), SSH User, and SSH Port (default 22).
• For Local/Remote: enter the Local Port, Remote Host, and Remote Port.
• For Dynamic: enter only the Local SOCKS Port (default 1080).
• Toggle optional flags: -N (no remote command — keeps the tunnel open without running a shell), -f (background the process), -C (compression), -v (verbose for debugging).
• The generated ssh command and ~/.ssh/config block update live as you type.
• Click 📋 Copy Command to copy the one-liner, or 📋 Copy Config to copy the config block.
• Click → Scratchpad to save both the command and config block as a labelled note.

🛡️ Command Scanner

What it does: Audits shell commands and scripts for destructive, risky, or irreversible flags before you run them. Paste any command or multi-line shell script and the scanner highlights dangerous patterns with severity ratings — so you can catch rm -rf / style mistakes before they happen.

How to use:

• Paste a single command or a multi-line shell script into the input area.
• Click ▶ Scan — the scanner analyses every line and flags any patterns it recognises.
• Review the results panel: each finding shows the line number, the matched pattern, a severity badge (CRITICAL / WARNING / INFO), and a plain-English explanation of why it is dangerous.
• Hover any highlighted token in the input to see a pop-up tooltip with the risk description.
• Click 📋 Copy Report to copy a structured audit summary, or → Scratchpad to save it.

Severity Levels:

• CRITICAL — Irreversible data destruction risk (e.g., rm -rf, mkfs, dd if=... of=/dev/sda, :(){ :|:& }; fork bombs, chmod -R 777 /).
• WARNING — Potentially dangerous in the wrong context (e.g., curl | bash, sudo without a specific command, writing to /etc/, disabling firewalls with ufw disable).
• INFO — Noteworthy but context-dependent (e.g., redirection with > that overwrites files, background processes with &, nohup).

⚡ Data Transformer

What it does: A multi-step data conversion pipeline that chains together encoding and decoding operations in a single pass. Supports Base64, URL encoding, Hex, and JWT decoding — with a visual step-by-step breakdown so you can see exactly what each transformation does to your data.

How to use:

• Paste your raw input data into the top input field.
• Click + Add Step to choose a transformation from the dropdown: Base64 Encode, Base64 Decode, URL Encode, URL Decode, Hex Encode, Hex Decode, JWT Decode, Escape HTML, or Unescape HTML.
• Add as many steps as needed — the output of each step automatically becomes the input of the next.
• Each step card shows its intermediate output in a collapsible panel so you can inspect any point in the chain.
• Drag steps up or down to reorder the pipeline.
• Click ✕ on a step card to remove it from the chain.
• The final output appears in the results box at the bottom with a 📋 Copy button.
• Click 💾 Save Pipeline to export your current step configuration as a JSON file for re-use.

Common Multi-Step Workflows:

• Decode a double-encoded SAML response: URL Decode → Base64 Decode → (read XML)
• Inspect a URL-safe JWT: URL Decode → JWT Decode
• Encode a JSON payload for a URL parameter: Base64 Encode → URL Encode
• Convert raw bytes to readable hex: Hex Encode (then inspect byte values)

📄 Config Generator

What it does: Generates starter configuration file templates for the most common server and development tools — NGINX, Apache, SSH daemon, Docker Compose, and .gitignore — so you don't have to start from a blank file or hunt for documentation.

How to use:

• Click the Config Generator card on the main dashboard.
• Select a template type from the tab bar: NGINX, Apache, SSH, Docker Compose, or .gitignore.
• Fill in any context fields shown (e.g., server name, domain, port number) — the template updates live with your values substituted.
• Click 📋 Copy to copy the completed config, or ⬇ Download to save it as the correct filename (nginx.conf, docker-compose.yml, etc.).
• Click → Scratchpad to append the config as a labelled note.

🖥️ SSH Key Generator

What it does: Generates Ed25519 and RSA SSH keypairs entirely in your browser using the Web Crypto API — no private key material is ever sent to any server. Produces the public key in OpenSSH format ready to paste into ~/.ssh/authorized_keys.

How to use:

• Open the SSH Key Generator from the dashboard.
• Select the key algorithm: Ed25519 (recommended — smaller, faster, more secure) or RSA (choose 2048, 3072, or 4096 bits).
• Optionally enter a comment (e.g., your email or hostname) to label the key — this appears at the end of the public key string.
• Click ⚡ Generate Keypair.
• The public key appears in the top output box — click 📋 Copy Public Key to copy it.
• The private key appears in the lower output box in PEM format — click ⬇ Download Private Key to save it as id_ed25519 or id_rsa.
• After downloading, set the correct file permission immediately: chmod 600 ~/.ssh/id_ed25519.

🔑 Password Generator

What it does: Generates cryptographically secure random passwords using window.crypto.getRandomValues() — the same CSPRNG used by security-critical applications. All generation happens in your browser; no password is ever transmitted.

How to use:

• Open the Password Generator from the dashboard.
• Set the Length slider (range: 8–128 characters).
• Toggle the character sets to include: Uppercase (A–Z), Lowercase (a–z), Numbers (0–9), Symbols (!@#$%^&* etc.), and Exclude Ambiguous (removes 0, O, l, 1 to prevent copy errors).
• A live Strength meter (Weak / Fair / Strong / Very Strong) updates as you adjust settings.
• Click ⚡ Generate to produce a new password, or click the refresh icon to regenerate without changing settings.
• Click 📋 Copy to copy to clipboard. The button briefly shows "Copied!" to confirm.
• Click Generate Multiple to produce a batch of 5, 10, or 20 passwords at once — useful for provisioning multiple accounts.

⚓ Port Reference

What it does: A searchable, filterable database of well-known TCP/UDP port numbers and their associated services — covering IANA registered ports (0–1023), registered ports (1024–49151), and common ephemeral/dynamic ports used by popular software.

How to use:

• Open Port Reference from the dashboard.
• Type a port number (e.g., 443) or a service name (e.g., postgres, redis, http) in the search bar — results filter instantly.
• Use the Protocol chip buttons to filter by TCP, UDP, or Both.
• Use the Category filter to narrow by type: Web, Database, Mail, DNS, Security, Monitoring, etc.
• Each result shows: port number, protocol(s), service name, common software, and a brief description.
• Click any row to copy the port number to your clipboard.

🛡️ IP Reputation & MAC Lookup

What it does: Two tools in one — check whether an IP address appears in public threat intelligence databases (spam, malware, botnet, Tor exit nodes), and look up the hardware vendor behind any MAC address using the IEEE OUI registry.

IP Reputation Check

• Enter an IPv4 or IPv6 address in the IP Reputation tab.
• Click ▶ Check Reputation — the tool queries public threat databases including AbuseIPDB, Spamhaus, Emerging Threats, and known Tor exit node lists.
• Results show a Risk Score (0–100), the threat categories it appears in (spam, malware, scanning, brute-force, etc.), the originating ASN and country, and first/last reported dates.
• A colour-coded verdict badge shows: CLEAN, SUSPICIOUS, or MALICIOUS.
• Click → Scratchpad to append a formatted reputation report for use in incident documentation.

MAC Address / OUI Lookup

• Switch to the MAC Lookup tab.
• Enter a MAC address in any standard format: 00:1A:2B:3C:4D:5E, 00-1A-2B-3C-4D-5E, or 001A2B3C4D5E.
• Click ▶ Lookup — the tool checks the first 3 octets (OUI) against the IEEE MA-L registry to identify the hardware manufacturer.
• Results show the vendor name, country of registration, and whether the OUI is marked as Private (used for randomised/spoofed MACs).

🕐 Timestamp Converter

What it does: Converts between UNIX epoch timestamps and human-readable date/time strings, with support for multiple timezones and all common timestamp formats — milliseconds, seconds, ISO 8601, RFC 2822, and more.

How to use:

• Open Timestamp Converter from the dashboard.
• Epoch → Human: Paste a UNIX timestamp (seconds or milliseconds) into the epoch field and click Convert →. The tool auto-detects seconds vs. milliseconds based on the magnitude.
• Human → Epoch: Enter a date/time string in the date field (supports natural language like 2026-03-01 14:30, March 1 2026 2:30pm, or ISO format). Click ← Convert.
• Select a Timezone from the dropdown to see the conversion result in any timezone simultaneously.
• The result panel shows the timestamp in multiple formats at once: UNIX seconds, UNIX milliseconds, ISO 8601, UTC string, and local time.
• Click 📋 Now to instantly load the current epoch into the input.
• Click any output field to copy it.

📑 Diff Checker

What it does: Side-by-side and inline text comparison with line-level and character-level diff highlighting. Useful for comparing config file versions, spotting changes in Terraform plans, reviewing script edits, or checking what changed between two API responses.

How to use:

• Open Diff Checker from the dashboard.
• Paste the original (before) text into the left panel and the modified (after) text into the right panel.
• The diff is computed and highlighted instantly as you type — no button press required.
• Toggle between Side-by-Side view (two columns) and Unified view (single column with +/− prefix lines) using the view mode buttons.
• Toggle Ignore Whitespace to suppress diff lines where the only change is leading/trailing spaces or blank lines — useful for comparing reformatted configs.
• Toggle Show Line Numbers to add line number gutters to both panels for easy reference.
• The summary bar shows total lines added, lines removed, and lines changed.
• Click 📋 Copy Diff to copy a unified diff string (standard diff -u format) to your clipboard.
• Click → Scratchpad to append the diff with a timestamp header.

🚀 DriftScope Config Intelligence

What it does: Performs semantic, structural diffing of JSON and YAML infrastructure configs — Kubernetes Deployments, Terraform state files, AWS CloudFormation templates, and any other nested config — entirely in the browser. It compares a Baseline (your source of truth, from Git or IaC) against a Target (the live, running state) and surfaces every meaningful difference without false positives from volatile fields.

How to use:

• Open DriftScope from the dashboard.
• Paste your Baseline configuration into the left panel (JSON or YAML — auto-detected). This is what the config should look like.
• Paste the live Target configuration into the right panel. This is what is actually running (e.g., from kubectl get deployment -o yaml).
• Click ▶ Analyze Drift (or press Ctrl+Enter / Cmd+Enter).
• Review the three result columns:
  • 🔴 Missing Resources — keys/values present in Baseline but deleted or absent in Target.
  • ⚠️ Attribute Mismatches — keys present in both, but values differ (shows Expected vs. Actual).
  • 🟢 Unmanaged Additions — keys present in Target but not in Baseline (rogue manual changes).
• The Drift Score gauge shows overall config integrity (100% = identical). Scores below 90% indicate actionable drift.
• Click → Scratchpad to append a formatted plain-text diff report for use in incident tickets or change reviews.
• Use ⚡ Load K8s Drift Example to instantly populate a realistic Kubernetes drift scenario for exploration.

🕵️ SELinux & AppArmor Audit Translator

What it does: Translates cryptic type=AVC SELinux denial messages and AppArmor DENIED log entries into plain English. It identifies the exact process, target resource, and denied permission, then generates three surgical CLI remediation paths — so you can fix the root cause instead of reaching for setenforce 0.

How to use:

• Open SELinux & AppArmor Translator from the dashboard.
• Paste the raw audit log line from /var/log/audit/audit.log, dmesg, or journalctl -k into the input area.
• Click ▶ Translate Log. Use the example buttons to load a pre-built SELinux or AppArmor scenario.
• Read the Plain English Verdict — it explains who (process + SELinux type / AppArmor profile) tried to do what (read, write, execute, connect) to which resource, and why SELinux/AppArmor blocked it.
• Review the Forensic Breakdown cards showing the Subject (process context) and Object (target resource and label).
• Choose from the 3-Path Resolution panel:
  • Path 1 — Context Relabeling: Use chcon for a quick test, then semanage fcontext + restorecon for a permanent fix. Best when the file label is wrong.
  • Path 2 — Boolean Toggles: Use setsebool -P to enable a pre-built policy switch (e.g., httpd_can_network_connect). Best for common service patterns.
  • Path 3 — Custom Policy Module: Generates a .te policy file and the full checkmodule → semodule_package → semodule -i pipeline to whitelist exactly this operation and nothing else.
• For AppArmor denials, Path 1 generates the exact profile rule line to add and the apparmor_parser -r reload command.

🚷 Linux Permission & Path Traversal Simulator

What it does: Diagnoses 403 Forbidden and Permission Denied errors by visually simulating how the Linux kernel evaluates file permissions as it walks down a directory tree. It pinpoints exactly which directory in the path is blocking access and explains the Unix permission model that causes it.

How to use:

• Open Linux Permission Simulator from the dashboard.
• Enter the Process User (e.g., www-data) and Process Group (e.g., www-data) — these represent the process trying to access the file.
• Enter the Target Path (e.g., /var/www/html/index.html). The tool splits this into each component directory.
• For each path segment, set the Owner, Group, and Permissions (owner/group/other rwx bits) to match your actual filesystem.
• Select the Access Type you are testing: Read a file, Write a file, or Execute/traverse a directory.
• Click ▶ Simulate Access. The tool walks the path from / to the target, checking the execute bit on each parent directory first.
• The result shows a step-by-step trace: each directory either passes (✓) or halts (✕) the traversal, with the exact permission bits and the rule that caused the block.

🔀 NGINX Route & Proxy Pass Simulator

What it does: Mathematically resolves which NGINX location block wins a given request URI, following the exact NGINX priority algorithm. It also simulates the proxy_pass trailing slash URI mutation rule — showing exactly what URL reaches your upstream backend.

NGINX Location Priority (implemented strictly):

• Priority 1 — = (Exact Match): If the full URI matches exactly, this block wins immediately. NGINX halts all further evaluation.
• Priority 2 — ^~ (Preferential Prefix): Among all prefix matches, if the longest one uses ^~, NGINX wins this block and skips regex entirely.
• Priority 3 — ~ / ~* (Regex): Evaluated in declaration order. The first matching regex wins.
• Priority 4 — (none) (Standard Prefix): The longest matching prefix wins, but only if no regex matched first.

How to use:

• Open NGINX Route Simulator from the dashboard.
• Enter the Incoming Request URI (e.g., /api/v1/users?id=5).
• Add your location blocks using the + Add Location Block button. For each block, set the modifier (=, ^~, ~, ~*, or none), the match pattern, and the proxy_pass destination.
• Drag blocks to reorder them — order matters for regex evaluation.
• Click ▶ Simulate Routing.
• The result shows: which block won and why (step-by-step priority reasoning), the exact upstream URL, and a mutation diagram showing how the URI was transformed by proxy_pass.
• Use ⚡ Load Tricky Scenario to load a pre-built example with competing exact, preferential, regex, and prefix blocks.

🧱 Firewall Rule Builder

What it does: Visually generates safe, exact CLI firewall commands for iptables, UFW, and firewalld simultaneously from a single form — eliminating the need to remember three different syntax dialects. Includes an SSH Safeguard to prevent accidental server lockouts.

How to use:

• Open Firewall Rule Builder from the dashboard.
• Select the Action: Allow, Deny/Drop, or Reject.
• Select the Direction: Inbound (INPUT), Outbound (OUTPUT), or Forwarded (FORWARD).
• Select the Protocol: TCP, UDP, ICMP, or Any.
• Enter the Port or port range (e.g., 443, 8080:8090). Leave empty for protocol-wide rules.
• Optionally specify a Source IP/CIDR and/or Destination IP/CIDR to scope the rule.
• Toggle SSH Safeguard to automatically inject a port 22 ALLOW rule ahead of any broad deny rule — critical when modifying INPUT chain rules remotely.
• The output panel shows the equivalent command for all three firewall tools simultaneously. Copy the one appropriate for your distribution.
• Click → Scratchpad to save the full rule set for a runbook or change request.

✉️ Email DNS Generator (SPF / DKIM / DMARC)

What it does: Generates perfectly formatted DNS TXT records for SPF, DKIM, and DMARC — the three email authentication standards that prevent spoofing, ensure deliverability, and protect your domain's reputation. All three records are required for modern email compliance (Google, Microsoft 365 bulk mail requirements).

How to use:

• Open Email DNS Generator from the dashboard and select the tab for the record you need.

Tab 1 — SPF (Sender Policy Framework)

• Enter your Domain name.
• Toggle which senders are authorized: MX servers, A record IP, or add third-party providers via include: tags (click the quick-add chips for Google Workspace, Microsoft 365, SendGrid, Mailgun, etc.).
• Add any specific IPv4/IPv6 addresses not covered by MX or A records.
• Select the Policy: -all (strict/reject), ~all (softfail, recommended for testing), or ?all (neutral).
• The output shows the exact TXT record value. A live counter warns when you approach the 10 DNS lookup limit.

Tab 2 — DKIM (DomainKeys Identified Mail)

• Enter the Selector name provided by your mail service (e.g., google, mail, s1).
• Paste the Public Key block from your mail provider's DNS settings panel. Headers are stripped automatically.
• The output shows the full host (selector._domainkey.domain.com) and the TXT value.

Tab 3 — DMARC

• Set the Policy (p=none to monitor, p=quarantine for spam folder, p=reject to block).
• Set the Percentage (start at 10% and increase gradually) and enter Aggregate Report (rua=) and Forensic Report (ruf=) email addresses.
• The host is always _dmarc.yourdomain.com.

🔐 OpenSSL CSR & Key Builder

What it does: Generates the exact OpenSSL CLI commands to create RSA/ECDSA private keys and Certificate Signing Requests (CSR), including complex Subject Alternative Names (SANs) injected safely via a temporary OpenSSL config file. No more guessing the -subj syntax or searching for how to add SANs on the command line.

How to use:

• Open OpenSSL CSR Builder from the dashboard.
• Enter your Common Name (primary domain, e.g., example.com) and Subject Alternative Names — one per line. SANs can be domain names (www.example.com, *.example.com) or IP addresses (192.168.1.10).
• Fill in the Organization, Organizational Unit, City, State, and Country Code (2-letter ISO code, e.g., US).
• Select the Key Type (RSA or ECDSA) and Key Size (RSA: 2048, 3072, 4096; ECDSA: P-256, P-384, P-521).
• The output generates a complete multi-line bash script that: creates a temporary san.cnf config, generates the private key, creates the CSR with all SANs embedded, then removes the temp file.
• Copy and paste the entire script into your server terminal. The CSR file can then be submitted to your CA (Let's Encrypt, DigiCert, etc.).

🔍 jq Playground

What it does: Lets you test jq JSON query filters live in your browser — paste a JSON payload, type a jq filter expression, and see the output instantly. Also generates the equivalent copy-paste jq shell command for use in your bash scripts and pipelines.

How to use:

• Open jq Playground from the dashboard.
• Paste your JSON payload into the input panel (left). This can be anything: API responses, Kubernetes manifests, AWS CLI output, log data.
• Enter your jq filter expression in the filter bar (e.g., .items[].metadata.name). The output updates live as you type.
• Toggle Raw Output (-r flag) to strip JSON string quotes from scalar output — useful when piping to shell commands.
• Toggle Compact Output (-c flag) to suppress pretty-printing for smaller one-line output.
• Click 📋 Copy CLI Command to get the full cat file.json | jq '...' command ready for use in a terminal.
• Click → Scratchpad to save both the filter and output for your runbook.

💡 General Tips

Dark Mode

Click the 🌙/🌞 button in the top-right corner to toggle between dark and light themes. Your preference is saved automatically and synced across all pages.

Keyboard Shortcuts

• ⌘K / Ctrl+K: Focus the search box on the main dashboard
• ↑ ↓ Enter: Navigate search results
• Esc: Close search / close tool panel

Browser Compatibility

Works best in Chrome 80+, Firefox 75+, Safari 13+, Edge 80+. The Local Disk Sync feature (File System Access API) requires Chrome 86+, Edge 86+, or Opera 72+ — it is not available in Firefox or Safari.

Privacy

• No tracking or analytics
• No data collection
• All tools run client-side (in your browser)
• Settings stored locally (localStorage)
• Pinned tool layouts stored locally (localStorage key: mysysad_favorites)
• Local Disk Sync file handles stored locally (IndexedDB) — never transmitted
• No backend database exists — there is nothing to breach

Data Persistence

Settings (dark mode, world clock, scratchpad, pinned tools) are saved to localStorage. They clear if you clear browser cache, use incognito mode, or switch browsers/devices. Use the World Clock export feature to preserve your timezone list. Use the 📤 Export Pinned button to preserve your workstation layout as a mysysad-pins.json file. Use 🔗 Link Local File to keep Scratchpad content on disk independently of browser storage.

🖼️ WebRSW Pro — Image Operations Console

What it does: A browser-based forensic image editor for sysadmins and security professionals. Redact credentials from screenshots, annotate infrastructure diagrams, add audit stamps, and export clean images — all without any data leaving your browser.

Core capabilities:

• Multi-layer canvas: Each annotation, drawing, or text element lives on its own compositable layer with blend mode support. Layers can be reordered (▲/▼), renamed (double-click), merged down, or hidden with the 👁 visibility toggle.
• Drawing tools: Arrow tool (A key), Freehand pen, Rectangle, Ellipse, Line, and Text insertion — each with configurable color, stroke width, and opacity.
• Eraser tool: Press E key or click ⌫ ERAS. Uses destination-out compositing for non-destructive erasing with full undo support.
• Selection system: Rectangular selection (V key), Select All (Ctrl+A), and selection move/transform — float pixels from the canvas, drag to reposition, click outside to drop.
• Brightness/Contrast: Modal with dual sliders using proper contrast factor math for professional image adjustment.
• Sharpen filter: 3×3 unsharp mask convolution kernel for sharpening blurry screenshots.
• Export options: Full canvas export as PNG, or export just the current selection as a separate PNG via context menu.
• Image info panel: Shows dimensions, uncompressed size, compression ratio, color depth, and file metadata.
• New blank canvas: Color picker with White/Dark/Transparent presets for starting from scratch.

Keyboard shortcuts:

• V — Select tool   E — Eraser   A — Arrow tool
• Ctrl+A — Select all   Ctrl+Z — Undo   Ctrl+Shift+Z — Redo

🗺️ NetBuilder Pro — Visual Network Topology Architect

What it does: A full-featured visual network design tool. Create servers, routers, firewalls, switches, and cloud nodes on an infinite canvas, connect them with links, assign IP addresses and subnets, simulate packet routing, and export the result as PNG, SVG, or JSON.

Core capabilities:

• Node palette: Server, Router, Firewall, Switch, Cloud, Client — drag from the palette or right-click canvas to place.
• Link inspector: Click any link to edit interface names, bandwidth, cost/OSPF weight, type (ethernet/fiber/vpn), and notes. Link costs are displayed on the canvas and used by the routing simulator.
• VLSM subnet calculator: Built-in tool that calculates variable-length subnet masks with host counts, automatically assigning IPs to nodes.
• Subnet zone overlays: Auto-colored translucent rectangles drawn behind node groups sharing the same subnet for instant visual grouping.
• Packet simulation: The SimEngine uses Dijkstra's algorithm (weighted by link cost) to find shortest paths. Animated packets travel the route on the canvas.
• Multi-select: Shift+click to toggle individual nodes, Shift+drag for box selection. Group drag and bulk delete.
• Undo/Redo: 30-step snapshot stack. Ctrl+Z / Ctrl+Y, plus toolbar buttons.
• Auto-layout: Force-directed algorithm (80 iterations, Coulomb repulsion + Hooke's law) to untangle messy topologies.
• Text annotations: Press T to activate the annotation tool, click to place, double-click to edit, drag to move.
• Duplicate node: Ctrl+D or context menu. Clones the node with a new ID and cleared IP address.
• Export as PNG/SVG: Auto-crop with 40px padding. PNG renders at 2x resolution. SVG inlines all styles for standalone use.
• Import from JSON: Restore a previously exported topology via file picker.

🗂️ Photo Organizer

What it does: A full-featured browser-based photo and video management tool. Open any folder on your computer, tag and categorize photos, star-rate them, find duplicates, batch rename, and move files into category subfolders — all using the File System Access API with zero uploads.

Getting started:

• Click 📁 Open Folder and grant read/write access to your photos folder. Subfolders are scanned recursively. Supports JPG, PNG, GIF, WebP, HEIC, RAW, MP4, MOV, and WebM.
• Photos appear as a lazy-loaded thumbnail grid. Use the size slider to adjust thumbnail dimensions.
• Double-click any photo to open the lightbox with full EXIF data, GPS coordinates (with Google Maps link), star rating, category assignment, rotation, and rename.

Tagging & categorization:

• Category bar: Default categories (Family, Travel, Holidays, Food, Pets, Work/School) plus custom categories you can add, rename, or delete.
• Lightbox shortcuts: Press 1–9 to assign a category, L for Later, D to mark for deletion, 0 to clear.
• Auto-advance: Enable the checkbox in the lightbox sidebar — after tagging, automatically jumps to the next untagged photo.
• Right-click context menu: Quick-tag any photo from the grid without opening the lightbox.
• Drag-and-drop: Select photos and drag them onto any category chip (including "Later" and "To Delete") in the category bar.
• Bulk actions: Lasso-select or Ctrl+A, then use bulk Tag All, Later, or Delete buttons.

Filtering & sorting:

• Sort by: Name, Date, Stars, File size (ascending/descending).
• Filter by type: All types, Photos only, Videos only.
• Star filter chips: ★+, ★★★+, ★★★★★+ in the category bar to show only photos above a star threshold.
• Date range filter: From/To date pickers to narrow to specific time periods.
• Search: Filename and path search with instant results.

Advanced features:

• 🔄 Refresh / Auto-refresh: Rescan the folder for new or removed files without losing existing tags. Auto-refresh polls every 15 seconds.
• ⬚ Comparison mode: Side-by-side split view for comparing adjacent photos. Keep/delete actions with undo support.
• ✏ Batch rename: Pattern-based renaming with {n} (sequence), {cat} (category), {date} (YYYY-MM-DD) tokens and live preview.
• 🔍 Duplicate finder: Detects duplicates by filename and file size. Review groups and mark extras for deletion.
• 📦 Move to folders: Moves tagged photos into category-named subfolders on disk (actual filesystem operation).
• 🗑 Delete marked: Permanently removes files marked for deletion from disk.
• ▶ Slideshow: Auto-advancing slideshow of tagged photos with pause, navigation, and progress bar.
• ⬇ Export / ⬆ Import State: Save and restore all tags, stars, and categories as a JSON file.
• ↩ Undo / ↪ Redo: Full 50-step undo/redo stack for all tagging and deletion operations.
• 📋 Session log: Tracks all actions with timestamps and session statistics.
• EXIF parsing: Reads Make, Model, DateTime, FNumber, ExposureTime, ISO, Orientation, and GPS coordinates from JPEG files.

Keyboard shortcuts (grid):

• Ctrl+A — Select all   Delete/Backspace — Mark selected for deletion   Enter — Open lightbox   F5 — Refresh folder

Keyboard shortcuts (lightbox):

• ←/→ — Prev/Next   1–9 — Tag category   0 — Clear tag   L — Later   D — Delete   R — Rotate   Z — Zoom   Esc — Close

❓ Still Need Help?

If you encounter issues or have questions not covered here:

• 📧 Email: Contact Support
• 🐛 Report bugs: Include browser version and steps to reproduce
• 💡 Feature requests: Always welcome!