$ ./internalhost-tools.sh

IT tools

A handful of free tools for sysadmins and developers. Everything runs client-side in your browser — nothing goes to our servers, nothing gets logged. View source to verify.

Client-side Server-side 30 req/min

Tools & diagnostics

AS204729 · Qupra DC · Amsterdam

Looking Glass

In your browser

Subnet, JWT, JSON, hashes — Web Crypto in your tab. No requests to us.

▸ Subnet calculator IPv4 + IPv6 CIDR

Compute network, broadcast, first/last host, usable address count. Works for IPv4 and IPv6. Example: our own .

▸ Password generator crypto-grade random

Uses window.crypto.getRandomValues() — not Math.random(). Click the result to copy.

Length A-Z a-z 0-9 symbols

copied.

▸ UUID generator v4 random

crypto.randomUUID() — RFC 4122 v4. Generate 1, 10 or 100 at once.

▸ JWT decoder inspect tokens

Decode and inspect header + payload of a JSON Web Token. Flags expired tokens. No signature validation (that requires the secret).

Header

Payload

()

▸ JSON formatter pretty/minify

Format with 2- or 4-space indent, or minify to a single line.

▸ Base64 encode/decode UTF-8 safe

Both directions — works with multi-byte UTF-8 strings.

▸ Hash generator SHA-1 / 256 / 512

Computed via Web Crypto API. SHA-1 is for backward compatibility only; use SHA-256+ for new code.

SHA-1:

SHA-256:

SHA-512:

Backend tools

These tools run on our servers (dig, whois, openssl). Rate-limited to 30 requests/min per IP. No logs of what you query — only access logs for the rate limiter. Try them on your own domains or our AS204729.

▸ DNS lookup A / AAAA / MX / TXT / NS / SOA / CAA

Resolve a domain. Pick a specific record type or ANY for the bundle.

▸ Reverse DNS IP → PTR

What hostname claims a given IP? Works for v4 + v6.

▸ WHOIS domain / IP / ASN

Registration data for a domain, IP block or AS number. The bulk legalese is stripped so what remains is readable.

▸ ASN lookup IP → AS via Team Cymru

Which AS number announces this IP? Plus org name, prefix and country. Example: try an IP from our own .

▸ TLS certificate inspection subject / issuer / SAN / validity

Connects to host:port over TLS, dumps the certificate. Shows expiry + days-until-expiry. Requires a real listening TLS endpoint.

▸ HTTP header inspection security grade A+/A/B/C/D/F

Fetches headers via HEAD, scores presence of HSTS, CSP, X-Content-Type-Options, X-Frame-Options/frame-ancestors, Referrer-Policy and Permissions-Policy. Private IP ranges blocked (anti-SSRF).

▸ TCP port check open / closed + latency

Tests whether a TCP port is open. Private IP ranges blocked (anti-SSRF). 4-second timeout.

$ ./looking-glass --asn=204729

Specific to AS204729: see the Looking Glass

ASN and route context for our network, plus external verify links to RIPEstat, bgp.tools, BGPView and PeeringDB.

/lookingglass

Privacy: all operations happen in your browser via the Web Crypto API. We never see your input. No Google Analytics. No request logs. No cookies (except your session if you're logged in).
Missing a tool? Send a Signal.