Browser-based encoding, hashing, encryption, metadata inspection, token analysis, log redaction, and network utilities — all locally processed and privacy-first.
Learning area
These pages are grouped as a learning collection. More lecture notes, examples, and practical tools can be added without changing the page structure.
Available resources
AES, keys, passphrases, and steganography labs.
Hashes, HMACs, checksums, and fingerprints.
Metadata, images, logs, and redaction utilities.
DNS, CIDR, certificates, and web security helpers.
Guided Labs
These guided labs connect multiple browser tools into one classroom-friendly workflow so students learn how the outputs relate to real cybersecurity and digital forensics tasks.
Practise encoding, hashing, checksum comparison, file metadata inspection, file signatures, and image privacy using MuhammadLab browser-based tools.
Practise generating strong passwords, passphrases, secure random tokens, UUIDs, API keys, and TOTP secrets, then learn how to redact secrets from logs.
Inspect Content Security Policy rules, cookies, user-agent strings, and fake web logs to understand how browser security and session protection work.
Practise identifying sensitive log values, redacting secrets, extracting IOCs, inspecting fake tokens, and preparing safe-to-share incident notes.
Hide and extract a safe message from an image, inspect metadata, compare hashes, and learn why normal-looking files may still contain hidden information.
Metadata & Privacy Inspector
Use this local-first lab to teach students how metadata, file signatures, hashes, provenance signals, and text patterns contribute to authenticity review.
Inspect images, text, PDFs, DOCX files, and general uploads with local forensic checks for metadata, signatures, hashes, provenance, and AI-likelihood signals.
Available resources
This category combines current MuhammadLab pages that match the topic. More lecture guides and interactive tools can be added here as the lab grows.
Studio hubs
Launch the consolidated experiences before diving into individual tools.
Encrypt and decrypt text or files using modern cryptographic algorithms, generate secure keys, and compare classical encryption methods for educational purposes. All processing happens locally in your browser.
Hide, extract, and analyse hidden data in images while learning how least significant bit steganography works. Includes forensic image analysis, pixel inspection, entropy checks, and educational reports. All processing happens locally in your browser.
Tool group
Encode text or files to Base64 and decode Base64 strings back to text or binary.
Decode and inspect JWT tokens — view header, payload, expiration, and claims without a private key.
Percent-encode URLs for safe transmission or decode percent-encoded strings.
Encode any text to hexadecimal representation or decode hex back to readable text.
Generate cryptographically secure random bytes, hex strings, or Base64 tokens using Web Crypto API.
Extract IPs, URLs, domains, email addresses, and hashes from text or log data automatically.
Convert text to binary (1s and 0s) encoding or decode binary back to readable text.
Automatically redact IPs, emails, tokens, API keys, JWTs, and secrets from log files.
Encode special characters to HTML entities and decode HTML entities back to characters.
Generate HTTP Basic Authorization headers from username and password, or decode existing ones.
Extract IPs, URLs, and email addresses from large text blocks with deduplication support.
Encode characters to Unicode escape sequences (\uXXXX) or decode them back.
Tool group
Generate MD5, SHA-1, SHA-256, and SHA-512 cryptographic hashes from any text input.
Compute MD5, SHA-1, SHA-256, and SHA-512 checksums for any uploaded file without uploading to a server.
Generate HMAC signatures using SHA-1, SHA-256, or SHA-512 with a secret key.
Inspect PEM-encoded certificates, public keys, and CSRs — view type, subject, issuer, validity, and fingerprint.
Inspect PEM-encoded X.509 certificates: subject, issuer, validity dates, SANs, and fingerprint.
Inspect file name, size, MIME type, extension, timestamps, SHA-256, and detected signature for any uploaded file locally.
Compare two hash strings to verify file integrity or detect tampering.
Parse and inspect SSH public keys — view key type, bits, fingerprint, and algorithm details.
Tool group
Generate strong, random passwords with custom length, complexity, and character options. Includes strength meter.
Generate RFC-4122 UUID v4 identifiers — single or bulk generation with copy support.
Generate random API keys and tokens with custom length, alphabet, and prefix.
Generate memorable, strong passphrases from a word list with separator and capitalization options.
Generate Base32-encoded TOTP secrets and otpauth URIs compatible with authenticator apps like Google Authenticator.
Mask emails, phone numbers, credit cards, tokens, and other sensitive data patterns in text.
Tool group
Upload a JPEG image to view EXIF metadata including GPS location, camera info, and timestamps. Runs locally.
Remove all EXIF metadata from JPEG images before sharing. Download the cleaned image with no GPS or personal data.
Check whether an image exposes GPS coordinates, device details, timestamps, software tags, or other metadata before sharing.
Inspect common PDF document properties like title, author, creator, producer, and dates, then create a cleaner sharing copy locally.
Inspect a file's magic bytes to detect its real type — regardless of the extension.
Create and format A, AAAA, CNAME, MX, and TXT DNS records, then export a clean zone-style text file for teaching, labs, and infrastructure planning.
Tool group
Calculate IPv4 network address, broadcast address, usable host range, subnet mask, wildcard mask, and host counts from CIDR input.
Parse IPv4 and IPv6 CIDR notation to inspect network boundaries, address ranges, usable counts, and prefix behaviour for study or planning.
Parse user-agent strings to identify browser family, version, operating system, device class, rendering engine, CPU architecture, and likely bot labels.
Parse pasted Set-Cookie or Cookie header strings to inspect cookie names, values, attributes, and common security flags.
Parse and format Content Security Policy headers with directive grouping and unsafe value warnings.
Parse pasted Content Security Policy strings, group directives, and highlight risky values such as unsafe-inline, unsafe-eval, wildcard sources, and weak framing controls.
Tool group
Decode and inspect PEM-encoded Certificate Signing Requests to view subject details and public key info.
Tool group
Test regular expressions live with real-time match highlighting, capture groups, and flag options.
Paste YARA detection rules for syntax-friendly display with section highlighting and formatting.
Format and inspect Sigma detection rules with structured preview and validation-friendly display.