11 professional security tools in one native macOS app. Hash, encode, decode, analyze passwords, inspect certificates, compute subnets, and view hex dumps — all 100% offline with zero network connections.
Get Notified at LaunchEvery tool runs entirely on your device. No cloud processing, no API calls, no telemetry.
Compute MD5, SHA-1, SHA-256, and SHA-512 digests from text input or drag-and-drop files.
Convert between Base64, URL Encode, HTML Entities, Hexadecimal, Binary, and ASCII. Chain conversions with the swap button.
Decode header, payload, and signature from any JSON Web Token. Auto-detects expiration status.
Inspect PEM-encoded X.509 certificates. Extract subject, issuer, validity, algorithm, and expiration status.
Real-time entropy calculation, strength scoring, pattern detection, and crack time estimation. Zero data leaves the device.
Build and test regular expressions with flag toggles. See all matches with byte ranges and capture groups.
Side-by-side text comparison with color-coded output. Added, removed, changed, and unchanged lines.
Bulk generate v4 UUIDs (1 to 1,000). Options for uppercase, lowercase, with or without dashes.
Enter any IPv4 CIDR to compute subnet mask, network address, broadcast, usable hosts, IP class, and RFC 1918 detection.
Live clock with bidirectional epoch/date conversion. Auto-detects seconds vs milliseconds. Multiple timezone support.
Drag-and-drop file hex dump with color-coded bytes. Detects 16+ file signatures. Hex search with highlighting. Capped at 64KB.
macOS 14.0 (Sonoma) or later. Built with SwiftUI, CryptoKit, and CommonCrypto. App Sandbox enabled.
Zero network connections. No telemetry. No data leaves the device. File access is limited to user-selected drag-and-drop (read-only).
Kestrel Cipher joins Kestrel Sight and Kestrel Lite (iOS/iPadOS PCAP analysis) and Kestrel Talon (macOS PCAP analysis) as part of the Kestrel family. All apps share the same dark theme, offline-first philosophy, and zero-telemetry commitment.