Turn advisory text, indicators, and noisy strings into clean values.
Tools
Practical utilities for CVE analysis, triage, and blue-team workflow.
These tools are additive to the portal, not a separate product. Use them to score, parse, extract, and normalize the data you already investigate in Vuln Signal.
Score severity, parse product identifiers, and check affected ranges.
Convert validated signal into KQL, Splunk, Sigma, or YARA starters.
Decode, format, diff, hash, and normalize investigation artifacts locally.
Review domains, certificates, mail-auth posture, and network ranges.
Current Tools
Start with the tool you need right now
Each tool now has its own page so it can grow without turning the Tools section into one giant utility dump.
1
Advisory to hunt
IOC Extractor -> Normalizer -> Hunt Helper -> Sigma Helper.
2
Patch triage
CVSS -> CPE Parser -> Exposure Checker -> Evidence paths.
3
Detection draft
Log or IOC input -> Sigma/YARA -> Detection Readiness.
4
Phishing review
Email Headers -> Mail Auth -> IOC -> Identity context.
26 tools available
Patch Team
Score and validate before assigning work
Use Score & Validate first, then Inspect Artifacts for diffs, timestamps, and supporting evidence.
SOC / Hunter
Move from signal into searches and rules
Use Extract & Normalize, then Draft Detection. Keep source context and tuning caveats attached.
Infra / Email
Check domains, mail, certs, and identity clues
Use Infrastructure and Email & Identity when the question is ownership, routing, token context, or mail posture.
Sample-Ready Workflows
Try tools without hunting for pasteable input first
CVSS Calculator
Score base severity from CVSS v3.1 inputs and validate vendor or NVD-style vectors quickly.
IOC Extractor
Extract IPs, domains, emails, URLs, hashes, and CVE IDs from advisories or investigation notes.
IOC Normalizer
Normalize, deduplicate, and classify IOC lists before exporting to tickets, detections, or hunts.
Defang / Refang
Safely share indicators by defanging domains, URLs, emails, and IP-like values, or refang them for searching.
MITRE ATT&CK Lookup
Search common ATT&CK techniques, platforms, and quick detection notes without leaving the portal.
CPE Parser
Turn raw CPE strings into readable vendor, product, version, and platform fields.
Exposure Checker
Compare installed versions against affected and fixed ranges to support quick patch-triage decisions.
Timestamp Converter
Convert Unix, Unix-ms, ISO, and human-readable time strings into a normalized view.
JSON Formatter
Validate and pretty-print JSON payloads during triage, API review, or feed inspection.
JWT Decoder
Decode JWT header and payload claims locally without sending the token anywhere.
Email Header Analyzer
Parse sender paths, received hops, and SPF/DKIM/DMARC style results for phishing review.
SPF / DKIM / DMARC Checker
Look up mail-auth TXT records for a domain and inspect the returned policy values quickly.
Base64 Encode / Decode
Quickly convert strings between raw text and Base64 during investigations and payload review.
Hash Generator
Generate SHA-1, SHA-256, and SHA-512 digests or validate whether a pasted value looks like a known hash.
Regex Tester
Test expressions against sample text and see the matched values without leaving the portal.
Password Strength Checker
Estimate password strength locally using length, variety, and common weakness patterns.
YAML / JSON Converter
Convert basic YAML-like key/value structures into JSON and JSON objects into readable YAML-style output.
Diff Viewer
Compare two blocks of text line by line when you need to review config drift or advisory changes.
Subnet Calculator
Calculate mask, usable range, broadcast, and host count from an IPv4 CIDR.
CIDR / IP Range Calculator
Check whether an IP belongs to a CIDR block or whether two ranges overlap.
TLS / Certificate Decoder
Inspect PEM certificates, compute fingerprints, and extract issuer, subject, validity, and SAN details.
DNS / WHOIS / ASN Lookup
Resolve A, MX, and TXT answers alongside RDAP ownership and registration context.
Log Parser / Prettifier
Normalize JSON, key-value, and Apache-style logs into structured output during triage.
Sigma Helper
Generate a starter Sigma rule from suspicious strings or indicators when you need a quick detection draft.
Hunt Query Helper
Generate starter KQL and Splunk hunt queries from pasted IOCs so you can move from intel to search quickly.
YARA Helper
Generate a starter YARA rule from suspicious strings, paths, or domains for quick artifact-matching drafts.
No matching tools
Try a broader search term or switch back to `All`.