All Tools

Hash Generator

Generate MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes from text. Runs entirely in your browser.

Read remediation guide

Output format

Switch between lowercase hex, uppercase hex, or Base64. All digests below update instantly.

Privacy: digests are computed locally in your browser. The input is never transmitted, logged, or stored.

Privacy and how this works

  • Runs entirely in your browser. Digests are computed locally with JavaScript and the Web Crypto API. Your input is never sent to, logged by, or stored on Vulnify servers.
  • UTF-8 text matters. Spaces, newlines, and capitalization all change the result. For example, "test" and "Test" produce different digests.
  • Not for password storage. These are plain one-way hashes. Production systems should use salted, slow key-derivation functions such as bcrypt, scrypt, or Argon2.

What This Tool Checks

  • MD5, SHA-1, SHA-256, SHA-384, and SHA-512 digests in one pass
  • Copy-ready hex or Base64 output
  • Algorithm safety status for each digest

Why It Matters

Hashes verify file integrity, pin dependencies, and power comparisons in security tooling. Knowing which algorithms are still collision-safe (SHA-256 and up) versus legacy-only (MD5, SHA-1) prevents misuse in new systems.

Best For

Best for developers and analysts generating checksums, comparing values during investigations, or producing test vectors without sending data to a third-party service.

What To Do Next

Use SHA-256 or stronger for any new integrity or signing work, and treat MD5 and SHA-1 output strictly as legacy compatibility values.

Related Resources

Read The GuideRun Hash VerifierSee Plans

Is my input sent to a server?

No. Digests are computed locally in your browser using the Web Crypto API and a local MD5 implementation. Nothing is transmitted, logged, or stored, and the page works offline once loaded.

Which algorithm should I use?

Use SHA-256 or stronger for any new integrity, signing, or verification work. MD5 and SHA-1 are included only for compatibility with legacy systems that still publish those checksums; both have practical collision attacks.

Can a hash be reversed back to the original text?

No. Hashes are one-way functions; there is no decryption. Short or common inputs can sometimes be recovered through precomputed tables, which is why password storage requires salted, slow KDFs like bcrypt or Argon2 rather than plain digests.