Paste a mystery string and the tool tries to identify and decode it. It auto decodes the common encodings, brute forces Caesar, Atbash, and single byte XOR, takes a best effort run at Vigenere, and ranks every candidate plaintext by how much it looks like English. Built for CTF players and anyone learning how these schemes fall apart.
A captured string in a CTF rarely arrives labelled. It might be base64, it might be a Caesar shift, it might be a single byte XOR of an ASCII flag. The fast way to find out is to try every plausible decoding at once and let an English likeness score float the right one to the top. That is exactly what this tool does: it runs each method over your input, builds a candidate plaintext, and scores that candidate against ordinary English letter frequencies.
Before any cipher work, the tool checks whether the input is simply encoded rather than encrypted. It detects and decodes base64, base32, hex, binary in eight bit groups, decimal ASCII codes, Morse code, URL percent encoding, and the rotation tricks ROT13 and ROT47. These are reversible transforms with no key, so when one applies it usually produces clean readable text in a single step.
ROT-N by brute forceA Caesar cipher shifts every letter by a fixed amount, which means there are only twenty five non trivial shifts to try. The tool decodes all of them, scores each result with a chi squared test against English letter frequencies, and surfaces the best scoring shifts. Because the key space is tiny, the correct shift almost always lands at the top of the Caesar candidates.
Atbash is a fixed substitution that maps A to Z, B to Y, and so on, so it is a one shot decode with nothing to brute. Single byte XOR is the classic beginner crypto challenge: the same byte is exclusive ored against every byte of the message. With only two hundred fifty six possible keys, the tool tries them all, keeps the results that look like printable English, and shows the best along with the key it used.
Vigenere resists a single brute force because the shift changes with a repeating key. The tool estimates the key length using the index of coincidence, then treats each column of the ciphertext as its own Caesar cipher and picks the shift that scores best, assembling those into a likely key. This works well on longer ciphertext and can miss on short or unusual inputs, so the Vigenere row is labelled a best effort guess, not a guaranteed solve. Read the plaintext to confirm it.
A general substitution cipher has far too large a key space to crack from frequencies alone on short text, and pretending otherwise would be dishonest. Instead the tool gives you the raw material a human solver actually uses: a per letter frequency count and the most common bigrams in the text. You match the high frequency letters to the usual English suspects and work outward from there.
Each candidate carries the method that produced it, any key that was used, and a chi squared score where lower means closer to English. The most English looking result is pinned at the top and marked as the best guess. This is a heuristic and not a proof, so when the top row reads like nonsense, scan the next few, since the real answer often sits just below on tricky inputs. Classical ciphers are studied here to learn how they break, never to protect real data, which is the same hands on reasoning an AI security testing approach applies to live systems. For the wider vocabulary of attacks and defenses, see the web security glossary.