I built 6 free dev tools to skip the signup walls — here's what I learned

You know that moment when you just want to decode a JWT, but jwt.io wants you to log in to "save your tokens"? Or when you need a quick curl command and Postman's 200MB Electron app feels like overkill?

I had that moment too many times in 2025, so over the past year I built 6 small dev tools to replace the ones with signup walls, ads, and heavy apps. All free, all in the browser, no account needed. Here's what I built, why each one is different, and what I learned along the way.

1. JWT Decoder — privacy-first, no library

🔗 JWT Decoder

The problem: Most online JWT decoders ask you to paste your token into a remote server. For a secret token. With signature verification. That's how data leaks happen.

What I built:

• Decode, generate, verify in one page
• HS256 / HS512 using the Web Crypto API (zero external libraries)
• Tokens never leave your browser — all crypto runs locally
• Color-coded segments (header / payload / signature)
• exp / iat / nbf shown as relative time + ISO-8601

If you've ever pasted a production JWT into jwt.io and felt a small wave of regret, this one is for you.

2. SSH Config Generator — visual ~/.ssh/config

🔗 SSH Config Generator

The problem: Editing ~/.ssh/config for a bastion + 5 internal hosts is a special kind of pain. ProxyJump syntax is unforgiving.

What I built:

• Visual multi-host editor
• ProxyJump (bastion host) support
• Port forwarding (LocalForward, RemoteForward, DynamicForward)
• 4 presets: AWS EC2, DigitalOcean, Bastion+Internal, Dev+LocalForward
• Output: monospace preview + copy + download .txt + chmod 600 reminder

I made this after the third time I tunneled through the wrong host trying to reach a Kubernetes node.

3. iptables Generator — 50 real-world scenarios

🔗 iptables Generator

The problem: iptables documentation is dense, and getting 5 rules right under pressure is harder than it should be.

What I built:

• Rule builder for common patterns: SSH hardening, DDoS rate limiting, Docker bridge, Kubernetes node, NAT/port forwarding
• 50 ready-to-paste scenarios — pick one, edit IPs/ports, you're done
• Tested against the actual iptables syntax (no AI hallucination)
• Both iptables and iptables-save formats

A reasonable middle ground between "memorize the man page" and "ask AI and hope."

4. curl Command Builder — 4-language output

🔗 curl Command Builder

The problem: curl is great until you need to translate it to fetch/axios/Python requests for a teammate's stack.

What I built:

• GUI to build any curl command (headers, body, auth, file upload)
• 8 common options as toggles (-k, -v, -L, -i, -s, --compressed, -o, --max-time)
• Simultaneous output in 4 formats: curl, fetch (JS), axios, Python requests
• 6 presets: GET, POST JSON, Bearer Token, Form Data, File Download, Reset

The 4-language output is what I missed in every other curl builder I tried.

5. YAML / JSON Converter — with k8s and Helm presets

🔗 YAML/JSON Converter

The problem: Most YAML/JSON converters are one-way and stuck in 2018 UX.

What I built:

• Real-time bidirectional conversion
• Auto-detect input format (YAML or JSON)
• 5 presets: Kubernetes Service, docker-compose, Helm values, GitHub Actions, plain JSON
• Key sorting toggle
• 3-column grid on desktop, vertical on mobile

The Helm values preset alone has saved me an embarrassing number of helm install attempts.

6. HTTP Status Codes — 100+ codes with usage scenarios

🔗 HTTP Status Codes

The problem: Quick — what's the difference between 401, 403, and 451?

What I built:

• 100+ codes across 1xx, 2xx, 3xx, 4xx, 5xx
• Real-time search and category filter with color-coded borders
• POPULAR badge for the codes you actually see (200, 301, 401, 403, 404, 500, 503)
• "When to use" scenarios for each
• FAQ section with 6 common questions

It's a reference, not a calculator, but it's the reference I open three times a week.

---

What I learned building these

A few things that surprised me:

1. Privacy is a feature, not a sermon.
For tools that handle secrets (JWTs, SSH configs), running everything in-browser with no server is a concrete user benefit. People notice. They share the link to colleagues with "this one doesn't phone home."

2. Multi-language matters more than you think.
I shipped all 6 tools in 4 languages (English, Korean, Japanese, Chinese). Watching the analytics, ~30% of the traffic uses a non-English version. If the tool is for "the global dev community," shipping English-only is leaving 30% on the table.

3. Presets > options.
Every tool above has 4–6 presets at the top. They get used way more than the manual builder. A new user wants "give me AWS EC2 SSH config" not "let me fill in 17 fields." Defaults to a working starting point beats power-user flexibility for first-time use.

4. <details> is underused.
The HTTP Status Codes page uses 100+ <details> elements for the per-code explanations. They collapse by default, search works across all of them (because content is in the DOM), and the page weighs less than a single React component would.

5. Building in public is slow but cumulative.
None of these tools went viral on day one. But six months in, the steady search traffic from "free jwt decoder," "ssh config generator," "iptables rate limit example" adds up. The flywheel is real, just slower than every marketing post claims.

Try them, break them, tell me

All 6 are free, no signup, no telemetry beyond Google Analytics on the marketing pages:

• JWT Decoder
• SSH Config Generator
• iptables Generator
• curl Command Builder
• YAML/JSON Converter
• HTTP Status Codes

If something breaks or you wish a tool had a specific preset, the comments are the fastest place to reach me. I read everything.

Thanks for reading — and may your iptables rules always work on the first try.