Pinning Monster

About the Monster

Pinning Monster sniffs out SSL certificate public key hashes so you can implement certificate pinning in your apps.

Certificate pinning protects your app against man-in-the-middle attacks by ensuring it only trusts specific certificates — not just any certificate signed by a trusted CA.

How it works

1. Feed the Monster a domain (or paste a full URL — Monster will figure it out)
2. Monster makes a TLS connection and extracts the certificate chain
3. Monster computes SHA-256 hashes of each public key in the chain
4. Monster serves the hashes in your preferred format — plain text, JSON, XML, or ready-to-paste Android/iOS configs

Monster Pin Recipes

The Monster generates ready-to-use configurations for:

• Android — network-security-config.xml
• iOS — TrustKit plist configuration
• Plus plain, JSON, CSV, XML, and YAML for custom integrations

💡 Monster Tip: Always test your pins in a safe environment before unleashing them in production!