Toolz / Verify

Verify before you run

Every tool here lists a SHA-256 hash. Matching it proves the file you downloaded is exactly the one we published — not tampered with, not swapped, not corrupted. Takes ten seconds.

Windows — PowerShell (built in)

# from the folder you downloaded into
Get-FileHash .\tool.exe -Algorithm SHA256

Compare the Hash it prints to the SHA-256 on the tool's page. Case doesn't matter.

Windows — certutil

certutil -hashfile tool.exe SHA256

One-liner check against the .sha256 file

Each download offers a .sha256 sidecar. On any machine with sha256sum (Git Bash, WSL, Linux, macOS):

sha256sum -c tool.exe.sha256
# tool.exe: OK

What if it doesn't match?

Don't run it. A mismatch means the file changed in transit or isn't the one we shipped. Delete it, re-download, and check again. If it still won't match, tell us — that's worth knowing about.

Why bother, if it's not signed?

We don't yet pay for a code-signing certificate, so Windows SmartScreen may warn on first run — it does that for every unsigned app. The hash is the real integrity check: signing proves who made it; the hash proves what you got. Verify the hash and you know the bytes are ours. More on how we keep it clean →