Tools for deobfuscating, decoding, or decrypting JavaScript

Tags

Here’s a list of tools and websites commonly used for deobfuscating, decoding, or decrypting JavaScript. These tools serve various purposes, including simplifying obfuscated code, reversing encoded strings, or analyzing minified JavaScript.

1. Beautification and Deobfuscation Tools

These tools help format and deobfuscate JavaScript.

  1. JSBeautifier
    Beautifies and reformats obfuscated JavaScript code for better readability.
  2. Prettier
    A modern code formatter for JavaScript and other languages.
  3. Unminify
    Simplifies minified JavaScript by expanding it to readable form.
  4. Online JavaScript Beautifier
    Provides options for beautification and indentation customization.
  5. Javascript Minifier
    Offers unminifying capabilities in addition to minification.

2. String Decoding Tools

These tools help decode Base64, hex, or other encoded strings within JavaScript.

  1. CyberChef
    A versatile tool for encoding, decoding, and deobfuscating strings.
  2. DecodeBase64
    Decodes Base64-encoded strings.
  3. Dencode
    Decodes and encodes strings in various formats like Base64 and URL encoding.
  4. Web Toolkit Online Decoder
    Features tools for Base64, URL, and HTML decoding.
  5. Hex Decoder
    Converts hex-encoded JavaScript to ASCII text.

3. Static Analysis Tools

Useful for reverse engineering and debugging.

  1. AST Explorer
    Analyzes and visualizes JavaScript’s Abstract Syntax Tree (AST).
  2. JStillery
    An open-source JavaScript deobfuscation tool for static analysis.
  3. JsNice
    Enhances code readability and renames variables to meaningful names.
  4. Esprima
    A JavaScript parsing library and online tool for AST generation.
  5. Octopus (Open Threat)
    A tool for analyzing JavaScript behavior and deobfuscation.

4. Dynamic Analysis Tools

These tools execute and analyze JavaScript in runtime.

  1. Chrome Developer Tools
    Debugs and deobfuscates JavaScript by stepping through execution.
  2. Firefox Developer Tools
    Similar to Chrome’s tools for dynamic JavaScript debugging.
  3. JSDebugger
    A cloud-based JavaScript debugging platform.
  4. Node.js Inspector
    Debugs server-side JavaScript with Node.js.
  5. Replay.io
    A browser debugging tool that records JavaScript execution for analysis.

5. Malware-Specific JavaScript Analysis Tools

These tools are tailored for malicious or suspicious JavaScript.

  1. Malzilla
    A tool for analyzing and decoding obfuscated malicious scripts.
  2. Any.run
    A dynamic sandbox for executing suspicious JavaScript.
  3. Hybrid Analysis
    Provides insights into JavaScript behavior and indicators of compromise (IoC).
  4. VirusTotal
    Detects malicious JavaScript using various antivirus engines.
  5. JS Detangler
    A tool to analyze and untangle suspicious JavaScript files.

6. Obfuscation-Specific Reversal Tools

Dedicated to undoing popular JavaScript obfuscation techniques.

  1. De4JS
    Decrypts common JavaScript obfuscation methods (e.g., eval, Array obfuscation).
  2. Unpacker for Packer
    Unpacks JavaScript obfuscated with Dean Edwards’ packer.
  3. Obfuscator.io Decoder
    Deobfuscates scripts generated with popular JavaScript obfuscators.
  4. JScrambler Analysis Tool
    Analyzes and helps reverse JScrambler-obfuscated JavaScript.
  5. Fox-Dec
    Decrypts obfuscated scripts found in malware.

Other Notes

  • Custom Scripts: Writing custom scripts using libraries like Acorn or UglifyJS can help with specific obfuscation cases.
  • Manual Debugging: Advanced users often rely on manual analysis combined with the above tools for the most challenging cases.
LinkedIn Reddit