Click HERE to learn more about classes Chris is teaching for SANS

De-Obfuscation Submissions

Published: 2009-06-30. Last Updated: 2009-06-30 16:01:18 UTC
by Chris Carboni (Version: 3)
1 comment(s)

Here are a list of sites that readers have submitted as being particularly useful for de-obfuscation.

Although it should go without saying, I'll say it anyway ... these tools may or may not have been tested.  Use them at your own risk.

From Pat:

The DNSStuff site provides some free tools one of which allows you to de-obfuscate URLs. The tools are can be found at http://www.dnsstuff.com/tools/tools/.

 From Andrewj (and several others):

There are many tools, but these are two of the easiest to use:

wepawet: http://wepawet.iseclab.org/

malzilla: http://sourceforge.net/project/showfiles.php?group_id=203466

 From Kevin:

I generally use:
http://www.yellowpipe.com/yis/tools/encrypter/index.php
http://scriptasylum.com/tutorials/encdec/encode-decode.html

 Jeffery adds:

http://www.johngaughan.net/toys/urldecode.php
http://www.greymagic.com/security/tools/decoder/
http://ln.hixie.ch/?start=1073090889&count=1

Richard offers:

This is a site I found recently that has come in handy for me:
http://www.crypo.com/

 Danny writes:

One of my own sites offers a set of tools for three simple deobfuscation types: base64, URL-encoding, and HTML entities. Entry page at: http://spamwars.com/tools.html

  

Christopher Carboni - Handler On Duty

Keywords: DeObfuscation
1 comment(s)
Click HERE to learn more about classes Chris is teaching for SANS

Comments

This tool is very nice, since it uses its own javascript engine and visits the page for you instead of decoding the javascript after you visit the page.

http://jsunpack.jeek.org/dec/go

famousjs

Jun 30th 2009
1 decade ago

Login here to join the discussion.


Top of page
Diary Archives