de4dot
de4dot de4dot is the comprehensive .NET deobfuscator that detects and cleans obfuscation from assemblies like ConfuserEx or Dotfuscator, restoring readable IL code for analysis. Run it via CLI on your DLL/EXE, selecting cleaners for strings and symbols to unravel packed payloads. Open-source from 0xd4d, it's the .NET neutralizer for reverse engineers stripping layers from protected binaries.
Explore →js-deobfuscator
js-deobfuscator js-deobfuscator is the AST-based cleaner for mangled JavaScript, reversing eval calls, string concatenations, and dead code to reveal original logic in obfuscated scripts. Parse your JS file through its Node.js engine, applying passes for variable renaming and flow simplification. Open-source from QQuick, it's the JS janitor for pentesters decluttering client-side exploits.
Explore →obfuscator-detector
obfuscator-detector obfuscator-detector is the JS entropy scanner that flags obfuscation by analyzing code complexity, string ratios, and control flow entropy for quick triage of suspicious scripts. Feed it minified code via CLI, getting scores and heuristics for manual deob. Open-source from 0xalpharush, it's the obfuscation oracle for web RE spotting tampered payloads.
Explore →flare-fakenet
flare-fakenet flare-fakenet is the network simulator with obfuscation checks for malware, capturing and analyzing dynamic behaviors to detect anti-analysis tricks like packer detection. Hook your binary through its Python framework, logging API calls for deobfuscation clues. Open-source from Mandiant, it's the behavior baiter for reverse engineers luring out hidden code.
Explore →uncompyle6
uncompyle6 uncompyle6 is the Python bytecode decompiler that reverses .pyc obfuscation to source, handling up to Python 3.9 with AST reconstruction for readable code recovery. Decompile your compiled module via CLI, fixing syntax for further edits or analysis. Open-source from rocky, it's the Python phoenix for analysts resurrecting obscured scripts from bytecode ashes.
Explore →pefile
pefile pefile is the PE parser with obfuscation detectors for Windows executables, extracting sections and imports to spot packing or encryption signatures in binaries. Script its Python lib to scan for anomalies like high entropy data, flagging potential obfuscators. Open-source from erocarrera, it's the PE peeler for reverse engineers stripping headers from protected EXEs.
Explore →detect-obfuscation
detect-obfuscation detect-obfuscation is the multi-lang checker for code entropy and complexity, scoring JS/Python/C for packing signs like high string ratios or flattened flows. Run its script on source files for threshold-based alerts, integrating into CI for vuln scans. Open-source from community, it's the obfuscation ophthalmologist for devs diagnosing code ailments statically.
Explore →binwalk
binwalk binwalk's entropy analyzer detects embedded obfuscated firmware or packed sections in binaries, carving out encrypted blobs for further deobfuscation workflows. Scan your image via CLI for signature matches, extracting with offsets for manual unpacking. Open-source from ReFirmLabs, it's the embedded excavator for reverse engineers mining hidden data in device dumps.
Explore →python-deobfuscator
python-deobfuscator python-deobfuscator is the AST transformer that unpacks Python scripts with exec/eval wrappers, restoring readable code from obfuscated .py files for analysis. Process your script through its lib, applying passes for constant folding and dead removal. Open-source from MatthewVanderbijl, it's the Python purifier for pentesters cleaning up mangled malware loaders.
Explore →obfuscation-checker