Detect different types of JS obfuscation by their AST structure.
npm install obfuscation-detector
const fs = require('fs');
const detectObfuscation = require('obfuscation-detector');
const code = fs.readFileSync('obfuscated.js', 'utf-8');
// const all_matching_obfuscation_types = detectObfuscation(code, false);
const most_likely_obfuscation_type = detectObfuscation(code);
console.log(`Obfuscation type is probably ${most_likely_obfuscation_type}`);
obfuscation-detector /path/to/obfuscated.js [stopAfterFirst]
Getting all matching obfuscation types for a file:
$ obfuscation-detector /path/to/obfuscated.js
[+] function_to_array_replacements, augmented_proxied_array_function_replacements
Getting just the first match:
$ obfuscation-detector /path/to/obfuscated.js stop
[+] function_to_array_replacements
The stopAfterFirst
arguments doesn't have to be any specific string, it just needs not to be empty.
You can find descriptions of the different types in the code itself, and more info here.
- Array Replacements
- Augmented Array Replacements
- Array Function Replacements
- Augmented Array Function Replacements
- Function To Array Replacements
- Obfuscator.io
- Caesar Plus
To contribute to this project see our contribution guide