obfuscation-detector

Obfuscation Detector

Detect different types of JS obfuscation by their AST structure.

Installation

npm install obfuscation-detector

Usage

Module

import fs from 'node:fs';
import detectObfuscation from 'obfuscation-detector';

const code = fs.readFileSync('obfuscated.js', 'utf-8');
const most_likely_obfuscation_type = detectObfuscation(code);
// const all_matching_obfuscation_types = detectObfuscation(code, false);
console.log(`Obfuscation type is probably ${most_likely_obfuscation_type}`);

CLI

obfuscation-detector /path/to/obfuscated.js [stopAfterFirst]

Getting all matching obfuscation types for a file:

$ obfuscation-detector /path/to/obfuscated.js
[+] function_to_array_replacements, augmented_proxied_array_function_replacements

Getting just the first match:

$ obfuscation-detector /path/to/obfuscated.js stop
[+] function_to_array_replacements

The stopAfterFirst arguments doesn't have to be any specific string, it just needs not to be empty.

Supported Obfuscation Types

You can find descriptions of the different types in the code itself, and more info here.

• Array Replacements
• Augmented Array Replacements
• Array Function Replacements
• Augmented Array Function Replacements
• Function To Array Replacements
• Obfuscator.io
• Caesar Plus

Contribution

To contribute to this project see our contribution guide