Back to Home

JavaScript Deobfuscator

Deobfuscate and analyze JavaScript code to identify hidden patterns (OWASP A03 - Injection, A08 - Integrity Failures)

Deobfuscation Configuration

Beautify & format code (always on) Decode strings (hex, unicode, base64) Evaluate string concatenations Simplify array lookups Rename obfuscated variables

Input Code

Obfuscated JavaScript

Paste your obfuscated JavaScript and click "Deobfuscate" to analyze.

Sample Obfuscated Code

Click any sample to load it into the input:

eval(function(p,a,c,k,e,d){...})

var msg="\x48\x65\x6c\x6c\x6f";

var _0x=['log','Hello'];console[_0x[0]](_0x[1]);

Analysis Metrics

Lines Before

Lines After

Strings Decoded

Variables Renamed

Security Warnings

No analysis yet. Deobfuscate code to see security warnings.

Deobfuscated Output

// Output will appear here after deobfuscation...

About This Tool

This JavaScript deobfuscator uses intermediate-level techniques to make obfuscated code more readable:

String Decoding: Converts hex, unicode, base64, and octal encoded strings to readable text
String Concatenation: Evaluates simple string concatenations and array joins
Array Unpacking: Resolves array-based obfuscation patterns
Variable Renaming: Replaces obfuscated identifiers with readable names
Security Analysis: Identifies potentially dangerous patterns like eval(), Function(), document.write()

Note: This tool never executes your code. All transformations are performed through static analysis.