Mlab.sh Mlab.sh
v1.9.2
Platform
Free Tools Blog Glossary Ecosystem Pricing Developer API MCP Integration Academy
Cheat Sheets
Regex HTTP Status Codes Network Ports ASCII Table CIDR / Subnets MIME Types HTML Entities
Learn
MD5 vs SHA-256 YARA vs Sigma SIEM vs SOAR Base64 vs Hex
Support
Help Center Partners
Terms · Privacy · Sales
tprm.mlab.sh
Third-party risk management
Pricing · Docs · Changelog
policy.mlab.sh SOON
Security policy management
pra.mlab.sh SOON
Business continuity & recovery
aware.mlab.sh SOON
Phishing simulation & awareness
ir.mlab.sh
Self-hosted incident response
Pricing · Docs · Changelog
siem.mlab.sh SOON
Log correlation & alerting
intel.mlab.sh SOON
Threat intel feeds & IOC enrichment
hunt.mlab.sh SOON
Threat hunting with Sigma & YARA
vuln.mlab.sh
Attack surface & CVE tracking
sandbox.mlab.sh SOON
Malware analysis & sandboxing
watch.mlab.sh SOON
Dark web monitoring
Deception & Endpoint
honey.mlab.sh SOON
Honeypots & canary tokens
edr.mlab.sh SOON
Endpoint detection & response
Sign up
Navigation
Terms Privacy Contact
Tools  /  JS Deobfuscator

JS & URL Deobfuscator

Client-side JavaScript and URL deobfuscation tool. Supports Base64, hex, Unicode, eval unwrapping, ROT13, defanged IOCs and more. No code is executed — static analysis only. Nothing leaves your browser.

Deobfuscation steps
Input
0 chars

Paste obfuscated JavaScript, encoded URLs, or defanged IOCs. You can also drag & drop a .js or .txt file.

Result

Each transformation step is shown below. Steps that produce no change are hidden.

How to use the JS Deobfuscator
1
Paste your code

Paste obfuscated JavaScript, an encoded URL, or a defanged IOC into the input field. You can also drag & drop a file.

2
Configure steps

Toggle which deobfuscation techniques to apply. All steps are enabled by default.

3
Deobfuscate

Click the button. Each transformation is applied in sequence, showing intermediate results.

4
Copy results

Copy individual step outputs or the entire result. Export to a .txt file for your records.

Supported deobfuscation techniques
Encoding & Escaping
  • Base64 decoding (single & multi-layer)
  • Hex string escapes (\x41)
  • Unicode escapes (\u0041)
  • Octal escapes (\101)
  • HTML entity decoding
  • URL percent-encoding
  • unescape() function calls
JavaScript Patterns
  • String.fromCharCode() calls
  • String concatenation ("a"+"b")
  • eval() / Function() wrapper stripping
  • Nested eval unwrapping
  • document.write / writeln removal
  • JSFuck-style code detection
  • ROT13 cipher decoding
IOC & URL Handling
  • hxxps:// and hXXps:// reversal
  • [.] (.) {.} dot restoration
  • [://] protocol restoration
  • [at] and [@] email restoration
  • meow:// protocol restoration
  • Hex-encoded URL paths
  • Punycode detection

Frequently Asked Questions

JavaScript obfuscation is the process of transforming readable JS code into a difficult-to-understand form while preserving its functionality. Attackers use it to hide malicious payloads in phishing kits, exploit kits, and web shells. Common techniques include Base64 encoding, hex/unicode escapes, eval() wrappers, String.fromCharCode(), and string concatenation.

Yes, this tool is completely safe. It runs 100% in your browser — no data is sent to any server. It performs static text transformations only and never executes the JavaScript being analyzed. Your data stays on your machine at all times.

Absolutely. This tool is designed for SOC analysts, threat researchers, and DFIR professionals to safely deobfuscate malicious JavaScript found in phishing kits, exploit kits, web shells, and malicious Office documents. Since it only performs static analysis, the malicious code is never executed on your system.

URL defanging is a cybersecurity practice that makes URLs non-clickable by replacing characters — for example, https becomes hxxps and dots become [.]. This prevents accidental navigation to malicious sites when sharing IOCs in reports, emails, or chat. This tool reverses defanging so you can analyze the original URLs safely.

Mlab is a full IOC & File Intelligence Platform. Beyond this deobfuscator, you can scan IPs, domains, and file hashes, use the MITRE ATT&CK mapping tool, scan websites for vulnerabilities with RedKit, parse suspicious emails with the EML Parser, and build detection rules with the YARA and Sigma rule builders. Create a free account to get started.