Useful during analysis of malicious sites

Yesterday in my twitter stream i’ve seen this tweet by Florian Roth:


[embed]https://twitter.com/cyb3rops/status/902934898700320770[/embed]

During the analysis of a malicious site, one of the first step is the deobfuscation of the suspicious javascript.

There are a lot of tools (online or standalone) that can help the analyst during this step, but IlluminateJs from my point orf view is one of the most complete and accurate.

Consider it like JSDetox, but on steroids.

IlluminateJs core is a Babel compiler plugin and it works entirely in your browser, no server interaction is needed to perform deobfuscation.

Features

  • Extended constant propagation
  • Array mutators tracking
  • Mixed-type expressions evaluation
  • Support modern JavaScript (ES6)
  • Function calls evaluation
  • Built-in function evaluation
  • Loops evaluation
  • Procedure inlining

References

https://illuminatejs.com