Base64/XOR Decoder
Decode suspicious strings and lightweight obfuscation layers locally in your browser.
Paste suspicious strings, script fragments or encoded payload snippets to decode them in the browser and collect triage indicators quickly.
How it works: the tool detects likely encodings, performs pragmatic decoding steps, and scans decoded text for IOC patterns and suspicious keywords.
Use cases: malware triage, suspicious PowerShell review, quick deobfuscation of scripts from alerts and incident artifacts.
Input
Optional: upload a local text file
Drop text file here or click to browse
Accepted: .txt,.log,.json,.ps1,.js,.vbs
No content yet
Paste suspicious text or upload a local file to start decoding.
Frequently Asked Questions
Are files uploaded to a server?
No. All parsing and analysis runs entirely in your browser. No files are uploaded to any external server.
What file formats does this tool accept?
Typical supported formats: .txt, .log, .json, .ps1, .js. If your format is not listed, try exporting or providing a compatible file.
Can I analyze large files?
Large files may be slow or memory-intensive in the browser. For very large datasets consider using a local specialist tool.
Which encodings can this tool detect?
The tool detects Base64, Base64 URL-safe, hex, URL-encoded and unicode escape patterns. It also attempts lightweight XOR single-byte candidate detection.
Does the decoded content leave my browser?
No. Decoding and analysis happen locally in your browser. The input and output are not sent to remote services.
Can it detect suspicious PowerShell commands?
Yes. The decoded output is scanned for suspicious command patterns like powershell -enc, rundll32, regsvr32, mshta and related execution strings.