JavaScript deobfuscation and simplification tool using LLMs and AST transformations
JSimplifier is a powerful tool that uses large language models (LLMs) and advanced AST transformations to deobfuscate, unminify, and simplify JavaScript code.
This tool is based on the research paper:
"From Obfuscated to Obvious: A Comprehensive JavaScript Deobfuscation Tool for Security Analysis"
Dongchao Zhou, Lingyun Ying, Huajun Chai, Dongbin Wang
Network and Distributed System Security (NDSS) Symposium 2026
- 📖 Paper DOI: 10.14722/ndss.2026.242198
- 🔬 Artifact: Zenodo DOI 10.5281/zenodo.17531662
- Comprehensive Coverage: Handles all 20 categorized JavaScript obfuscation techniques
- Multi-Stage Pipeline: Combines preprocessing, AST-based static analysis, dynamic execution tracing, and LLM-enhanced identifier renaming
- High Performance:
- 100% processing capability across all obfuscation techniques
- 88.2% code complexity reduction
- Over 4-fold readability improvement validated by multiple LLMs
- Large-Scale Dataset: Evaluated on 44,421 real-world samples (23,212 malicious + 21,209 benign)
If you use JSimplifier in your research, please cite:
@inproceedings{xxx,
title={From Obfuscated to Obvious: A Comprehensive JavaScript Deobfuscation Tool for Security Analysis},
author={Zhou, Dongchao and Ying, Lingyun and Chai, Huajun and Wang, Dongbin},
booktitle={Network and Distributed System Security (NDSS) Symposium},
year={2026},
doi={10.14722/ndss.2026.242198}
}- Node.js >= 20
- Python 3.11 (for evaluation experiments)
# Clone or download the project
cd jsimplifier
# Install dependencies
npm install
pip install -r requirements.txt# AST-only transformations (no AI)
npm start deobfuscate -- --model=none input-file.js
# Using OpenAI GPT model
npm start deobfuscate -- --model=gpt-4o-mini --apiKey="sk-..." input-file.js
# Using Google Gemini model
npm start deobfuscate -- --model=gemini-1.5-flash --apiKey="..." input-file.jsNote: All commands should be run using npm start deobfuscate with double dashes (--) before command arguments.
--model <model>: Select AI model- OpenAI:
gpt-4o-mini,gpt-4o,gpt-4-turbo,gpt-3.5-turbo, ... - Gemini:
gemini-1.5-flash,gemini-1.5-pro,gemini-1.0-pro, ... none: AST transformations only, no AI (default)
- OpenAI:
--apiKey <apiKey>: API key (OpenAI or Gemini)--baseURL <baseURL>: OpenAI API server address--outputDir <output>: Output directory (default: output)--batch: Batch process all JavaScript files in a directory--verbose: Show verbose output
Output files will be saved to {outputDir}/deobfuscated_{filename}/deobfuscated.js
JSimplifier provides a web-based user interface for easy deobfuscation:
npm run build
# Start the web server
node web-server.jsThe web server will start on http://localhost:3000 (or the port specified by PORT environment variable).
Features:
- JavaScript file deobfuscation through web UI
- Batch processing (ZIP files)
- Multiple AI model support (OpenAI GPT, Google Gemini)
- Deobfuscation without AI
- File upload and download
- Direct code input support
OPENAI_API_KEY: Your OpenAI API keyGEMINI_API_KEY: Your Google Gemini API keyBASE_URL: Custom OpenAI API base URLPORT: Web server port (default: 3000)
see LICENSE file for details.