CyberChef
GCHQ open-sourced its "Cyber Swiss Army Knife", and CyberChef became the web app security
analysts, incident responders, and CTF players reach for when data needs decoding, decrypting,
or dissecting. Its interface is four panes: paste or drag input (files up to 2GB), search a
categorized library of hundreds of operations, drag them into a recipe with arguments, and
read the output. Operations span Base64, hex, and XOR encoding; AES, DES, and Blowfish
encryption; classical ciphers from Caesar to Railfence; hashes and checksums; compression;
regex and string extraction of IPs, domains, and URLs; timestamp conversion; and parsers for
IPv6, X.509 certificates, and more. Recipes chain arbitrarily - convert from a hexdump then
decompress, decrypt AES pulling the IV from the cipher stream, or let the Magic operation
auto-detect several layers of nested encoding. Auto Bake re-runs the recipe live as input or
arguments change, Step executes one operation at a time for debugging, and flow control
(forks, subsections, registers) applies different operations to different parts of the data.
Recipes save to files or share as URLs encoding the full pipeline. Crucially, CyberChef is
entirely client-side JavaScript - nothing uploads anywhere - and self-hosting guarantees an
unmodified copy inside your own network, where malware artifacts belong.
Deploy