I highly recommend setting up a VM with REMnux. REMnux® is a free Linux toolkit for assisting malware analysts with reverse-engineering malicious software. It comes preconfigured with a huge amount of tools which saves a ton of time.
Please note: Information and some examples used in this blog are either based off of or in some cases taken directly from each individual tool's respective GitHub page/site. I've included links to each tool mentioned. All credit goes to the authors of each respective tool. For more information on any of the tools, please refer to the links included.
This tool can be ran from the CLI, however, if I'm able to access the internet, I'll typically just open jsbeautifier.org in my browser and pop the code in there.
Figure 1: Pre JSBeautifier
Figure 2: Post JSBeautifier
JSDetox has the ability to reformat/beautify code much like JSBeautifier, as well as analyzing and precomputing static code. For example:
var x = 10 * 3 + 100 - 70 / 10;
var x = 123;
For me, this feature is a bit hit or miss. Sometimes JSDetox does an excellent job of deobfuscating/beautifying and other times it completely whiffs.
HTML DOM Emulation
JSDetox emulates parts of a browser, especially the document object. You can also import an HTML document that will be used for the emulation. Because of this, code such as:
document.getElementById("test").innerHTML = "Annyeong World!";
Figure 3: JSDetox
Figure 4: JSDetox Document.write() Call eumulated
Figure 5: JSDetox Code Executed
The data analysis part of JSDetox can parse strings such as these and extract the shellcode to be viewed as classic hexdump or disassembled code.
Many instances of shellcode contain data (in most cases a URL to download the real malware) that is "encrypted" with a small XOR loop - the analysis function scans for these and shows possible matches.
This is another feature of JSDetox that is pretty useful. It can save a good chunk of time when used under certain circumstances.
Overall, JSDetox is a fairly useful tool, especially for beginners. However, it has failed a few too many times for me and as such I've dropped it and never picked up back up again.
This is a great tool and I recommend giving it a shot. I've used it before, but I'm partial to Chrome and the Chrome Debugger. It's my favorite!
Chrome DevTools include a ton of features and I strongly encourage you to get familiar with the tools by both taking a look at the documentation at the link above, as well as messing around with it yourself!
These are just a handful of my favorite tools. Below are some additional tools available for you to try. If you're looking for some additional tools, a simple Google search will return a bunch more than I have listed. I recommend giving them all a shot and figuring out which are your favorites!