Need Obfuscated Javascript samples

Viewing 7 reply threads
  • Author
    • #7920


      It’s been a long time since I last posted on EHNet. Some of you might remember me and some might not. To cut the long story short, I got selected in one of the best universities of my country for MS and currently pursuing research in IT Security.

      For one of my research projects I need obfuscated javascript samples: both malicious and harmless. I was thinking if I could get samples from any of the EHNet members or if any of you could direct me to some resource where I could get the samples.

      If you want to share samples, kindly message me on EHNet and I will provide you my email address.

      Note: Please do not ask for my email if you have only 1-2 posts here on EHNet. I will only provide the email to members I trust or members I can trust.


    • #50111
    • #50112

      Also, albeit simple, you could grab pretty much anyone’s javascript (non-evil) and run it through an obfuscation tool like:

      and present that as one of your samples…

    • #50113

      Thanks. I highly appreciate it,
      The thing is that I need not one or two but a few thousand samples found in the wild. Generating them individually would consume a lot of time. That’s why I was asking if someone already has a database maybe they could share it.

    • #50114

      Well, your post didn’t ask for a few thousand…   😛

      I’m not sure if there’s a definitive source of a few thousand examples, that anyone can point you to, offhand…   But if they can, I’d be interested to see that, too, if for not other reason than to study ‘other’ methods that I haven’t seen.

      Edit – looking for that many, might I assume your project is to try to create some sort of tool to spot them?

    • #50115

      If I’m wanting to quickly analyse some JS in the wild I usually turn to Wepawet. I’ve no affiliation with the service but it couldn’t hurt to get in touch with the team there to see if they’re willing/able to provide access to some of their samples?

      Alternatively, some of Wepawet’s reports can be accessed based on md5 hash of the content (I found this report via a quick google search for example). I’ve not read their Ts&Cs so use at your own risk, but a quick Google Dork of: intitle:report inurl:’type=js’

      is currently returning >15k results

      Unfortunately Wepawet’s report format only lists the de-obfuscated operations rather than the original source so may not be exactly relevant to your needs, but you could always use the listed report targets to grab any scripts that are still live yourself.

      Hope this helps, good luck with your project.

    • #50116

      Thanks. I will ask Wepawet if they are willing to share their samples.

      Alternatively, I am now trying to use heritrix web crawer to get the samples.

    • #50117

      Not sure if you can see recent submission on iseclab’s wepawet site. Here’s another one work a look, use the search feature to grab more recently checked URLs

      You might need to sift through some of the lower repped results to get some obsfucated javascript. And they may still be up.

      Congrats, enjoy your studies!

Viewing 7 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?