zjsdecode

Decode Zlib-compressed JavaScript

$ zjsdecode [encoded.js] [output.js]

$ cat [encoded.js] | zjsdecode > [output.js]

$ zjsdecode [encoded.js] | js-beautify

zjsdecode [inputfile] [outputfile]

zjsdecode decodes JavaScript files that have been compressed using zlib encoding, commonly found in PDF files. Some malicious PDFs embed JavaScript that is zlib-compressed to evade analysis.
The tool is useful for malware analysis, PDF forensics, and extracting embedded scripts from documents. It reverses the FlateDecode compression used in PDF streams.
zjsdecode is part of several PDF analysis toolkits and is commonly used alongside other PDF examination utilities.

inputfile_

Compressed JavaScript file to decode

Output file for decoded JavaScript

This is a specialized tool for PDF analysis. It won't decode JavaScript obfuscated with other methods (like eval(), string encoding, or minification).
Decoded JavaScript may still be obfuscated and require further analysis or deobfuscation.
Use caution when analyzing potentially malicious scripts. Run in isolated environments.

pdf-parser(1), pdfid(1), js-beautify(1), zlib-flate(1)