CyberChef

CyberChef is a web-based data transformation and analysis tool that lets you build repeatable workflows (“recipes”) to decode, encode, decrypt/encrypt, parse, and extract information from many data formats. It’s widely used in security operations, incident response, and engineering to quickly triage unknown data and automate common transformations.

Key Features

• Drag-and-drop recipe builder with hundreds of operations (e.g., encoding/decoding, cryptography, compression, parsing, data carving)
• Runs fully in the browser for many operations, with optional server deployment for centralized access
• Supports a wide range of formats and inputs (text, files, binary/hex, Base64, JWT, timestamps, URLs, certificates, etc.)
• Recipe export/import and sharable workflows for repeatable investigations and team collaboration
• Built-in search/filtering of operations and step-by-step inspection of intermediate outputs
• Extensible operation set (custom operations possible via code contributions)

Use Cases

• SOC/DFIR triage: quickly decode suspicious strings, beacons, scripts, or artifacts
• Malware/forensics analysis: unpack/transform data (e.g., Base64/hex/gzip/XOR) and extract indicators
• Engineering/IT tasks: convert formats, generate hashes, parse logs, and validate encodings

CyberChef provides a practical “one tool” workspace for data transformations, reducing the need to stitch together many small utilities. Its recipe approach makes investigations more consistent and easier to reproduce and share.