https://github.com/ndr-repo/awesome-encoding-escaping

A repository for tools and documentation for learning string encoding & unicode escaping.
https://github.com/ndr-repo/awesome-encoding-escaping

List: awesome-encoding-escaping

awesome-list cybersecurity encoding ethical-hacking javascript obfuscation pentesting php waf-bypass xss

Last synced: 3 months ago
JSON representation

A repository for tools and documentation for learning string encoding & unicode escaping.

• Host: GitHub
• URL: https://github.com/ndr-repo/awesome-encoding-escaping
• Owner: ndr-repo
• License: mit
• Created: 2025-03-10T22:50:42.000Z (3 months ago)
• Default Branch: main
• Last Pushed: 2025-03-10T23:04:37.000Z (3 months ago)
• Last Synced: 2025-03-10T23:32:11.350Z (3 months ago)
• Topics: awesome-list, cybersecurity, encoding, ethical-hacking, javascript, obfuscation, pentesting, php, waf-bypass, xss
• Homepage:
• Size: 0 Bytes
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# awesome-encoding-escaping

A repository for tools and documentation for learning string encoding & unicode escaping. An effective obfuscation method for writing offensive security testing payloads for web applications. 

Commonly used languages are JavaScript, HTML, & PHP for WAF bypass. However, encoding can also assist your efforts as a red team operator when attempting to bypass file upload restrictions.

[CyberChef](https://gchq.github.io/CyberChef/) - A versatile web application used to obfuscate or deobfuscate strings. Can be ran offline and used for other scenarios as well. Includes various code beautifiers, decoders, and unescaping tools.

[Dencode](https://dencode.com/en/string) - An online string encoder/decoder. Quickly visualize various methods of encoding and unicode escaping inside the tool for a high-level overview.

[Dencode - Unicode Escape](https://dencode.com/en/string/unicode-escape) - An online unicode escaping tool, quickly visualize escaped payloads for character memorization or use.

[W3Schools - HTML URL Encoding Reference](https://www.w3schools.com/tags/ref_urlencode.ASP) - A reference for standard HTML URL encoding and their cooresponding ASCII character values.

[HTML URL Encoding - GeeksforGeeks](https://www.geeksforgeeks.org/html-url-encoding/) - An alternate reference for HRML URL encoding

[Gooogle Admin Toolbox - Encode/Decode](https://toolbox.googleapps.com/apps/encode_decode/) - Offers encoding and decoding for SAML, as well as a few code beautifiers. 

[OWASP XSS Filter Evasion Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html) - Contains working examples of encoded and escaped JavaScript payloads.

[Portswigger XSS Cheat Sheet](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet) - Not directly encoding related, often need a bit of encoding or escaping for production use in the modern-day.