CyberChef
online Freegchq.github.io
🇬🇧 United Kingdom
Quick Facts
What it does
Browser-based tool for analyzing and decoding data using a drag-and-drop recipe system. Supports hundreds of operations including Base64, XOR, compression, hashing, encryption, and parsing. Features Magic mode for automatic detection of encoded data, file upload support (up to 2GB), and shareable recipe links. All processing happens client-side—your data never leaves your browser. Developed by GCHQ and released under Apache License 2.0.
When to use it
- Decoding multi-layer obfuscated malware
- Converting between data formats (hex
- base64
- timestamps)
- Hash generation and verification
- Certificate and JWT parsing
- Building repeatable decode workflows
When not to use it
- Real-time traffic interception
- Automated scanning
- Large-scale batch processing
Limitations
- Browser memory limits for very large files
- No server-side processing (feature
- not bug)
- Some operations CPU-intensive in browser
Frequently Asked Questions
Is CyberChef free to use?
What is the file size limit for CyberChef?
What platforms does CyberChef support?
Does CyberChef require an account?
Is CyberChef open source?
What are the limitations of CyberChef?
What does CyberChef do?
Related Tools
Professional IonCube decoder supporting versions 10 through 15 with PHP 7.1 to 8.4. Upload encrypted PHP files and get readable source code back.
A curated directory and browser-based toolkit for security researchers. GhostKit combines 14+ client-side tools — JS deobfuscation, encoding/decoding, URL analysis, email header parsing, hash generation, JWT/SAML decoding, and more — with a comprehensive directory of external security tools.
Browser-based JavaScript deobfuscator supporting 15+ formats including JSFuck, obfuscator.io, and packed code.
Free malware sandbox powered by CrowdStrike Falcon. Upload files up to 250MB for behavioral analysis and threat detection.