Encoding/Decoding Tools
Encoding/Decoding Tools
Various encoding and decoding utilities commonly used in penetration testing and security assessments.
Base64 Encoding/Decoding
Encode to Base64
# String to Base64
echo -n "TARGET_STRING" | base64
# File to Base64
base64 -i input.txt
# Base64 with line wrapping
echo -n "TARGET_STRING" | base64 -w 0
Decode from Base64
# Base64 to String
echo "BASE64_STRING" | base64 -d
# Base64 file to output
base64 -d -i encoded.txt -o decoded.txt
# Base64 to stdout
echo "BASE64_STRING" | base64 -d
URL Encoding/Decoding
URL Encode
# Using Python
python3 -c "import urllib.parse; print(urllib.parse.quote('TARGET_STRING'))"
# Using Node.js
node -e "console.log(encodeURIComponent('TARGET_STRING'))"
# Using xxd (hex encoding)
echo -n "TARGET_STRING" | xxd -p | sed 's/../%&/g'
URL Decode
# Using Python
python3 -c "import urllib.parse; print(urllib.parse.unquote('ENCODED_STRING'))"
# Using Node.js
node -e "console.log(decodeURIComponent('ENCODED_STRING'))"
Hex Encoding/Decoding
String to Hex
# Using xxd
echo -n "TARGET_STRING" | xxd -p
# Using od
echo -n "TARGET_STRING" | od -A n -t x1
# Using hexdump
echo -n "TARGET_STRING" | hexdump -C
Hex to String
# Using xxd
echo "HEX_STRING" | xxd -r -p
# Using printf
printf "\\x48\\x65\\x6c\\x6c\\x6f"
ROT13 Encoding
ROT13 Encode/Decode
# Using tr
echo "TARGET_STRING" | tr 'A-Za-z' 'N-ZA-Mn-za-m'
# Using Python
python3 -c "import codecs; print(codecs.encode('TARGET_STRING', 'rot13'))"
Caesar Cipher
Caesar Cipher (Shift 13)
# Using tr with custom shift
echo "TARGET_STRING" | tr 'A-Za-z' 'N-ZA-Mn-za-m'
# Python implementation
python3 -c "
def caesar_cipher(text, shift):
result = ''
for char in text:
if char.isalpha():
ascii_offset = 65 if char.isupper() else 97
result += chr((ord(char) - ascii_offset + shift) % 26 + ascii_offset)
else:
result += char
return result
print(caesar_cipher('TARGET_STRING', 13))
"
Binary Encoding
String to Binary
# Using xxd
echo -n "TARGET_STRING" | xxd -b
# Using Python
python3 -c "
text = 'TARGET_STRING'
binary = ' '.join(format(ord(char), '08b') for char in text)
print(binary)
"
Binary to String
# Using Python
python3 -c "
binary = '01001000 01100101 01101100 01101100 01101111'
text = ''.join(chr(int(b, 2)) for b in binary.split())
print(text)
"
HTML Entity Encoding
HTML Encode
# Using Python
python3 -c "
import html
print(html.escape('TARGET_STRING'))
"
HTML Decode
# Using Python
python3 -c "
import html
print(html.unescape('<script>alert(1)</script>'))
"
Unicode Encoding
String to Unicode
# Using Python
python3 -c "
text = 'TARGET_STRING'
unicode_str = ''.join(f'\\u{ord(char):04x}' for char in text)
print(unicode_str)
"
Unicode to String
# Using Python
python3 -c "
unicode_str = '\\u0048\\u0065\\u006c\\u006c\\u006f'
print(unicode_str.encode().decode('unicode_escape'))
"
Advanced Encoding Techniques
Double URL Encoding
# First encoding
python3 -c "import urllib.parse; print(urllib.parse.quote('TARGET_STRING'))" | python3 -c "import urllib.parse; print(urllib.parse.quote(input()))"
Base64 + URL Encoding
# Base64 then URL encode
echo -n "TARGET_STRING" | base64 | python3 -c "import urllib.parse; print(urllib.parse.quote(input()))"
Hex + URL Encoding
# Hex then URL encode
echo -n "TARGET_STRING" | xxd -p | python3 -c "import urllib.parse; print(urllib.parse.quote(input()))"
One-liner Commands
Quick Base64 Encode
echo -n "TARGET_STRING" | base64 | tr -d '\n'
Quick URL Encode
python3 -c "import urllib.parse; print(urllib.parse.quote('TARGET_STRING'))"
Quick Hex Encode
echo -n "TARGET_STRING" | xxd -p | tr -d '\n'
Quick ROT13
echo "TARGET_STRING" | tr 'A-Za-z' 'N-ZA-Mn-za-m'
File Operations
Encode File to Base64
base64 -i input.txt -o encoded.txt
Decode Base64 File
base64 -d -i encoded.txt -o decoded.txt
Encode Multiple Files
for file in *.txt; do
base64 -i "$file" -o "${file%.txt}.b64"
done
Online Alternatives
If command-line tools are not available, these online services can be used:
- Base64: https://www.base64encode.org/
- URL Encode: https://www.urlencoder.org/
- Hex Encode: https://www.hexencode.net/
- ROT13: https://rot13.com/
Security Notes
- Always validate input before encoding/decoding
- Be aware of encoding-specific vulnerabilities
- Test with various character sets and special characters
- Consider encoding bypass techniques in web applications