# base64dump.py
> Extract and decode Base64-encoded strings from files

**Category:** [[categories/examine-static-properties-deobfuscation|Examine Static Properties > Deobfuscation]] | **Tier:** Rich (FOR610) | **Author:** Didier Stevens
**Docs:** [https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation](https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation)

## Usage
```bash
base64dump.py file.txt
base64dump.py file.ps1 -n 10
base64dump.py file.ps1 -s 2 -d
```

## Recipes
- [[recipes/extract-base64-ps-from-vba|Extract Base64 PowerShell from Office Macro]]
- [[recipes/multi-stage-base64-gzip|Decode Base64 + Gzip Payload]]
- [[recipes/base64-xor-shellcode|Decode Base64 + XOR Shellcode]]
- [[recipes/office-full-decode-chain|Full Office Macro Decode Chain]]

## Workflows
- [[workflows/document-analysis-workflow|Malicious Document Analysis]] — Step 5: Payload Decoding

## Related Tools
- [[tools/1768|1768.py]] — Parse Cobalt Strike beacon configuration from shellcode or m
- [[tools/balbuzard|balbuzard]] — Extract and deobfuscate patterns from suspicious files.
- [[tools/brxor|brxor.py]] — Brute-force XOR key detection for single-byte XOR-encoded st
- [[tools/chepy|chepy]] — Decode and otherwise analyze data using this command-line to
- [[tools/cobalt-strike-configuration-extractor-csce-and-parser|Cobalt Strike Configuration Extractor (CSCE) and Parser]] — Analyze Cobalt Strike beacons.

## FOR610
**Labs:** 3.4, 4.5
**Sections:** 3, 4

#base64 #decoding #didier-stevens