redstr
v0.2.14
Published
Native string transformations for security testing - WAF bypass, XSS, SQL injection, phishing, and evasion testing
Maintainers
arvid-berndtssonReadme
redstr
Native Node.js bindings for redstr - high-performance string transformations for security testing.
Installation
npm install redstrFeatures
- 🚀 Native performance - Zero-overhead Rust bindings via napi-rs
- 🔒 Security-focused - 60+ transformations for WAF bypass, XSS, SQL injection, etc.
- 📦 Zero dependencies - No JavaScript dependencies
- 🎯 TypeScript support - Full type definitions included
- 🔗 Builder pattern - Chain multiple transformations fluently
Quick Start
const { leetspeak, base64Encode, TransformBuilder } = require('redstr');
// Direct function calls
console.log(leetspeak('password')); // 'p@55w0rd'
console.log(base64Encode('hello')); // 'aGVsbG8='
// Builder pattern for chaining
const payload = new TransformBuilder('<script>alert(1)</script>')
.caseSwap()
.urlEncode()
.build();
console.log(payload);TypeScript
import { leetspeak, TransformBuilder, randomUserAgent } from 'redstr';
const encoded: string = leetspeak('password');
const builder = new TransformBuilder('test')
.base64()
.urlEncode();
const result: string = builder.build();Available Functions
Case Transformations
randomizeCapitalization(input)- Random case for each charactercaseSwap(input)- Swap uppercase/lowercasealternateCase(input)- Alternate case patterntoCamelCase(input)- Convert to camelCasetoSnakeCase(input)- Convert to snake_casetoKebabCase(input)- Convert to kebab-case
Encoding
base64Encode(input)- Base64 encodingurlEncode(input)- URL encodinghexEncode(input)- Hex encodinghtmlEntityEncode(input)- HTML entity encodingmixedEncoding(input)- Mixed encoding techniques
Obfuscation
leetspeak(input)- Leetspeak transformationrot13(input)- ROT13 cipherreverseString(input)- Reverse the stringdoubleCharacters(input)- Double each characterjsStringConcat(input)- JS string concatenation
Unicode
homoglyphSubstitution(input)- Replace with similar-looking characterszalgoText(input)- Zalgo text effectunicodeVariations(input)- Unicode variationsspaceVariants(input)- Alternative space characters
Phishing
domainTyposquat(input)- Generate typosquatted domainsemailObfuscation(input)- Obfuscate email addressesadvancedDomainSpoof(input)- Domain spoofing techniques
Injection
xssTagVariations(input)- XSS payload variationssqlCommentInjection(input)- SQL injection patternscommandInjection(input)- Command injectionpathTraversal(input)- Path traversal patternssstiInjection(input)- Server-side template injection
Bot Detection
randomUserAgent()- Generate random user agenttlsFingerprintVariation(input)- TLS fingerprint variations
Shell
powershellObfuscate(input)- PowerShell obfuscationbashObfuscate(input)- Bash obfuscation
TransformBuilder
Chain multiple transformations:
const { TransformBuilder } = require('redstr');
const result = new TransformBuilder('payload')
.leetspeak()
.base64()
.urlEncode()
.build();Available builder methods:
.leetspeak()- Apply leetspeak.base64()- Apply Base64 encoding.urlEncode()- Apply URL encoding.caseSwap()- Apply case swap.rot13()- Apply ROT13.hexEncode()- Apply hex encoding.homoglyphs()- Apply homoglyph substitution.reverse()- Reverse the string.build()- Get the final result
Performance
redstr uses native Rust code via napi-rs, providing near-native performance:
| Operation | Time |
|-----------|------|
| leetspeak() | ~0.01ms |
| base64Encode() | ~0.005ms |
| TransformBuilder (5 ops) | ~0.05ms |
License
MIT