├── .gitignore ├── MANIFEST.in ├── setup.cfg ├── CONTRIBUTING.md ├── .github └── workflows │ └── linting.yml ├── LICENSE.txt ├── setup.py ├── Makefile ├── badchars └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | badchars.egg-info/ 2 | build/ 3 | dist/ 4 | -------------------------------------------------------------------------------- /MANIFEST.in: -------------------------------------------------------------------------------- 1 | include CONTRIBUTING.md LICENSE.txt README.md 2 | -------------------------------------------------------------------------------- /setup.cfg: -------------------------------------------------------------------------------- 1 | [metadata] 2 | description-file = README.md 3 | 4 | [bdist_wheel] 5 | universal=1 6 | 7 | [pycodestyle] 8 | max-line-length = 100 9 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Contributors are always welcome. To give you an idea what can be done: 4 | 5 | 1. Review the code 6 | 2. Simplify the code 7 | 3. Harden the code 8 | 4. Add features 9 | 5. Report issues 10 | 6. Star this project 11 | 7. Improve documentation 12 | 8. Use and test it 13 | -------------------------------------------------------------------------------- /.github/workflows/linting.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | ### 4 | ### Lints all generic and json files in the whole git repository 5 | ### 6 | 7 | name: linting 8 | on: 9 | pull_request: 10 | push: 11 | branches: 12 | - master 13 | tags: 14 | 15 | jobs: 16 | lint: 17 | runs-on: ubuntu-latest 18 | strategy: 19 | fail-fast: False 20 | matrix: 21 | target: 22 | - pycodestyle 23 | - pydocstyle 24 | - black 25 | 26 | name: "[ ${{ matrix.target }} ]" 27 | steps: 28 | - name: Checkout repository 29 | uses: actions/checkout@master 30 | 31 | - name: Lint 32 | run: | 33 | make ${target} 34 | env: 35 | target: ${{ matrix.target }} 36 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 cytopia 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | """Pip configuration.""" 2 | from setuptools import setup 3 | 4 | with open("README.md", "r") as fh: 5 | long_description = fh.read() 6 | 7 | setup( 8 | name="badchars", 9 | version="0.5.0", 10 | description="A hex badchar generator for different programming languages.", 11 | license="MIT", 12 | long_description=long_description, 13 | long_description_content_type="text/markdown", 14 | author="cytopia", 15 | author_email="cytopia@everythingcli.org", 16 | url="https://github.com/cytopia/badchars", 17 | install_requires=[], 18 | scripts=[ 19 | "badchars" 20 | ], 21 | project_urls={ 22 | 'Source Code': 'https://github.com/cytopia/badchars', 23 | 'Documentation': 'https://github.com/cytopia/badchars', 24 | 'Bug Tracker': 'https://github.com/cytopia/badchars/issues', 25 | }, 26 | classifiers=[ 27 | # https://pypi.org/classifiers/ 28 | # 29 | # How mature is this project 30 | 'Development Status :: 5 - Production/Stable', 31 | # Indicate who your project is intended for 32 | "Intended Audience :: Developers", 33 | "Intended Audience :: Information Technology", 34 | "Intended Audience :: Science/Research", 35 | "Intended Audience :: System Administrators", 36 | # Project topics 37 | "Topic :: Internet", 38 | "Topic :: Security", 39 | "Topic :: System :: Shells", 40 | "Topic :: System :: Systems Administration", 41 | "Topic :: Utilities", 42 | # License 43 | "License :: OSI Approved :: MIT License", 44 | # Specify the Python versions you support here. In particular, ensure 45 | # that you indicate whether you support Python 2, Python 3 or both. 46 | "Programming Language :: Python", 47 | "Programming Language :: Python :: 2", 48 | "Programming Language :: Python :: 3", 49 | # How does it run 50 | "Environment :: Console", 51 | # Where does it rnu 52 | "Operating System :: OS Independent", 53 | ], 54 | ) 55 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | ifneq (,) 2 | .error This Makefile requires GNU Make. 3 | endif 4 | 5 | # ------------------------------------------------------------------------------------------------- 6 | # Default configuration 7 | # ------------------------------------------------------------------------------------------------- 8 | .PHONY: help lint pycodestyle pydocstyle black dist sdist bdist build checkbuild deploy autoformat clean 9 | 10 | 11 | VERSION = 2.7 12 | BINNAME = badchars 13 | 14 | # ------------------------------------------------------------------------------------------------- 15 | # Default Target 16 | # ------------------------------------------------------------------------------------------------- 17 | help: 18 | @echo "lint Lint source code" 19 | @echo "build Build Python package" 20 | @echo "dist Create source and binary distribution" 21 | @echo "sdist Create source distribution" 22 | @echo "bdist Create binary distribution" 23 | @echo "clean Build" 24 | 25 | 26 | # ------------------------------------------------------------------------------------------------- 27 | # Lint Targets 28 | # ------------------------------------------------------------------------------------------------- 29 | 30 | lint: pycodestyle pydocstyle black 31 | 32 | pycodestyle: 33 | docker run --rm -v $(PWD):/data cytopia/pycodestyle --show-source --show-pep8 $(BINNAME) 34 | 35 | pydocstyle: 36 | docker run --rm -v $(PWD):/data cytopia/pydocstyle $(BINNAME) 37 | 38 | black: 39 | docker run --rm -v ${PWD}:/data cytopia/black -l 100 --check --diff $(BINNAME) 40 | 41 | 42 | # ------------------------------------------------------------------------------------------------- 43 | # Build Targets 44 | # ------------------------------------------------------------------------------------------------- 45 | 46 | dist: sdist bdist 47 | 48 | sdist: 49 | docker run \ 50 | --rm \ 51 | $$(tty -s && echo "-it" || echo) \ 52 | -v $(PWD):/data \ 53 | -w /data \ 54 | -u $$(id -u):$$(id -g) \ 55 | python:$(VERSION)-alpine \ 56 | python setup.py sdist 57 | 58 | bdist: 59 | docker run \ 60 | --rm \ 61 | $$(tty -s && echo "-it" || echo) \ 62 | -v $(PWD):/data \ 63 | -w /data \ 64 | -u $$(id -u):$$(id -g) \ 65 | python:$(VERSION)-alpine \ 66 | python setup.py bdist_wheel --universal 67 | 68 | build: 69 | docker run \ 70 | --rm \ 71 | $$(tty -s && echo "-it" || echo) \ 72 | -v $(PWD):/data \ 73 | -w /data \ 74 | -u $$(id -u):$$(id -g) \ 75 | python:$(VERSION)-alpine \ 76 | python setup.py build 77 | 78 | checkbuild: 79 | docker run \ 80 | --rm \ 81 | $$(tty -s && echo "-it" || echo) \ 82 | -v $(PWD):/data \ 83 | -w /data \ 84 | python:$(VERSION)-alpine \ 85 | sh -c "pip install twine \ 86 | && twine check dist/*" 87 | 88 | 89 | # ------------------------------------------------------------------------------------------------- 90 | # Publish Targets 91 | # ------------------------------------------------------------------------------------------------- 92 | 93 | deploy: 94 | docker run \ 95 | --rm \ 96 | $$(tty -s && echo "-it" || echo) \ 97 | -v $(PWD):/data \ 98 | -w /data \ 99 | python:$(VERSION)-alpine \ 100 | sh -c "pip install twine \ 101 | && twine upload dist/*" 102 | 103 | 104 | # ------------------------------------------------------------------------------------------------- 105 | # Misc Targets 106 | # ------------------------------------------------------------------------------------------------- 107 | 108 | autoformat: 109 | docker run \ 110 | --rm \ 111 | $$(tty -s && echo "-it" || echo) \ 112 | -v $(PWD):/data \ 113 | -w /data \ 114 | cytopia/black -l 100 $(BINNAME) 115 | clean: 116 | -rm -rf $(BINNAME).egg-info/ 117 | -rm -rf dist/ 118 | -rm -rf build/ 119 | -------------------------------------------------------------------------------- /badchars: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | """Print badchars.""" 3 | 4 | import sys 5 | import argparse 6 | import math 7 | 8 | 9 | # ------------------------------------------------------------------------------------------------- 10 | # GLOBALS 11 | # ------------------------------------------------------------------------------------------------- 12 | DEFAULT_LENGTH = 255 13 | FORMATS = { 14 | "c": { 15 | "block": {"pre": "char badchars[] =\n", "post": '";'}, 16 | "line": {"pre": ' "', "post": '"'}, 17 | "char": {"esc": "\\", "delim": ""}, 18 | }, 19 | "js": { 20 | "block": {"pre": "var badchars =\n", "post": '";'}, 21 | "line": {"pre": ' "', "post": '" +'}, 22 | "char": {"esc": "\\", "delim": ""}, 23 | }, 24 | "php": { 25 | "block": {"pre": "$badchars =\n", "post": '";'}, 26 | "line": {"pre": ' "', "post": '" +'}, 27 | "char": {"esc": "\\", "delim": ""}, 28 | }, 29 | "bash": { 30 | "block": {"pre": "badchars=(\n", "post": "\n)"}, 31 | "line": {"pre": " ", "post": ""}, 32 | "char": {"esc": "\\\\", "delim": " "}, 33 | }, 34 | "python": { 35 | "block": {"pre": "badchars = (\n", "post": '"\n)'}, 36 | "line": {"pre": ' "', "post": '"'}, 37 | "char": {"esc": "\\", "delim": ""}, 38 | }, 39 | "ruby": { 40 | "block": {"pre": "badchars = (\n", "post": '"\n)'}, 41 | "line": {"pre": ' "', "post": '" +'}, 42 | "char": {"esc": "\\", "delim": ""}, 43 | }, 44 | } 45 | 46 | 47 | # ------------------------------------------------------------------------------------------------- 48 | # DECORATOR 49 | # ------------------------------------------------------------------------------------------------- 50 | def format_output(f): 51 | """Decorate/format the output of badchars.""" 52 | 53 | def new_f(length, format): 54 | if format is not None: 55 | sys.stdout.write(FORMATS[format]["block"]["pre"]) 56 | f(length, format) 57 | if format is not None: 58 | sys.stdout.write(FORMATS[format]["block"]["post"]) 59 | 60 | return new_f 61 | 62 | 63 | # ------------------------------------------------------------------------------------------------- 64 | # FUNCTIONS 65 | # ------------------------------------------------------------------------------------------------- 66 | @format_output 67 | def print_badchars(length, format=None): 68 | """Print bad characters.""" 69 | if format is None: 70 | for x in range(1, length + 1): 71 | sys.stdout.write("\\x" + "{:02x}".format(x)) 72 | else: 73 | linebreak = 16 74 | rows = int(math.ceil(float(length) / linebreak)) 75 | count = 0 76 | for row in range(1, rows + 1): 77 | sys.stdout.write(FORMATS[format]["line"]["pre"]) 78 | for char in range(1, linebreak + 1): 79 | if count == length: 80 | break 81 | count += 1 82 | sys.stdout.write(FORMATS[format]["char"]["esc"] + "x" + "{:02x}".format(count)) 83 | if count % linebreak and count != length: 84 | sys.stdout.write(FORMATS[format]["char"]["delim"]) 85 | if count == length: 86 | break 87 | sys.stdout.write(FORMATS[format]["line"]["post"]) 88 | sys.stdout.write("\n") 89 | 90 | 91 | # ------------------------------------------------------------------------------------------------- 92 | # ARG HELPER 93 | # ------------------------------------------------------------------------------------------------- 94 | def _args_check_length(value): 95 | """Check arguments for valid length.""" 96 | min_len = 1 97 | intvalue = int(value) 98 | 99 | if intvalue < min_len: 100 | raise argparse.ArgumentTypeError("%s is an invalid length." % value) 101 | return intvalue 102 | 103 | 104 | def _args_check_format(value): 105 | """Check arguments for valid format.""" 106 | if value not in FORMATS: 107 | raise argparse.ArgumentTypeError("%s is an invalid format." % value) 108 | return value 109 | 110 | 111 | # ------------------------------------------------------------------------------------------------- 112 | # ENTRYPOINT 113 | # ------------------------------------------------------------------------------------------------- 114 | def main(): 115 | """Start the program.""" 116 | parser = argparse.ArgumentParser(description="Badchar generator.") 117 | parser.add_argument( 118 | "-v", 119 | "--version", 120 | action="version", 121 | version="%(prog)s 0.5.0 by cytopia", 122 | help="Show version information,", 123 | ) 124 | parser.add_argument( 125 | "-l", 126 | "--length", 127 | metavar="int", 128 | required=False, 129 | type=_args_check_length, 130 | help="Length of badchars to create. Default: " + str(DEFAULT_LENGTH), 131 | ) 132 | parser.add_argument( 133 | "-f", 134 | "--format", 135 | metavar="str", 136 | required=False, 137 | type=_args_check_format, 138 | help="Format output: " + ", ".join(FORMATS.keys()), 139 | ) 140 | args = parser.parse_args() 141 | length = DEFAULT_LENGTH if args.length is None else args.length 142 | 143 | print_badchars(length, args.format) 144 | sys.stdout.write("\n") 145 | 146 | 147 | if __name__ == "__main__": 148 | # Catch Ctrl+c and exit without error message 149 | try: 150 | main() 151 | except KeyboardInterrupt: 152 | print() 153 | sys.exit(1) 154 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # badchars 2 | 3 | [![](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black) 4 | [![PyPI](https://img.shields.io/pypi/v/badchars)](https://pypi.org/project/badchars/) 5 | [![PyPI - Status](https://img.shields.io/pypi/status/badchars)](https://pypi.org/project/badchars/) 6 | [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/badchars)](https://pypi.org/project/badchars/) 7 | [![PyPI - Format](https://img.shields.io/pypi/format/badchars)](https://pypi.org/project/badchars/) 8 | [![PyPI - Implementation](https://img.shields.io/pypi/implementation/badchars)](https://pypi.org/project/badchars/) 9 | [![PyPI - License](https://img.shields.io/pypi/l/badchars)](https://pypi.org/project/badchars/) 10 | 11 | [![Build Status](https://github.com/cytopia/badchars/workflows/linting/badge.svg)](https://github.com/cytopia/badchars/actions?workflow=linting) 12 | 13 | A hex bad char generator to instruct encoders such as [shikata-ga-nai](https://github.com/rapid7/metasploit-framework/blob/master/modules/encoders/x86/shikata_ga_nai.rb) 14 | to transform those to other chars. 15 | 16 | 17 | ## :tada: Installation 18 | ```bash 19 | pip install badchars 20 | ``` 21 | 22 | 23 | ## :computer: Usage 24 | ``` 25 | $ badchars --help 26 | usage: badchars [-h] [-v] [-l int] [-f str] 27 | 28 | Badchar generator. 29 | 30 | optional arguments: 31 | -h, --help show this help message and exit 32 | -v, --version Show version information, 33 | -l int, --length int Length of badchars to create. Default: 255 34 | -f str, --format str Format output: c, python, js, php, ruby, bash 35 | ``` 36 | 37 | 38 | ## :bulb: Examples 39 | 40 | #### Plain 41 | ```bash 42 | $ badchars 43 | ``` 44 | ``` 45 | \x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff 46 | ``` 47 | 48 | #### Python 49 | ```bash 50 | $ badchars -f python 51 | ``` 52 | ```python 53 | badchars = ( 54 | "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10" 55 | "\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20" 56 | "\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30" 57 | "\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40" 58 | "\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50" 59 | "\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60" 60 | "\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70" 61 | "\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80" 62 | "\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90" 63 | "\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0" 64 | "\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0" 65 | "\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0" 66 | "\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0" 67 | "\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0" 68 | "\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0" 69 | "\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff" 70 | ) 71 | ``` 72 | 73 | #### Ruby 74 | ```bash 75 | $ badchars -f ruby 76 | ``` 77 | ```ruby 78 | badchars = ( 79 | "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10" + 80 | "\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20" + 81 | "\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30" + 82 | "\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40" + 83 | "\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50" + 84 | "\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60" + 85 | "\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70" + 86 | "\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80" + 87 | "\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90" + 88 | "\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0" + 89 | "\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0" + 90 | "\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0" + 91 | "\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0" + 92 | "\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0" + 93 | "\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0" + 94 | "\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff" 95 | ) 96 | ``` 97 | 98 | #### C code 99 | ```bash 100 | $ badchars -f c 101 | ``` 102 | ```cpp 103 | char badchars[] = 104 | "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10" 105 | "\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20" 106 | "\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30" 107 | "\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40" 108 | "\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50" 109 | "\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60" 110 | "\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70" 111 | "\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80" 112 | "\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90" 113 | "\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0" 114 | "\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0" 115 | "\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0" 116 | "\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0" 117 | "\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0" 118 | "\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0" 119 | "\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"; 120 | ``` 121 | 122 | #### Bash 123 | ```bash 124 | $ badchars -f bash 125 | ``` 126 | ```bash 127 | badchars=( 128 | \\x01 \\x02 \\x03 \\x04 \\x05 \\x06 \\x07 \\x08 \\x09 \\x0a \\x0b \\x0c \\x0d \\x0e \\x0f \\x10 129 | \\x11 \\x12 \\x13 \\x14 \\x15 \\x16 \\x17 \\x18 \\x19 \\x1a \\x1b \\x1c \\x1d \\x1e \\x1f \\x20 130 | \\x21 \\x22 \\x23 \\x24 \\x25 \\x26 \\x27 \\x28 \\x29 \\x2a \\x2b \\x2c \\x2d \\x2e \\x2f \\x30 131 | \\x31 \\x32 \\x33 \\x34 \\x35 \\x36 \\x37 \\x38 \\x39 \\x3a \\x3b \\x3c \\x3d \\x3e \\x3f \\x40 132 | \\x41 \\x42 \\x43 \\x44 \\x45 \\x46 \\x47 \\x48 \\x49 \\x4a \\x4b \\x4c \\x4d \\x4e \\x4f \\x50 133 | \\x51 \\x52 \\x53 \\x54 \\x55 \\x56 \\x57 \\x58 \\x59 \\x5a \\x5b \\x5c \\x5d \\x5e \\x5f \\x60 134 | \\x61 \\x62 \\x63 \\x64 \\x65 \\x66 \\x67 \\x68 \\x69 \\x6a \\x6b \\x6c \\x6d \\x6e \\x6f \\x70 135 | \\x71 \\x72 \\x73 \\x74 \\x75 \\x76 \\x77 \\x78 \\x79 \\x7a \\x7b \\x7c \\x7d \\x7e \\x7f \\x80 136 | \\x81 \\x82 \\x83 \\x84 \\x85 \\x86 \\x87 \\x88 \\x89 \\x8a \\x8b \\x8c \\x8d \\x8e \\x8f \\x90 137 | \\x91 \\x92 \\x93 \\x94 \\x95 \\x96 \\x97 \\x98 \\x99 \\x9a \\x9b \\x9c \\x9d \\x9e \\x9f \\xa0 138 | \\xa1 \\xa2 \\xa3 \\xa4 \\xa5 \\xa6 \\xa7 \\xa8 \\xa9 \\xaa \\xab \\xac \\xad \\xae \\xaf \\xb0 139 | \\xb1 \\xb2 \\xb3 \\xb4 \\xb5 \\xb6 \\xb7 \\xb8 \\xb9 \\xba \\xbb \\xbc \\xbd \\xbe \\xbf \\xc0 140 | \\xc1 \\xc2 \\xc3 \\xc4 \\xc5 \\xc6 \\xc7 \\xc8 \\xc9 \\xca \\xcb \\xcc \\xcd \\xce \\xcf \\xd0 141 | \\xd1 \\xd2 \\xd3 \\xd4 \\xd5 \\xd6 \\xd7 \\xd8 \\xd9 \\xda \\xdb \\xdc \\xdd \\xde \\xdf \\xe0 142 | \\xe1 \\xe2 \\xe3 \\xe4 \\xe5 \\xe6 \\xe7 \\xe8 \\xe9 \\xea \\xeb \\xec \\xed \\xee \\xef \\xf0 143 | \\xf1 \\xf2 \\xf3 \\xf4 \\xf5 \\xf6 \\xf7 \\xf8 \\xf9 \\xfa \\xfb \\xfc \\xfd \\xfe \\xff 144 | ) 145 | ``` 146 | 147 | #### PHP 148 | ```bash 149 | $ badchars -f php 150 | ``` 151 | ```php 152 | $badchars = 153 | "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10" + 154 | "\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20" + 155 | "\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30" + 156 | "\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40" + 157 | "\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50" + 158 | "\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60" + 159 | "\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70" + 160 | "\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80" + 161 | "\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90" + 162 | "\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0" + 163 | "\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0" + 164 | "\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0" + 165 | "\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0" + 166 | "\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0" + 167 | "\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0" + 168 | "\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"; 169 | ``` 170 | 171 | #### Javascript 172 | ```bash 173 | $ badchars -f js 174 | ``` 175 | ```javascript 176 | var badchars = 177 | "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10" + 178 | "\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20" + 179 | "\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30" + 180 | "\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40" + 181 | "\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50" + 182 | "\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60" + 183 | "\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70" + 184 | "\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80" + 185 | "\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90" + 186 | "\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0" + 187 | "\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0" + 188 | "\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0" + 189 | "\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0" + 190 | "\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0" + 191 | "\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0" + 192 | "\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"; 193 | ``` 194 | 195 | 196 | ## :lock: [cytopia](https://github.com/cytopia) sec tools 197 | 198 | Below is a list of sec tools and docs I am maintaining. 199 | 200 | | Name | Category | Language | Description | 201 | |----------------------|----------------------|------------|-------------| 202 | | **[offsec]** | Documentation | Markdown | Offsec checklist, tools and examples | 203 | | **[header-fuzz]** | Enumeration | Bash | Fuzz HTTP headers | 204 | | **[smtp-user-enum]** | Enumeration | Python 2+3 | SMTP users enumerator | 205 | | **[urlbuster]** | Enumeration | Python 2+3 | Mutable web directory fuzzer | 206 | | **[pwncat]** | Pivoting | Python 2+3 | Cross-platform netcat on steroids | 207 | | **[badchars]** | Reverse Engineering | Python 2+3 | Badchar generator | 208 | | **[fuzza]** | Reverse Engineering | Python 2+3 | TCP fuzzing tool | 209 | 210 | [offsec]: https://github.com/cytopia/offsec 211 | [header-fuzz]: https://github.com/cytopia/header-fuzz 212 | [smtp-user-enum]: https://github.com/cytopia/smtp-user-enum 213 | [urlbuster]: https://github.com/cytopia/urlbuster 214 | [pwncat]: https://github.com/cytopia/pwncat 215 | [badchars]: https://github.com/cytopia/badchars 216 | [fuzza]: https://github.com/cytopia/fuzza 217 | 218 | 219 | ## :octocat: Contributing 220 | 221 | See **[Contributing guidelines](CONTRIBUTING.md)** to help to improve this project. 222 | 223 | 224 | ## :exclamation: Disclaimer 225 | 226 | This tool may be used for legal purposes only. Users take full responsibility for any actions performed using this tool. The author accepts no liability for damage caused by this tool. If these terms are not acceptable to you, then do not use this tool. 227 | 228 | 229 | ## :page_facing_up: License 230 | 231 | **[MIT License](LICENSE.txt)** 232 | 233 | Copyright (c) 2020 **[cytopia](https://github.com/cytopia)** 234 | --------------------------------------------------------------------------------