├── LICENSE
├── README.md
├── ascii-table.gif
├── barcode.png
├── code128_CNTRL-scancodes.png
├── code128_FN-scancodes.PNG
├── datamatrix.png
├── ean13.png
├── qrcode.png
└── scansploit.py


/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2015 Hunter Gregal
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 
23 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # =SCANSPLOIT=
 2 | Tool for Injecting Malicious Payloads Into Barcodes
 3 | 
 4 | * Barcodes (code128)
 5 | * QRCodes
 6 | * DataMatrix
 7 | * EAN13
 8 | 
 9 | ## Requirements
10 | 
11 | * Python3
12 | * PyStrich
13 | 	* `pip3 install pystrich`
14 | 	* Incase of jpeg error:
15 | 		`sudo apt-get install libtiff5-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.6-dev tk8.6-dev python-tk`
16 | * Pillow
17 | 	* `pip3 install pillow`
18 | 


--------------------------------------------------------------------------------
/ascii-table.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/huntergregal/scansploit/a0890afeba7f5a7b00c74aa031f15b28ee4d74f9/ascii-table.gif


--------------------------------------------------------------------------------
/barcode.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/huntergregal/scansploit/a0890afeba7f5a7b00c74aa031f15b28ee4d74f9/barcode.png


--------------------------------------------------------------------------------
/code128_CNTRL-scancodes.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/huntergregal/scansploit/a0890afeba7f5a7b00c74aa031f15b28ee4d74f9/code128_CNTRL-scancodes.png


--------------------------------------------------------------------------------
/code128_FN-scancodes.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/huntergregal/scansploit/a0890afeba7f5a7b00c74aa031f15b28ee4d74f9/code128_FN-scancodes.PNG


--------------------------------------------------------------------------------
/datamatrix.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/huntergregal/scansploit/a0890afeba7f5a7b00c74aa031f15b28ee4d74f9/datamatrix.png


--------------------------------------------------------------------------------
/ean13.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/huntergregal/scansploit/a0890afeba7f5a7b00c74aa031f15b28ee4d74f9/ean13.png


--------------------------------------------------------------------------------
/qrcode.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/huntergregal/scansploit/a0890afeba7f5a7b00c74aa031f15b28ee4d74f9/qrcode.png


--------------------------------------------------------------------------------
/scansploit.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python3
 2 | import logging
 3 | import sys
 4 | import argparse
 5 | from pystrich.code128 import Code128Encoder
 6 | from pystrich.qrcode import QRCodeEncoder
 7 | from pystrich.datamatrix import DataMatrixEncoder
 8 | from pystrich.ean13 import EAN13Encoder
 9 | 
10 | parser = argparse.ArgumentParser(description="Tool to embed exploits into barcodes.")
11 | 
12 | parser.add_argument('-f', '--file', dest='outfile', help='Output file name', required=True)
13 | parser.add_argument('-v', '--verbose', dest='verbose', help='Optional: verbose mode', action='store_true', default=False)
14 | parser.add_argument('-t', '--type', dest='type', help='Specify barcode encoding type (default: code128)', choices=["code128", "qrcode", "dmatrix", "ean13"], default="code128")
15 | 
16 | 
17 | ptype = parser.add_mutually_exclusive_group(required=True)
18 | ptype.add_argument('-ps', '--pstring', help='Specify payload string', type=str)
19 | ptype.add_argument('-pf', '--pfile', help='Specify a payload file', type=argparse.FileType('r'))
20 | 
21 | args = parser.parse_args()
22 | 	
23 | def code128(payload):
24 | 	if args.verbose:
25 | 		logging.getLogger("code128").setLevel(logging.DEBUG)
26 | 		logging.getLogger("code128").addHandler(logging.StreamHandler(sys.stdout))
27 | 
28 | 	encoded = Code128Encoder(payload)
29 | 	encoded.save(args.outfile)
30 | 
31 | def qrcode(payload):
32 | 	if args.verbose:
33 | 		logging.getLogger("qrcode").setLevel(logging.DEBUG)
34 | 		logging.getLogger("qrcode").addHandler(logging.StreamHandler(sys.stdout))
35 | 
36 | 	encoded = QRCodeEncoder(payload)
37 | 	encoded.save(args.outfile, 3)
38 | 
39 | def dmatrix(payload): 
40 | 	if args.verbose:
41 | 		logging.getLogger("datamatrix").setLevel(logging.DEBUG)
42 | 		logging.getLogger("datamatrix").addHandler(logging.StreamHandler(sys.stdout))
43 | 
44 | 	encoded = DataMatrixEncoder(payload)
45 | 	encoded.save(args.outfile)
46 | 
47 | def ean13(payload):
48 | 	if args.verbose:
49 | 		logging.getLogger("ean13").setLevel(logging.DEBUG)
50 | 		logging.getLogger("ean13").addHandler(logging.StreamHandler(sys.stdout))
51 | 
52 | 	encoded = DataMatrixEncoder(payload)
53 | 	encoded.save(args.outfile)
54 | 
55 | if __name__ == "__main__":
56 | 	if args.pstring:
57 | 		payload = args.pstring
58 | 	elif args.pfile:
59 | 		pfile = args.pfile
60 | 		try:
61 | 			payload = pfile.read()
62 | 		except:
63 | 			print("Payload data not ASCII! QUITTING")
64 | 			exit()
65 | 
66 | 	if args.type == "code128":
67 | 		code128(payload)
68 | 	elif args.type == "qrcode":
69 | 		qrcode(payload)
70 | 	elif args.type == "dmatrix":
71 | 		dmatrix(payload)
72 | 	elif args.type == "ean13":
73 | 		ean13(payload)
74 | 	print("Barcode Payload Generated!")
75 | 


--------------------------------------------------------------------------------