Output assembly code?(y or n)> n
Output shellcode to screen?(y or n)> n
Shellcode output to a .c file?(y or n)> y
Target .c file?> ../testZSC.c
Traceback (most recent call last):
  File "/usr/share/owasp_zsc/zsc.py", line 23, in <module>
    main()  #execute main function
  File "/usr/share/owasp_zsc/zsc.py", line 18, in main
    _interface()
  File "/usr/share/owasp_zsc/core/controller.py", line 23, in _interface
    run.engine(commands)  #run engine with user friendly interface
  File "/usr/share/owasp_zsc/core/run.py", line 261, in engine
    getcommand(commands)
  File "/usr/share/owasp_zsc/core/run.py", line 197, in getcommand
    file_output(target, func, data, os, encode, shellcode, shellcode_op)
UnboundLocalError: local variable 'shellcode_op' referenced before assignment

Sending a PR in a moment.

Yo, just try some test on zsc.Command line seems like buggy,

        root@r00t-VirtualBox:/home/r00t/Desktop# zsc
        Traceback (most recent call last):
        File "/usr/share/owasp_zsc/zsc.py", line 11, in <module>
        from core import run
        File "/usr/share/owasp_zsc/core/run.py", line 25, in <module>
        exec(compile(open('core/commands.py', "rb").read(), 'core/commands.py', 'exec'))
        IOError: [Errno 2] No such file or directory: 'core/commands.py'
        root@r00t-VirtualBox:/home/r00t/Desktop# 

There you go, system informations;

       root@r00t-VirtualBox:/home/r00t/Desktop# uname -a
       Linux r00t-VirtualBox 4.2.0-16-generic #19-Ubuntu SMP Thu Oct 8 15:35:06 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

Good luck my friend :)

hello friends,

I release that when we use a specific value for encoding shellcodes example( sub/xor/add_yourvalue ) it could make a null and there is if in script it tries again if find \x00 in software.

for example run this command zsc.py -p windows_x86/exec/xor_0x41414141 -i calc.exe, we need to check and if there is a null, return an error, also there is more, inc and dec also could make the nulls,

'%x'%(int('0x4f5ec401',16) - int('0x1',16)) '4f5ec400'

or

 '%x'%(int('0x4f5ec4ff',16) + int('0x1',16))
'4f5ec500'

we need to return error and tell user this value make nulls or change value +1 or -1

@Pratik151 please notice that until you adding encoder and we not fix it

Only one of line 15 and line 63 can be correct.
@Pratik151 @Ali-Razmjoo

compile example: gcc -ggdb -static -m32 -fno-stack-protector -z execstack -mpreferred-stack-boundary=2 -o shellcode_compiled

Since OS X(since version 10.6) doesn't support PowerPC architecture some of these gcc flags like -mpreferred-stack-boundary won't work...I'm looking for alternatives. Will send in a PR soon.

For the OSX we have an option in the menu when through the menu for payloads

zsc -l
....

[!] exec('file_to_execute')
[+] osx_x86/exec/none

From usability point of view, is this an example or a command that will generate automatically something for the user?

Hello friends,

There is a new issue on python3 while using shell-storm API and obfuscating codes.

zsc> obfuscate
zsc/obfuscate>
javascript php        python
zsc/obfuscate> p
php    python
zsc/obfuscate> python
filename> f.txt
encode> simple_hex
Traceback (most recent call last):
  File "zsc.py", line 22, in <module>
    main() #execute main function
  File "zsc.py", line 18, in main
    run.engine(commands) #run engine
  File "C:\Users\Ali\Documents\GitHub\OWASP-ZSC\core\run.py", line 226, in engine
    getcommand(commands)
  File "C:\Users\Ali\Documents\GitHub\OWASP-ZSC\core\run.py", line 113, in getcommand
    obf_code(option,encode,filename,content)
  File "C:\Users\Ali\Documents\GitHub\OWASP-ZSC\core\obfuscate.py", line 12, in obf_code
    content = start(content) #encoded content as returned value
  File "C:\Users\Ali\Documents\GitHub\OWASP-ZSC\lib\encoder\python\simple_hex.py", line 57, in start
    return str(str('\'\'\'\n')+str(content.replace('\'\'\'','\\\'\\\'\\\''))+str('\n\'\'\'') + str(encode(content))+str('\n'))
TypeError: a bytes-like object is required, not 'str'

zsc> shellcode
zsc/shellcode> search
keyword_to_search>
download generate search
keyword_to_search> ali razmjoo
Traceback (most recent call last):
  File "zsc.py", line 22, in <module>
    main() #execute main function
  File "zsc.py", line 18, in main
    run.engine(commands) #run engine
  File "C:\Users\Ali\Documents\GitHub\OWASP-ZSC\core\run.py", line 226, in engine
    getcommand(commands)
  File "C:\Users\Ali\Documents\GitHub\OWASP-ZSC\core\run.py", line 74, in getcommand
    _search_shellcode()
  File "C:\Users\Ali\Documents\GitHub\OWASP-ZSC\lib\shell_storm_api\grab.py", line 31, in _search_shellcode
    for shellcode_ in data.rsplit('\n'):
TypeError: a bytes-like object is required, not 'str'

I've forgotten to convert the bytes to strings.

There are some documents available for users and developers which locate in here and could be useful!
I'll be so grateful if someone assist me with this issue.

Thank you.

I get the following issue when using the obfuscate module:

I use tab, I get 'simple_' as menu, when enter it gives me the error 'please enter a valid code name'

encode> simple_
[!] please enter a valid encode name

The menu shows this:

encode> simple_
simple_base64_rev  simple_hex         simple_hex_rev  

Could you provide more details which parameters and how this option should work? I don't get any specific parameters, not sure how this should work
zsc/shellcode/generate/windows_x86/disable_firewall>

Just notice that this project support only Linux based. However, is there any chance that this project will support OS X environment?

❯ sudo python installer.py
Password:
Sorry, This version of software just could be run on linux.

Working on it

when zsc is asking for shellcode encoding type, it's like zsc> and not showing path.

zsc/shellcode/generate/linux_x86/exec> file_to_execute
file_to_execute> /bin/bash

[+] file_to_execute set to "/bin/bash"

[+] none
[+] xor_random
[+] xor_yourvalue
[+] add_random
[+] add_yourvalue
[+] sub_random
[+] sub_yourvalue
[+] inc
[+] inc_timesyouwant
[+] dec
[+] dec_timesyouwant
[+] mix_all


[+] enter encode type
zsc> none

it's better to be like zsc/shellcode/generate/linux_x86/exec/encode_type or something.

Hello friends,

We found a new bug in software while using python3 to run the software. restart command doesn't work in python3.

The results of executing software with python2

zsc> shellcode
zsc/shellcode> generate
zsc/shellcode/generate> restart
zsc> 
about      help       restart    update     
exit       obfuscate  shellcode  version    
zsc> shellcode
zsc/shellcode> 

The results of executing software with python3

zsc> shellcode
zsc/shellcode> generate
zsc/shellcode/generate> restart
zsc/shellcode/generate> 
about      help       restart    update     
exit       obfuscate  shellcode  version    
zsc/shellcode/generate> shellcode
[+] Command not found!
zsc/shellcode/generate> 

There are some documents available for users and developers which locate in here and could be useful!
I'll be so grateful if someone assist me with this issue.

Thank you.

When moving into a subcontext from the main menu (e.g. zsc/shellcode/generate>) issuing the "help" command switches back to the root context (i.e. zsc>).

This issue is twofold: a bugfix so that the "help" command doesn't switch contexts, and an enhancement to have the "help" command display help based on whatever context you are in (e.g. "zsc/shellcode> help" shows shellcode help)

zsc> shellcode
zsc/shellcode> generate
zsc/shellcode/generate> help

[+] shellcode generate shellcode
[+] shellcode>generate to generate shellcode
[+] shellcode>search search for shellcode in shellstorm
[+] obfuscate generate obfuscate code
[+] help show help menu
[+] update check for update
[+] about about owasp zsc
[+] restart restart the software
[+] version software version
[+] exit to exit the software

zsc>

I'll be glad to help with this as I have time.

Hello friends,

There is a new issue which OWASP ZSC is not able to install/uninstall on windows, We would better to solve this earlier.

There are some documents available for users and developers which locate in here and could be useful!
I'll be so grateful if someone assist me with this issue.

Thank you.

Add back command to go back one step. It is very frustrating to restart from the beginning.

Hello friends,

For a long time, OWASP ZSC shellcode and encoding modules database didn't update. To expansion software, We need to add some new shellcodes for new operation systems. There isn't any problem if operation system or encoding module is not listed in here, We will add it! There isn't any limitation. Remember, OSX and Windows have most priority for us now.

There are some documents available for users and developers which locate in here and could be useful!
I'll be so grateful if someone assist me with this issue.

Thank you.

Is there any chance that this project will support python 3?

This table has an overview of available features/payloads.
http://zsc.z3r0d4y.com/table.html

Should provide some updates on Windows and OSX

This is small issue which I came across when I tried to install without root permissions.

When running installer.py without root permission then it should exit with the message 'Sorry you must run this file as root.' but it is not and this error is raised :

Traceback (most recent call last):
  File "installer.py", line 48, in <module>
    linux_osx()
  File "installer.py", line 23, in linux_osx
    check_prv()
  File "installer.py", line 20, in check_prv
    if ctypes.windll.shell32.IsUserAnAdmin() != 1:
AttributeError: 'module' object has no attribute 'windll'

It is because the sys.exit() only raises an exception and it is catched in next except block here.

A quick fix would be to catch only AttributeError. I will make PR for this now.

This happens

https://s32.postimg.org/5nonvgrvp/Screen_Shot_2016_07_13_at_11_21_05_PM.png

Working on it.

with last commit the windows shellcode is not working. Here is the image to it http://i.imgur.com/GS6ZRkg.png I think it opcoder got messed up, have to look into it.

And I think again we have to discuss those changes as there were around 10k+ lines and In some places I think code was looking good before pep8 fixes like this (before and after ).

And at this stage I don't think we need pep8 fixes. Maybe later we can have pep8 fixes and we can also add about pep8 rules to be followed while contributing in documentation.

I'm trying to generate a shell code. I'm using OSX. When I try to use the tab key as explained on the user guides it does not work I get "command not found"

Trying to generate a payload from command line example
zsc -p windows_x86/add_admin/none -i mary password

-p is for selecting the payload
-i for the input

I get 'command not found'

Let me know if this is the right way to generate the payload

Not sure exactly how this command should run, but I'm attempting the following. Please verify with me so I can make sure this is properly documented

Steps:
Create a .c file with command_to_execute 'clear'

zsc/shellcode/generate/osx_x86> system
zsc/shellcode/generate/osx_x86/system> command_to_execute
command_to_execute> clear
[+] command_to_execute set to "clear"
[+] none
[+] enter encode type
zsc> none
Output assembly code?(y or n)> y
....
Shellcode output to .c file?(y or n)> y
Target .c file?> clearme.c
[+] File saved as clearme.c .

Once generated compile and run

johannacuriel$ file clear
clear: Mach-O 64-bit executable x86_64
Johannas-iMac:owasp-zsc-master-5 johannacuriel$ gcc -o clearme clearme.c -m32
Johannas-iMac:owasp-zsc-master-5 johannacuriel$ file clearme
clearme: Mach-O executable i386

Get the following issue:

Johannas-iMac:owasp-zsc-master-5 johannacuriel$ ./clearme
TERM environment variable not set.

Steps to reproduce:
Choose zsc>shellcode>generate>osx_x86>system>command_to_execute
Set command to 'clear'
choose none as encoder type

Output assembly code?(y or n)> n
[+] Generated shellcode is:

\x68\x90\x90\x90\x72\x59\xc1\xe9\x10\xc1\xe9\x08\x51\x68\x63\x6c\x65\x61\x89\xe1\x68\x90\x90\x2d\x63\x5a\xc1\xea\x10\x52\x89\xe2\x68\x90\x2f\x73\x68\x5b\xc1\xeb\x08\x53\x68\x2f\x62\x69\x6e\x89\xe3\x31\xc0\x50\x51\x52\x53\x89\xe1\x31\xd2\x52\x51\x53\xb0\x3b\x6a\x2a\xcd\x80\xb0\x01\xb3\x01\xcd\x80

Issue: forgets to ask 'output shellcode too?(y or n)
Instead the shellcode is generate at once without requesting

Please include examples that fit the OSX for users that want to use the example code right away

Hello,

right now by using zsc -l or zsc --show-payloads we can see all available payloads, except the shellcodes in shell-storm, i thinks it's cool if we could all available shellcodes in shellstorm too, for example:

zsc -l -s or zsc --show-payloads --shell-storm it will including the shellstorm shellcodes, but it will need internet connection too.

also for searching we need to add pattern, example:

• zsc -l window_x86 will show windows x86 payloads But zsc -l windows will return nothing, so we could use something like this zsc -l windows* to show windows_x86 or x64[for future]
• zsc -l *exec* to search all exec() function in all os
• zsc -l *xor_random to show all xor_random encodes available
• zsc -l windows*xor_random show all windows xor_random encoding functions available
• zsc -l -s *exec* show all exec functions available in zsc and shell-storm ...

Note: we can't handle exec or exec for shell-storm, it doesn't have a static pattern. just word to search in shellcode title.

@jowasp @paraschetal @Pratik151 @CodeMaxx ideas ?

the option [+] windows_x86/create_file/
parameters filename is clear but how should this content be provided?

I'm trying to use the download option, but I get the following error(list index out of range)
Not sure if I'm using the command correctly

Continuous Integration is very useful for project development. Please go through this blog post

Why use Continuous Integration

encoding/obfuscation module should validate the extension of the file to be encoded, allowing encode on files that are not the chosen format

zsc/obfuscate> ruby
filename> 
.DS_Store                 installer.py              sharmincv.c
.gitignore                readme.md                 uninstaller.py
CHANGELOG.md              secret.c                  version
LICENSE.md                sharmin                   zcr_shellcoder_1.0.9.zip
admin.c                   sharminc.c                zsc.py
filename> secret.c
encode> 
base64          base64_rev      simple_hex      simple_hex_rev
encode> base64
[+] file "secret.c" encoded successfully!

The following issue occurs in the interface. It skips the question of generating a '.c' file after user has selected no on 'output shellcode too (y or n)?
user answers 'n' and the following question should follow, to generate a .c file:

zsc/shellcode/generate> 
linux_x86    osx_x86      windows_x86  
zsc/shellcode/generate> osx_x86
zsc/shellcode/generate/osx_x86> 
exec    system  
zsc/shellcode/generate/osx_x86> system
zsc/shellcode/generate/osx_x86/system> command_to_execute
command_to_execute> clear

[+] command_to_execute set to "clear"

[+] none


[+] enter encode type
zsc> none

Output assembly code?(y or n)> n
[+] Generated shellcode is:

\x68\x90\x90\x90\x72\x59\xc1\xe9\x10\xc1\xe9\x08\x51\x68\x63\x6c\x65\x61\x89\xe1\x68\x90\x90\x2d\x63\x5a\xc1\xea\x10\x52\x89\xe2\x68\x90\x2f\x73\x68\x5b\xc1\xeb\x08\x53\x68\x2f\x62\x69\x6e\x89\xe3\x31\xc0\x50\x51\x52\x53\x89\xe1\x31\xd2\x52\x51\x53\xb0\x3b\x6a\x2a\xcd\x80\xb0\x01\xb3\x01\xcd\x80

Shellcode output to .c file?(y or n)> n
zsc> generate
[+] Command not found!
zsc> shellcode
zsc/shellcode> generate
zsc/shellcode/generate> 
linux_x86    osx_x86      windows_x86  
zsc/shellcode/generate> osx_x86
zsc/shellcode/generate/osx_x86> 
exec    system  
zsc/shellcode/generate/osx_x86> system
zsc/shellcode/generate/osx_x86/system> command_to_execute
command_to_execute> clear

[+] command_to_execute set to "clear"

[+] none


[+] enter encode type
zsc> none

Output assembly code?(y or n)> y


push $0x72909090
pop %ecx
shr    $0x10,%ecx
shr    $0x8,%ecx
push %ecx

push $0x61656c63

mov    %esp,%ecx
push   $0x632d9090
pop    %edx
shr    $0x10,%edx
push   %edx
mov    %esp,%edx
push   $0x68732f90
pop    %ebx
shr    $0x8,%ebx
push   %ebx
push   $0x6e69622f
mov    %esp,%ebx
xor    %eax,%eax
push   %eax
push   %ecx
push   %edx
push   %ebx
mov    %esp,%ecx
xor    %edx,%edx
push   %edx
push   %ecx
push   %ebx
mov    $0x3b,%al
push   $0x2a
int    $0x80
mov    $0x1,%al
mov    $0x1,%bl
int    $0x80


Output shellcode too?(y or n)> n
zsc> 

Hello friends,

There is a new issue which is when software is asking for a input from user to get a file to encode, If user push tab key, It will not showing files list in current directory!

Software engine works like this:

zsc> obfuscate
zsc/obfuscate> javascript
filename> javascript

And what we are expecting is:

zsc> obfuscate
zsc/obfuscate> javascript
filename> [tab]
CHANGELOG.md  LICENSE.md  features_table.html  installer.py  readme.md  uninstaller.py  zsc.py

There are some documents available for users and developers which locate in here and could be useful!
I'll be so grateful if someone assist me with this issue.

Thank you.

I'm using the last version, but update command is not working, it's not connected to github.

I will transfer this repo to zscproject github soon.

update.py
url = 'http://zsc.z3r0d4y.com/zsc_archive/last_version'
up_url = 'http://zsc.z3r0d4y.com/zsc_archive/'

  ______          __      _____ _____    ______ _____  _____
 / __ \ \        / /\    / ____|  __ \  |___  // ____|/ ____|
| |  | \ \  /\  / /  \  | (___ | |__) |    / /| (___ | |
| |  | |\ \/  \/ / /\ \  \___ \|  ___/    / /  \___ \| |
| |__| | \  /\  / ____ \ ____) | |       / /__ ____) | |____
 \____/   \/  \/_/    \_\_____/|_|      /_____|_____/ \_____|


                OWASP ZeroDay Cyber Research Shellcoder

your software version: 1.1.0
last version released: 1.0.9

Downloading zcr_shellcoder_1.0.9.zip


Downloading: zcr_shellcoder_1.0.9.zip Bytes: 721223
('        10  [0.00%]\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08',)
('        20  [0.00%]\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08',)
('        30  [0.00%]\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08',)
('        40  [0.01%]\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08',)
('        50  [0.01%]\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08',)
('        60  [0.01%]\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08\x08',)Connection Error!

I suggest that you don't use an install.py file and just create a list of dependencies with instructions on how to install them.

Also create instructions on how to install it the way that the install.py file installs it, for if users don't want to run it just as standalone python program. (But assume that most people will just be running it from the directory where it is installed as standlone python program.)

The command:

zsc -l

works fine in Mac but in windows it goes immediately to the interactive ZSC shell without displaying any payloads menu

In OSX I get:
Johannas-iMac:~ johannacuriel$ zsc -l

/ __ \ \ / /\ / _| __ \ | // __|/ |
| | | \ \ /\ / / \ | ( | |**) | / /| (** | |
| | | |\ / / / /\ \ ___ | **/ / / ** | |
| || | \ /\ / __ \ _) | | / / ) | |
**/ / // ___**/|| /|/ _____|

    OWASP ZeroDay Cyber Research Shellcoder

[!] Note: Shellcode Payloads Sorted By OperatingSystem_Architecture/Function_Name/Encode_Name
[!] Note: Programming Languages Payloads Sorted By ProgrammingLanguagesName/Encode_Name

[!] system('command_to_execute')
[+] osx_x86/system/none

[!] exec('file_to_execute')
[+] osx_x86/exec/none

[!] add_admin('username','password')
[+] windows_x86/add_admin/none
[+] windows_x86/add_admin/xor_random
[+] windows_x86/add_admin/add_random
[+] windows_x86/add_admin/sub_random
[+] windows_x86/add_admin/xor_yourvalue

[!] download_exec('url','filename')
[+] windows_x86/download_exec/none
[+] windows_x86/download_exec/xor_random
[+] windows_x86/download_exec/add_random
[+] windows_x86/download_exec/sub_random
[+] windows_x86/download_exec/xor_yourvalue

[!] exec('file_to_execute')
[+] windows_x86/exec/none
[+] windows_x86/exec/xor_random
[+] windows_x86/exec/add_random
[+] windows_x86/exec/sub_random
[+] windows_x86/exec/xor_yourvalue

[!] disable_firewall()
[+] windows_x86/disable_firewall/none
[+] windows_x86/disable_firewall/xor_random
[+] windows_x86/disable_firewall/add_random
[+] windows_x86/disable_firewall/sub_random
[+] windows_x86/disable_firewall/xor_yourvalue

[!] download_tofile('url','filename')
[+] windows_x86/download_tofile/none
[+] windows_x86/download_tofile/xor_random
[+] windows_x86/download_tofile/add_random
[+] windows_x86/download_tofile/sub_random
[+] windows_x86/download_tofile/xor_yourvalue

[!] create_file('filename','content')
[+] windows_x86/create_file/none
[+] windows_x86/create_file/xor_random
[+] windows_x86/create_file/add_random
[+] windows_x86/create_file/sub_random
[+] windows_x86/create_file/xor_yourvalue

[!] dir_create('directory_to_create')
[+] windows_x86/dir_create/none
[+] windows_x86/dir_create/xor_random
[+] windows_x86/dir_create/add_random
[+] windows_x86/dir_create/sub_random
[+] windows_x86/dir_create/xor_yourvalue

[!] download_execute('download_url','filename','command_to_execute')
[+] linux_x86/download_execute/none
[+] linux_x86/download_execute/xor_random
[+] linux_x86/download_execute/xor_yourvalue
[+] linux_x86/download_execute/add_random
[+] linux_x86/download_execute/add_yourvalue
[+] linux_x86/download_execute/sub_random
[+] linux_x86/download_execute/sub_yourvalue
[+] linux_x86/download_execute/inc
[+] linux_x86/download_execute/inc_timesyouwant
[+] linux_x86/download_execute/dec
[+] linux_x86/download_execute/dec_timesyouwant
[+] linux_x86/download_execute/mix_all

[!] write('file_to_write','content')
[+] linux_x86/write/none
[+] linux_x86/write/xor_random
[+] linux_x86/write/xor_yourvalue
[+] linux_x86/write/add_random
[+] linux_x86/write/add_yourvalue
[+] linux_x86/write/sub_random
[+] linux_x86/write/sub_yourvalue
[+] linux_x86/write/inc
[+] linux_x86/write/inc_timesyouwant
[+] linux_x86/write/dec
[+] linux_x86/write/dec_timesyouwant
[+] linux_x86/write/mix_all

[!] file_create('filename','content')
[+] linux_x86/file_create/none
[+] linux_x86/file_create/xor_random
[+] linux_x86/file_create/xor_yourvalue
[+] linux_x86/file_create/add_random
[+] linux_x86/file_create/add_yourvalue
[+] linux_x86/file_create/sub_random
[+] linux_x86/file_create/sub_yourvalue
[+] linux_x86/file_create/inc
[+] linux_x86/file_create/inc_timesyouwant
[+] linux_x86/file_create/dec
[+] linux_x86/file_create/dec_timesyouwant
[+] linux_x86/file_create/mix_all

Hello friends,

We need new ideas for adding new features and utilities to the software, If you feel something is unregarded or need to be add, change or something else please let us know.

There are some documents available for users and developers which locate in here and could be useful!
I'll be so grateful if someone assist me with this issue.

Thank you.

quit gives back Command not found!

I'm using Windows 7, i have installed python, and installed OWASP installer.py, i have opened ZSC.py, and the terminal is opened.
Can you kindly instruct me how to obfuscate the exploit in this py document. https://www.sendspace.com/file/dclz21
office exploit py.zip (60.45KB) - SendSpace.com

the zsc terminal is opened
what are the commands i use so that the py code in that document and shellcode in the doc file can be obfuscated and clean

Hello friends,

There is a unregarded item, which is missed in features, and that's manifest the path of user inputs.
example, in the main of software, We are seeing zsc> to receive inputs from users.
our choices in first section are:

zsc> [pressed tab key]
about     exit      help      obfuscate restart   shellcode update    version

but input indicator shouldn't be zsc> after we elected shellcode , and must change for each section.

Software engine works like this:

zsc> shellcode
zsc> [pressed tab key]
download generate search
zsc> generate
zsc> linux_x86
zsc> [pressed tab key]
chmod            download         exec             script_executor  write
dir_create       download_execute file_create      system

And what we are expecting is:

zsc> shellcode
zsc/shellcode> [pressed tab key]
download generate search
zsc/shellcode> generate
zsc/shellcode/generate> linux_x86
zsc/shellcode/generate/linux_x86> [pressed tab key]
chmod            download         exec             script_executor  write
dir_create       download_execute file_create      system

Note that, we must take care other main commands, This expecting is just for shellcode and obfuscate commands, because other commands [version,update,help,restart] don't have any sub-commands!

If you want to manage this issue with logging input keys, you have to notice that, sometimes keys are tab or blank or wrong inputs and etc.

There is a temporary document for users and developers which locate in here and could be useful!
I'll be so grateful if someone assist me with this issue.

Thank you.

Although the option for other operating systems exists, the libraries do not exists yet. Should invest time in targeting multiple operating systems.

gdb-peda$ shellcode zsc
[+] linux_x86
[+] linux_x64
[+] linux_arm
[+] linux_mips
[+] freebsd_x86
[+] freebsd_x64
[+] windows_x86
[+] windows_x64
[+] osx
[+] solaris_x64
[+] solaris_x86
os:osx
[+] exec('/path/file')
[+] chmod('/path/file','permission number')
[+] write('/path/file','text to write')
[+] file_create('/path/file','text to write')
[+] dir_create('/path/folder')
[+] download('url','filename')
[+] download_execute('url','filename','command to execute')
[+] system('command to execute')
job:system('echo yolo')
[+] none
[+] xor_random
[+] xor_yourvalue
[+] add_random
[+] add_yourvalue
[+] sub_random
[+] sub_yourvalue
[+] inc
[+] inc_timeyouwant
[+] dec
[+] dec_timeyouwant
[+] mix_all
encode:none
Connection to OWASP ZSC API api.z3r0d4y.com

"Note: system('echo yolo') function is not Activated for osx OS Yet, Please wait for update.To see available modules take a look at the features_table.html file in software folder."

gdb-peda$ shellcode zsc
[+] linux_x86
[+] linux_x64
[+] linux_arm
[+] linux_mips
[+] freebsd_x86
[+] freebsd_x64
[+] windows_x86
[+] windows_x64
[+] osx
[+] solaris_x64
[+] solaris_x86
os:osx
[+] exec('/path/file')
[+] chmod('/path/file','permission number')
[+] write('/path/file','text to write')
[+] file_create('/path/file','text to write')
[+] dir_create('/path/folder')
[+] download('url','filename')
[+] download_execute('url','filename','command to execute')
[+] system('command to execute')
job:exec('/bin/sh')
[+] none
[+] xor_random
[+] xor_yourvalue
[+] add_random
[+] add_yourvalue
[+] sub_random
[+] sub_yourvalue
[+] inc
[+] inc_timeyouwant
[+] dec
[+] dec_timeyouwant
[+] mix_all
encode:none
Connection to OWASP ZSC API api.z3r0d4y.com

"Note: exec('/bin/sh') function is not Activated for osx OS Yet, Please wait for update.To see available modules take a look at the features_table.html file in software folder."

gdb-peda$ shellcode zsc
[+] linux_x86
[+] linux_x64
[+] linux_arm
[+] linux_mips
[+] freebsd_x86
[+] freebsd_x64
[+] windows_x86
[+] windows_x64
[+] osx
[+] solaris_x64
[+] solaris_x86
os:windows_x86
[+] exec('/path/file')
[+] chmod('/path/file','permission number')
[+] write('/path/file','text to write')
[+] file_create('/path/file','text to write')
[+] dir_create('/path/folder')
[+] download('url','filename')
[+] download_execute('url','filename','command to execute')
[+] system('command to execute')

Many of the shellcodes which should work are not because maybe the api has not be updated. Also the shellcodes which are available in zsc are not being shown in gdb-peda, while those which are not available are being shown.
Where is the code for the api? Should we add it in zscproject and keep updating it regularly ?

[root@localhost ZCR-Shellcoder-master]# python shellcoder.py -os linux_x86 -encode none -job chmod('/etc/shadow','777') -o file.txt
bash: syntax error near unexpected token `('

The following info is not correct

Mailing List: https://lists.owasp.org/mailman/listinfo/owasp-zsc-tool-project
Contact US Now: owasp-zsc-tool-project[at]lists[dot]owasp[dot]org
Please set the google user group since we don't maintain access to the mailing list at OWASP

The following command does not get the latest version in the master branch:

wget https://github.com/zscproject/OWASP-ZSC/archive/master.zip \
-O owasp-zsc.zip && unzip owasp-zsc.zip && rm -rf owasp-zsc.zip &&
mv OWASP-ZSC-master owasp-zsc && cd owasp-zsc && python installer.py

Hello friends,

New version of OWASP ZSC has a new feature that lets you convert the codes to obfuscated codes. We need to expansion this feature with adding more new modules. The software already has a simple instance. Please help us on development by sending your modules.

There are some documents available for users and developers which locate in here and could be useful!
I'll be so grateful if someone assist me with this issue.

Thank you.