Merge pull request #19 from psycore8/dev070

Dev070

Author: psycore8

.gitignore

@@ -8,3 +8,6 @@ __pycache__
 .venv/
 _dev*
 _dev.bat
+ShenCode.egg-info
+nasm.exe
+build/

README.md

@@ -2,36 +2,57 @@
 
 **A versatile tool for working with shellcodes.**
 
-![|800](shencode-061.png)
+![](shencode-070.png)
 
 ## Features
 
-### Version 0.6.1
-
-- general
-	- `extract` - [extract](https://www.heckhausen.it/shencode/wiki/extract) from/to offset
-	- `formatout` - [display raw shellcodes](https://www.heckhausen.it/shencode/wiki/formatout) in `C++, C#` and more
-	- `inject` - [inject shellcode](https://www.heckhausen.it/shencode/wiki/inject) into process (Windows only)
-	- `msfvenom` - [create payloads](https://www.heckhausen.it/shencode/wiki/msfvenom)  with msfvenom
-- encoder
-	- `aesenc` - [Encrypt](https://www.heckhausen.it/shencode/wiki/aesenc) payload with AES
-	- `byteswap` - New XOR Encryption, [Swapping Bytes](https://www.heckhausen.it/shencode/wiki/byteswap) ([Blog Post](https://www.nosociety.de/en:it-security:blog:obfuscation_byteswapping))
-	- `xorenc` - [Encode payload](https://www.heckhausen.it/shencode/wiki/xorenc) with custom XOR key
-	- `xorpoly` - [polymorphic x64](https://www.heckhausen.it/shencode/wiki/xorpoly) in-memory decoder (for details, visit this [Blog Post](https://www.nosociety.de/en:it-security:blog:obfuscation_polymorphic_in_memory_decoder))
-- obfuscator
-	- `Feed` - Splits Bytes in a [feed.xml file](https://www.heckhausen.it/shencode/wiki/feed) as article IDs
-	- `QR-Code` hide OpCodes as [QR-Code image](https://www.heckhausen.it/shencode/wiki/qrcode)
-	- `ROR13` to `ROL` [conversion with custom key](https://www.heckhausen.it/shencode/wiki/ror2rol) (Windows only)
-	- `UUID` [obfuscation](https://www.heckhausen.it/shencode/wiki/uuid) - Please, check out my [Blog Post](https://www.nosociety.de/en:it-security:blog:obfuscation_shellcode_als_uuids_tarnen_-_teil_1) about this encoder
+### Version 0.7.0
+
+- **core**
+	- `extract` - [extract](https://www.heckhausen.it/shencode/wiki/core/extract) from/to offset
+	- `formatout` - [display raw shellcodes](https://www.heckhausen.it/shencode/wiki/core/formatout) in `C++, C#` and more
+	- `injection` - [inject shellcode](https://www.heckhausen.it/shencode/wiki/core/injection) into process (Windows only)
+	- `msfvenom` - [create payloads](https://www.heckhausen.it/shencode/wiki/core/msfvenom)  with msfvenom
+- **encoder**
+	- `aes` - [Encrypt](https://www.heckhausen.it/shencode/wiki/encoder/aes) payload with AES
+	- `bytebert` - advanced polymorphic encoder
+	- `byteswap` - New XOR Encryption, [Swapping Bytes](https://www.heckhausen.it/shencode/wiki/encoder/byteswap) ([Blog Post](https://www.nosociety.de/en:it-security:blog:obfuscation_byteswapping))
+	- `xor` - [Encode payload](https://www.heckhausen.it/shencode/wiki/encoder/xor) with custom XOR key
+	- `xorpoly` - [polymorphic x64](https://www.heckhausen.it/shencode/wiki/encoder/xorpoly) in-memory decoder (for details, visit this [Blog Post](https://www.nosociety.de/en:it-security:blog:obfuscation_polymorphic_in_memory_decoder))
+- **obfuscate**
+	- `Feed` - Splits Bytes in a [feed.xml file](https://www.heckhausen.it/shencode/wiki/obfuscate/feed) as article IDs
+	- `QR-Code` hide OpCodes as [QR-Code image](https://www.heckhausen.it/shencode/wiki/obfuscate/qrcode)
+	- `ROR13` to `ROL` [conversion with custom key](https://www.heckhausen.it/shencode/wiki/obfuscate/rolhash) (Windows only)
+	- `UUID` [obfuscation](https://www.heckhausen.it/shencode/wiki/obfuscate/uuid) - Please, check out my [Blog Post](https://www.nosociety.de/en:it-security:blog:obfuscation_shellcode_als_uuids_tarnen_-_teil_1) about this encoder
+-  **stager**
+	- `meterpreter` - Initiate a `meterpreter/reverse_tcp` [stage](https://www.heckhausen.it/shencode/wiki/stager/meterpreter)
+	- `sliver` - Initiate a `https` [sliver stage](https://www.heckhausen.it/shencode/wiki/stager/sliver)
 
 ## How to use
 
+##### Install
+
+```shell
+git clone https://github.com/psycore8/shencode
+cd shencode
+pip install .
+shencode -h
+```
+
+#### General usage
+
 Check out the [ShenCode Docs](https://heckhausen.it/shencode/wiki/) for more information.
 
 ## Release Notes
 
-- `feed` - A new obfuscation module
-- `core` - added some different logos for startup
+- `general` - setup routine, which handles the different packages and modules for Windows and Linux
+- `general` - new module parser
+- `general` - new start-up banners
+- `core/inject` - Suspend and Resume Technique
+- `core/inject` - VirtualProtectEx Technique
+- `encoder/bytebert` - advanced polymorphic encoder
+- `stager/meterpreter` - a reverse TCP Meterpreter stager
+- `stager/sliver` - a HTTPS Sliver stager
 
 ## References
 

_dev.bat

@@ -1,13 +0,0 @@
-@echo off
-rem doskey shen-aes=python3.12 shencode.py aesenc $*
-rem doskey shen-ext=python3.12 shencode.py extract $*
-rem doskey shen-out=python3.12 shencode.py formatout $*
-rem doskey shen-inj=python3.12 shencode.py inject $*
-rem doskey shen-msf=python3.12 shencode.py msfvenom $*
-rem doskey shen-qrc=python3.12 shencode.py qrcode $*
-rem doskey shen-ror=python3.12 shencode.py ror2rol $*
-rem doskey shen-uid=python3.12 shencode.py uuid $*
-rem doskey shen-xop=python3.12 shencode.py xorpoly $*
-rem doskey shen-xoe=python3.12 shencode.py xorenc $*
-doskey shc=python shencode.py $*
-doskey /MACROS

examples/module.py

@@ -1,19 +1,17 @@
-import utils.arg
 from utils.helper import nstate as nstate
 
+CATEGORY = 'core'
+
+def register_arguments(parser):
+    parser.add_argument('-i', '--input', help='text1')
+    parser.add_argument('-o', '--output', help='text2')
+    parser.add_argument('-x', '--xray', action='store_true', help='text3')
+    parser.add_argument('-z', '--zulu', help='text4')
+
 class example:
   Author =      'Name'
   Description = 'some useful information about this module'
   Version =     '1.0.0'
 
-  def init():
-    spName = 'examplemod'
-    spArgList = [
-          ['-i', '--input', '', '', 'Input file for example module'],
-          ['-t', '--truestate', '', 'store_true', 'store_true switch'],
-          ['-l', '--list', 'a,b,c,d', '', 'A list of choices for this argument']
-        ]
-    utils.arg.CreateSubParser(spName, example.Description, spArgList)
-
-    def process():
-      print('python is nice')
+  def process():
+    print('python is nice')

encoder/aes.py modules/aes.pyencoder/aes.py renamed to modules/aes.py

@@ -1,4 +1,3 @@
-import utils.arg
 from utils.helper import nstate as nstate
 from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
 from cryptography.hazmat.backends import default_backend
@@ -8,33 +7,25 @@
 import pickle
 import os
 
+CATEGORY = 'encoder'
+
+def register_arguments(parser):
+    parser.add_argument('-m', '--mode', choices=['encode', 'decode'], required=True, help='AES Operation mode, choose between encode and decode')
+    parser.add_argument('-i', '--input', required=True, help='Input file for AES encoding')
+    parser.add_argument('-o', '--output', required=True, help= 'Outputfile for AES encoding')
+    parser.add_argument('-k', '--key', required=True, help='Key for AES encoding')
+
 class aes_encoder:
     Author = 'psycore8'
     Description = 'AES encoder for payloads'
-    Version = '1.1.0'
-    # Input_File = ''
-    # Output_File = ''
-    # Password = b''
-    # DataBytes = b''
+    Version = '2.0.0'
 
     def __init__(self, mode, input_file, output_file, key, data_bytes:bytes):
         self.mode = mode
         self.input_file = input_file
         self.output_file = output_file
         self.key = key
         self.data_bytes = data_bytes
-        
-
-    def init():
-        spName = 'aesenc'
-        spArgList = [
-          ['-m', '--mode', 'encode,decode', '', 'AES Operation mode, choose between encode and decode'],
-          ['-i', '--input', '', '', 'Input file for AES encoding'],
-          ['-o', '--output', '', '', 'Outputfile for AES encoding'],
-          ['-k', '--key', '', '', 'Key for AES encoding'],
-          #['-debug', '--debug', '', 'store_true', 'debug']
-        ]
-        utils.arg.CreateSubParser(spName, aes_encoder.Description, spArgList)
 
     def generate_key(self, password: bytes, salt: bytes) -> bytes:
         kdf = PBKDF2HMAC(
@@ -46,17 +37,14 @@ def generate_key(self, password: bytes, salt: bytes) -> bytes:
         )
         return kdf.derive(password)
 
-    def aes_encrypt(self, data: bytes, password: bytes) -> (bytes, bytes, bytes):
-        # Salt und Initialisierungsvektor (IV) generieren
+    def aes_encrypt(self, data: bytes, password: bytes):
         salt = os.urandom(16)
         iv = os.urandom(16)
         key = self.generate_key(password, salt)
 
-        # Paddings für Blockgröße (AES Blockgröße = 128 Bit)
         padder = padding.PKCS7(algorithms.AES.block_size).padder()
         padded_data = padder.update(data) + padder.finalize()
 
-        # AES-Cipher im CBC-Modus
         cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend())
         encryptor = cipher.encryptor()
         encrypted_data = encryptor.update(padded_data) + encryptor.finalize()
@@ -69,16 +57,12 @@ def aes_decrypt(self, encrypted_data: bytes, password: bytes, salt: bytes, iv: b
         decryptor = cipher.decryptor()
         padded_data = decryptor.update(encrypted_data) + decryptor.finalize()
 
-        # Padding entfernen
         unpadder = padding.PKCS7(algorithms.AES.block_size).unpadder()
         data = unpadder.update(padded_data) + unpadder.finalize()
 
         return data
 
     def encode(self):
-        # outputfile = self.output_file
-        # inputfile = self.input_file
-        # password = self.key
         try:
             with open(self.input_file, 'rb') as file:
                 self.data_bytes = file.read()
@@ -88,12 +72,8 @@ def encode(self):
         size = len(self.data_bytes)
         print(f'{nstate.OKBLUE} File {self.input_file} loaded, size of shellcode {size} bytes')
         enc_data, salt, iv = self.aes_encrypt(self.data_bytes, self.key)
-        #print(f'{AESData}')
         with open(self.output_file, "wb") as f:
             pickle.dump((enc_data, salt, iv), f)
-        # with open(outputfile, 'wb') as file:
-        #     file.write(AESData)
-        #path = outputfile
         cf = os.path.isfile(self.output_file)
         if cf == True:
             print(f"{nstate.OKGREEN} [AES-ENC] file created in {self.output_file}")
@@ -102,29 +82,20 @@ def encode(self):
             exit()
 
     def decode(self):
-        # outputfile = aes_encoder.Output_File
-        # inputfile = aes_encoder.Input_File
-        # password = aes_encoder.Password
         enc_data = b''
         salt = 0
         iv = 0
         try:
             with open(self.input_file, "rb") as f:
-                #AESData[0], AESData[1], AESData[2] = pickle.load(f)
                 enc_data, salt, iv = pickle.load(f)
         except FileNotFoundError:
             print(f'{nstate.FAIL} File {self.input_file} not found or cannot be opened.')
             exit()
         size = len(enc_data)
         print(f'{nstate.OKBLUE} File {self.input_file} loaded, filesize {size} bytes')
         Shellcode = self.aes_decrypt(enc_data, self.key, salt, iv)
-        #AESData = aes_encoder.aes_encrypt(aes_encoder.DataBytes, password)
-        #print(f'{AESData}')
-        #with open(outputfile, "wb") as f:
-        #    pickle.dump((AESData[0], AESData[1], AESData[2]), f)
         with open(self.output_file, 'wb') as file:
              file.write(Shellcode)
-        #path = outputfile
         cf = os.path.isfile(self.output_file)
         if cf == True:
             print(f"{nstate.OKGREEN} [AES-DEC] file created in {self.output_file}")