A Java library for parsing ZIP archives with structural anomalies or evasion techniques commonly used to bypass security tools.
This source was primarily made available for transparency at ByteScan, but feel free to use it as long as it complies with our license.
HZP's naming conventions were inspired by LL-Java-ZIP. No code or functionality was derived from their project.
This project is by no means perfect. If you find any issues, feel free to open an issue, and you'll be credited for reporting them.
- Detects evasion techniques including fake EOCDS, prepended data, encrypted entries, duplicate entry names, and more.
- Resolves central-directory offset anomalies and shuffled entry order.
- Full ZIP32 and ZIP64 support.
final ZipArchive archive = ZipIO.read(new File("sample.zip"));
for(final LocalFileHeader header : archive.getLocalFiles()) {
final String name = header.getName();
final byte[] data = header.decompress();
}
// Look up a specific entry, and decompress it.
archive.getEntry("config/settings.json").ifPresent(cd -> {
final byte[] data = cd.getLinkedLFH().decompress();
});
final List<CentralDirectoryFileHeader> cds = archive.getCentralDirectories();
// Information about the archive.
final EndOfCentralDirectory end = archive.getEnd();Apache 2.0 with Commons Clause. Commercial use, resale, or offering this library as a hosted service requires a separate agreement.