Monday, April 13, 2020

OWASP-ZSC: A Shellcode/Obfuscate Customized Code Generating Tool


About OWASP-ZSC
   OWASP ZSC is open source software written in python which lets you generate customized shellcodes and convert scripts to an obfuscated script. This software can be run on Windows/Linux/OSX with Python 2 or 3.

   What is shellcode?: Shellcode is a small codes in Assembly language which could be used as the payload in software exploitation. Other usages are in malwares, bypassing antiviruses, obfuscated codes...

   You can read more about OWASP-ZSC in these link:
Why use OWASP-ZSC?
   Another good reason for obfuscating files or generating shellcode with OWASP-ZSC is that it can be used during your pen-testing. Malicious hackers use these techniques to bypass anti-virus and load malicious files in systems they have hacked using customized shellcode generators. Anti-virus work with signatures in order to identify harmful files. When using very well known encoders such as msfvenom, files generated by this program might be already flagged by Anti-virus programs.

   Our purpose is not to provide a way to bypass anti-virus with malicious intentions, instead, we want to provide pen-testers a way to challenge the security provided by Anti-virus programs and Intrusion Detection systems during a pen test.In this way, they can verify the security just as a black-hat will do.

   According to other shellcode generators same as Metasploit tools and etc, OWASP-ZSC  using new encodes and methods which antiviruses won't detect. OWASP-ZSC encoders are able to generate shell codes with random encodes and that allows you to generate thousands of new dynamic shellcodes with the same job in just a second, that means, you will not get the same code if you use random encodes with same commands, And that make OWASP-ZSC one of the best! During the Google Summer of Code we are working on to generate Windows Shellcode and new obfuscation methods. We are working on the next version that will allow you to generate OSX.

OWASP-ZSC Installation:
   You must install Metasploit and Python 2 or 3 first:
  • For Debian-based distro users: sudo apt install python2 python3 metasploit-framework
  • For Arch Linux based distro users: sudo pacman -S python2 python3 metasploit
  • For Windows users: Download Python and Metasploit here.
   And then, enter these command (If you're Windows user, don't enter sudo):
DISCLAIMER: THIS SOFTWARE WAS CREATED TO CHALLENGE ANTIVIRUS TECHNOLOGY, RESEARCH NEW ENCRYPTION METHODS, AND PROTECT SENSITIVE OPEN SOURCE FILES WHICH INCLUDE IMPORTANT DATA. CONTRIBUTORS AND OWASP FOUNDATION WILL NOT BE RESPONSIBLE FOR ANY ILLEGAL USAGE.

An example of OWASP-ZSC

Related articles


  1. Pentest Tools Port Scanner
  2. Pentest Tools Url Fuzzer
  3. Hacker Tools Free
  4. Hacker Tools Mac
  5. Kik Hack Tools
  6. Hack Tools For Windows
  7. Hacker Tool Kit
  8. Hacker Tools
  9. Termux Hacking Tools 2019
  10. Hacker Hardware Tools
  11. Hacker Techniques Tools And Incident Handling
  12. Hacker Tools Mac
  13. Pentest Tools Website Vulnerability
  14. Hack Tools Github
  15. Best Hacking Tools 2019
  16. Easy Hack Tools
  17. Hacker Tools For Pc
  18. Beginner Hacker Tools
  19. Pentest Tools
  20. Tools 4 Hack
  21. Hacking Tools Kit
  22. Hacking Tools Hardware
  23. Pentest Tools Apk
  24. Computer Hacker
  25. Hacking Tools For Kali Linux
  26. Hacker Tools Free
  27. New Hack Tools

No comments:

Post a Comment