OWASP ZSC is an open source software in Python language which lets you generate customized shellcodes and convert scripts to an obfuscated script. This software can be run on Windows/Linux/OSX under Python.
Usage of shellcodes
Shellcodes are small codes in Assembly language which could be used as the payload in software exploitation. Other usages are in malwares, bypassing antiviruses, obfuscated codes and etc.
Usage of Obfuscate Codes
Can be used for bypassing antiviruses, code protections, same stuff etc …
Why use OWASP ZSC ?
Another good reason for obfuscating files or generating shellcode with ZSC is that it can be used during your pen-testing. Malicious hackers use these techniques to bypass anti-virus and load malicious files in systems they have hacked using customized shellcode generators. Anti-virus work with signatures in order to identify harmful files. When using very well known encoders such as msfvenom, files generated by this program might be already flagged by Anti-virus programs.
Our purpose is not to provide a way to bypass anti-virus with malicious intentions, instead, we want to provide pen-testers a way to challenge the security provided by Anti-virus programs and Intrusion Detection systems during a pen test.In this way, they can verify the security just as a black-hat will do.
According to other shellcode generators same as Metasploit tools and etc, OWASP ZSC using new encodes and methods which antiviruses won't detect. OWASP ZSC encoders are able to generate shell codes with random encodes and that allows you to generate thousands of new dynamic shellcodes with the same job in just a second, that means, you will not get the same code if you use random encodes with same commands, And that make OWASP ZSC one of the best! During the Google Summer of Code we are working on to generate Windows Shellcode and new obfuscation methods. We are working on the next version that will allow you to generate OSX.
- OWASP Page: https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project
- Documents: https://www.gitbook.com/book/ali-razmjoo/owasp-zsc/details
- Home: http://zsc.z3r0d4y.com/
- Features: http://zsc.z3r0d4y.com/table.html
- Github: https://github.com/Ali-Razmjoo/OWASP-ZSC
- Archive: https://github.com/Ali-Razmjoo/ZCR-Shellcoder-Archive
- Mailing List: https://groups.google.com/d/forum/owasp-zsc
- API: http://api.z3r0d4y.com