mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2025-01-10 00:37:51 +00:00
112 lines
4.4 KiB
Python
112 lines
4.4 KiB
Python
|
#!/usr/bin/env python3
|
||
|
#
|
||
|
# Filename: cloakify.py
|
||
|
#
|
||
|
# Version: 1.1.0
|
||
|
#
|
||
|
# Author: Joe Gervais (TryCatchHCF)
|
||
|
#
|
||
|
# Summary: Exfiltration toolset (see decloakify.py) that transforms any filetype (binaries,
|
||
|
# archives, images, etc.) into lists of words / phrases / Unicode to ease exfiltration of
|
||
|
# data across monitored networks, hiding the data in plain sight. Also facilitates social
|
||
|
# engineering attacks against human analysts and their workflows. Bonus Feature: Defeats
|
||
|
# signature-based malware detection tools (cloak your other tools during an engagement).
|
||
|
#
|
||
|
# Used by cloakifyFactory.py, can be used as a standalone script as well (example below).
|
||
|
#
|
||
|
# Description: Base64-encodes the given payload and translates the output using a list
|
||
|
# of words/phrases/Unicode provided in the cipher. This is NOT a secure encryption tool,
|
||
|
# the output is vulnerable to frequency analysis attacks. Use the Noise Generator scripts
|
||
|
# to add entropy to your cloaked file. You should encrypt the file before cloaking if
|
||
|
# secrecy is needed.
|
||
|
#
|
||
|
# Prepackaged ciphers include: lists of desserts in English, Arabic, Thai, Russian,
|
||
|
# Hindi, Chinese, Persian, and Muppet (Swedish Chef); PokemonGo creatures; Top 100 IP
|
||
|
# Addresses; Top Websites; GeoCoords of World Capitols; MD5 Password Hashes; An Emoji
|
||
|
# cipher; Star Trek characters; Geocaching Locations; Amphibians (Scientific Names);
|
||
|
# evadeAV cipher (simple cipher that minimizes size of the resulting obfuscated data).
|
||
|
#
|
||
|
# To create your own cipher:
|
||
|
#
|
||
|
# - Generate a list of at least 66 unique words (Unicode-16 accepted)
|
||
|
# - Remove all duplicate entries and blank lines
|
||
|
# - Randomize the list (see 'randomizeCipherExample.txt' in Cloakify directory)
|
||
|
# - Provide the file as the cipher argument to the script.
|
||
|
# - ProTip: Place your cipher in the "ciphers/" directory and cloakifyFactory
|
||
|
# will pick it up automatically as a new cipher
|
||
|
#
|
||
|
# Example:
|
||
|
#
|
||
|
# $ ./cloakify.py payload.txt ciphers/desserts > exfiltrate.txt
|
||
|
#
|
||
|
|
||
|
import argparse
|
||
|
import base64
|
||
|
import os
|
||
|
import random
|
||
|
import sys
|
||
|
|
||
|
array64 = list("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/+=")
|
||
|
|
||
|
def Cloakify(payloadPath:str, cipherPath:str, outputPath:str="", password:str=None):
|
||
|
"""Payload file's binary contents will be read and converted into base64.
|
||
|
Cipher file will be read into a list that will be used for the payload's obfuscation.
|
||
|
If an output path is defined the obfuscated content will be written to that otherwise,
|
||
|
it will print it out to the console.
|
||
|
|
||
|
Args:
|
||
|
payloadPath (str): Path to the file that will be encoded
|
||
|
cipherPath (str): Path to the file used as the base64 cipher
|
||
|
outputPath (str): Path to write out the obfuscated payload
|
||
|
"""
|
||
|
|
||
|
try:
|
||
|
with open(payloadPath, 'rb') as payloadFile:
|
||
|
payloadRaw = payloadFile.read()
|
||
|
payloadB64 = base64.encodebytes(payloadRaw)
|
||
|
payloadB64 = payloadB64.decode("ascii").replace("\n", "")
|
||
|
except Exception as e:
|
||
|
print("Error reading payload file {}: {}".format(payloadPath, e))
|
||
|
|
||
|
payloadOrdering = None
|
||
|
if password:
|
||
|
random.seed(password)
|
||
|
# Get a list of each line number in the cloaked file
|
||
|
payloadOrdering = [i for i in range(len(payloadB64))]
|
||
|
# Shuffle the order of the lines
|
||
|
random.shuffle(payloadOrdering)
|
||
|
|
||
|
try:
|
||
|
with open(cipherPath, encoding="utf-8") as file:
|
||
|
cipherArray = file.readlines()
|
||
|
except Exception as e:
|
||
|
print("Error reading cipher file {}: {}".format(cipherPath, e))
|
||
|
|
||
|
if outputPath:
|
||
|
try:
|
||
|
with open(outputPath, "w+", encoding="utf-8") as outFile:
|
||
|
if payloadOrdering:
|
||
|
# Iterate through the randomized line order and write each line to the file
|
||
|
for randomLoc in payloadOrdering:
|
||
|
outFile.write(cipherArray[array64.index(payloadB64[randomLoc])])
|
||
|
else:
|
||
|
for char in payloadB64:
|
||
|
outFile.write(cipherArray[array64.index(char)])
|
||
|
except Exception as e:
|
||
|
print("Error writing to output file {}: {}".format(outputPath, e))
|
||
|
|
||
|
else:
|
||
|
for char in payloadB64:
|
||
|
print(cipherArray[array64.index(char)].strip())
|
||
|
|
||
|
|
||
|
if __name__ == "__main__":
|
||
|
parser = argparse.ArgumentParser(description='Transform file into obfuscated text file.')
|
||
|
parser.add_argument('-i', "--input", type=str, help='Payload File Path', required=True)
|
||
|
parser.add_argument('-c', "--cipher", type=str, help='Cipher File Path', required=True)
|
||
|
parser.add_argument('-o', "--output", type=str, help='Output File Path', default="")
|
||
|
parser.add_argument('-p', "--password", type=str, help='Password', default=None)
|
||
|
args = parser.parse_args()
|
||
|
|
||
|
Cloakify(args.input, args.cipher, args.output, args.password)
|