This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP ZSC Tool Project"

From OWASP
Jump to: navigation, search
(Developers)
(Usage of shellcodes)
Line 30: Line 30:
  
 
Shellcodes are small codes in assembly which could be use as the payload in software exploitation. Other usages are in malwares, bypassing antiviruses, obfuscated codes and etc.
 
Shellcodes are small codes in assembly which could be use as the payload in software exploitation. Other usages are in malwares, bypassing antiviruses, obfuscated codes and etc.
 +
 +
'''DISCLAIMER:'''
 +
OWASP ZSC does not encourage the use of this tool for the purpose of software exploitation, but instead as a save way for Pen-testers to use already publicised exploits with the correct Shellcode or avoid exploits with malicious shellcode. Generating you own shellcode is safe and also you ca limit the shellcode to a benign action such as just popping a calculator or print a message.
  
 
====Usage of Obfuscate Codes====
 
====Usage of Obfuscate Codes====

Revision as of 15:59, 1 August 2016

OWASP Project Header.jpg

OWASP ZSC Tool Project

What is OWASP ZSC ?

Snapshot_2015-07-26_191951-half.png

OWASP ZSC is an open source software in python language which lets you generate customized shellcodes and convert scripts to an obfuscated script. This software can be run on Windows/Linux/OSX under python.


Description

Usage of shellcodes

Shellcodes are small codes in assembly which could be use as the payload in software exploitation. Other usages are in malwares, bypassing antiviruses, obfuscated codes and etc.

DISCLAIMER: OWASP ZSC does not encourage the use of this tool for the purpose of software exploitation, but instead as a save way for Pen-testers to use already publicised exploits with the correct Shellcode or avoid exploits with malicious shellcode. Generating you own shellcode is safe and also you ca limit the shellcode to a benign action such as just popping a calculator or print a message.

Usage of Obfuscate Codes

Can be use for bypassing antiviruses , code protections , same stuff etc …

Why use OWASP ZSC ?

According to other shellcode generators same as metasploit tools and etc, OWASP ZSC using new encodes and methods which antiviruses won't detect. OWASP ZSC encoderes are able to generate shell codes with random encodes and that allows you to generate thousands of new dynamic shellcodes with same job in just a second,that means, you will not get a same code if you use random encodes with same commands, And that make OWASP ZSC one of the best! During the Google Summer of Code we are working on to generate Windows Shellcode and new obfuscation methods. We are working on the next version that will allow you to generate OSX .

Licensing

GNU GENERAL PUBLIC LICENSE , Version 3, 29 June 2007

Copyright (C) 2007 Free Software Foundation, Inc. http://fsf.org/ Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Click to see the full license


The OWASP Security Principles are free to use. In fact it is encouraged!!! Additionally, I also encourage you to contribute back to the project. I have no monopoly on this knowledge; however, we all have pieces of this knowledge from our experience. Let's begin by putting our individual pieces together to make something great. Great things happen when people work together.

The OWASP Security Principles are licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


Project Leaders

Contributors & Main Developers

Links

Shellcode Generating

With using OWASP ZSC you would be able to generate any customized Shellcode in your mind including encodes,and Disassembly code in few seconds.

Be an OWASP ZSC developer

Last Tricks in Home

Related links

Quick Download

Github Page.

Download Page.

News and Events

  • OWASP ZSC has been selected for Defcon Demo Lab 2016
  • OWASP ZSC applied and was selected to participate in the Google Summer of Code
  • [Press Release 12th February 2015 ] [1]
  • OWASP ZSC Version 1.0.9.1 Released!

Docs

Classifications

New projects.png Owasp-breakers-small.png
Project Type Files TOOL.jpg