Code Monkey home page Code Monkey logo

binsh's Introduction

binsh - obfuscate shell scripts

Overview

This tool allows to obfuscate shell scripts by embedding them in a compiled program, encrypting and passphrase-protect them.

The script is included in the compiled C program as a constant, when you run the program the script is executed using the specified shell's command (by default: /bin/sh -c --).

The running environment (arguments, environement variables, fds) is "forwarded" to the script.

Usage

To build the program that embeds the script

build.sh <script> <passphrase>|- [<output>] [<shell> <exec> <command> <...>]"

To run the program that embeds the script (compiled as binsh)

./binsh <passphrase>|- [<script> <arguments> <...>]

How does it work

The main idea is not to be able to determine what does the script do just by opening the script file.

First of all, the script is included as a constant in a compiled program so it's harder to understand what it does by just opening the file.

The script is encrypted using a simple key-based symetric encryption algorithm before the compilation so it's not possible to determine what the binary file does using softwares such as strings.

In the end, the script is decrypted at run time using the key in order to avoid the binary to be analysed using softwares such a strace (without the key you can't run the script).

Examples

Compile then run a script using a passphrase

./build.sh script.sh p4ssphras3 script
# Build of 'script' successful

./script p4ssphras3 --opt 123
# ...

Compile then run a script using a key file

dd if=/dev/urandom of=keyfile bs=512 count=1
# 512 bytes (512 B) copied, ...

./build.sh script.sh - script < keyfile
# Build of 'script' successful

./script - --opt 123 < keyfile
# ...

Compile then run a Perl script

cat <<'EOF' > script.pl
use strict;
print 'ARGV: ["' . join('", "', @ARGV) . "\"]\n";
print 'ENV["TEST"]: ' . $ENV{"TEST"} . "\n";
EOF

./build.sh script.pl p4ssphras3 script /usr/bin/perl -w -- -
# Build of 'script' successful

TEST=123 ./script p4ssphras3 --abc "def hij" --klm
#ARGV: ["--abc", "def hij", "--klm"]
#ENV["TEST"]: 123

Compile then run a Python script

cat <<'EOF' > script.py
import sys
import os
print 'ARGV: ' + repr(sys.argv[1:])
print 'ENV["TEST"]: ' + os.environ.get('TEST')
EOF

./build.sh script.py p4ssphras3 script /usr/bin/python -Wall -
# Build of 'script' successful

TEST=123 ./script p4ssphras3 --abc "def hij" --klm
#ARGV: ['--abc', 'def hij', '--klm']
#ENV["TEST"]: 123

Compile then run a Ruby script

cat <<'EOF' > script.rb
puts "ARGV: " + ARGV.inspect
puts 'ENV["TEST"]: ' + ENV['TEST']
EOF

./build.sh script.rb p4ssphras3 script /usr/bin/ruby -w -- -
# Build of 'script' successful

TEST=123 ./script p4ssphras3 --abc "def hij" --klm
#ARGV: ["--abc", "def hij", "--klm"]
#ENV["TEST"]: 123

binsh's People

Contributors

olbat avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.