Graffiti
Graffiti is a tool to generate obfuscated oneliners to aid in penetration testing situations. It accepts the following languages for encoding:
- Python
- Perl
- Batch
- Powershell
- PHP
- Bash
It will also accept a language that is not currently on the list and store the one-liner into a database.
NOTE: Never upload payloads to online checkers
Features
It comes complete with a database that will insert each encoded payload into it, in order to allow end users to view already created payloads for future use. The payloads can be encoded using the following techniques:
Some features of Graffiti include:
- Terminal drop-in access, with the ability to run external commands
- Ability to create your own payload JSON files
- Ability to view cached payloads inside of the database
- Ability to run the database in memory for quick deletion
- Terminal history and saving of terminal history
- Auto tab completion inside of the terminal
- Ability to securely wipe the history files and database file
- Multiple encoding techniques as mentioned above
Install
git clone https://github.com/Ekultek/Graffiti.git
cd Graffiti
./instal.sh
Use
________ _____ _____.__ __ .__
/ _____/___________ _/ ____\/ ____\__|/ |_|__|
/ \ __\_ __ \__ \\ __\\ __\| \ __\ |
\ \_\ \ | \// __ \| | | | | || | | |
\______ /__| (____ /__| |__| |__||__| |__|
\/ \/
v(0.1)
no arguments have been passed, dropping into terminal type `help/?` to get help, all commands that sit inside of `/bin` are available in the terminal
root@graffiti:~/graffiti# ?
Command Description
--------- --------------
help/? Show this help
external List available external commands
cached Display all payloads that are already in the database
list/show List all available payloads
search <phrase> Search for a specific payload
use <payload> <coder> Use this payload and encode it using a specified coder
info <payload> Get information on a specified payload
check Check for updates
history Display command history
exit/quit Exit the terminal and running session
encode <script-type> <coder> Encode a provided payload
root@graffiti:~/graffiti# help
Command Description
--------- --------------
help/? Show this help
external List available external commands
cached Display all payloads that are already in the database
list/show List all available payloads
search <phrase> Search for a specific payload
use <payload> <coder> Use this payload and encode it using a specified coder
info <payload> Get information on a specified payload
check Check for updates
history Display command history
exit/quit Exit the terminal and running session
encode <script-type> <coder> Encode a provided payload
It also comes with command line arguments for when you need a payload encoded quickly:
