Graffiti

Graffiti is a tool to generate obfuscated oneliners to aid in penetration testing situations. It accepts the following languages for encoding:

Python
Perl
Batch
Powershell
PHP
Bash

It will also accept a language that is not currently on the list and store the one-liner into a database.

NOTE: Never upload payloads to online checkers

Features

It comes complete with a database that will insert each encoded payload into it, in order to allow end users to view already created payloads for future use. The payloads can be encoded using the following techniques:

Xor
Base64
Hex
ROT13
Raw

Some features of Graffiti include:

Terminal drop-in access, with the ability to run external commands
Ability to create your own payload JSON files
Ability to view cached payloads inside of the database
Ability to run the database in memory for quick deletion
Terminal history and saving of terminal history
Auto tab completion inside of the terminal
Ability to securely wipe the history files and database file
Multiple encoding techniques as mentioned above

Install

git clone https://github.com/Ekultek/Graffiti.git
cd Graffiti
./instal.sh

Use

  ________              _____  _____.__  __  .__ 

 /  _____/___________ _/ ____\/ ____\__|/  |_|__|

/   \  __\_  __ \__  \\   __\\   __\|  \   __\  |

\    \_\  \  | \// __ \|  |   |  |  |  ||  | |  |

 \______  /__|  (____  /__|   |__|  |__||__| |__|

        \/           \/           

 v(0.1)               



no arguments have been passed, dropping into terminal type `help/?` to get help, all commands that sit inside of `/bin` are available in the terminal

root@graffiti:~/graffiti# ?



 Command                                  Description

---------                                --------------

 help/?                                  Show this help

 external                                List available external commands

 cached                                  Display all payloads that are already in the database

 list/show                               List all available payloads

 search <phrase>                         Search for a specific payload

 use <payload> <coder>                   Use this payload and encode it using a specified coder

 info <payload>                          Get information on a specified payload

 check                                   Check for updates

 history                                 Display command history

 exit/quit                               Exit the terminal and running session

 encode <script-type> <coder>            Encode a provided payload



root@graffiti:~/graffiti# help



 Command                                  Description

---------                                --------------

 help/?                                  Show this help

 external                                List available external commands

 cached                                  Display all payloads that are already in the database

 list/show                               List all available payloads

 search <phrase>                         Search for a specific payload

 use <payload> <coder>                   Use this payload and encode it using a specified coder

 info <payload>                          Get information on a specified payload

 check                                   Check for updates

 history                                 Display command history

 exit/quit                               Exit the terminal and running session

 encode <script-type> <coder>            Encode a provided payload

It also comes with command line arguments for when you need a payload encoded quickly:

Demo

Graffiti Demo Video from Ekultek on Vimeo.

Source: https://github.com/Ekultek/

Tags: Graffiti