OWASP ZSC v1.1.0 ST – Shellcode/Obfuscate Code Generator
THIS SOFTWARE WAS CREATED TO CHALLENGE ANTIVIRUS TECHNOLOGY, RESEARCH NEW ENCRYPTION METHODS, AND PROTECT SENSITIVE OPEN SOURCE FILES WHICH INCLUDE IMPORTANT DATA. CONTRIBUTORS AND OWASP FOUNDATION WILL NOT BE RESPONSIBLE FOR ANY ILLEGAL USAGE.
OWASP ZSC is open source software written in python which lets you generate customized shellcode and convert scripts to an obfuscated script. This software can be run on Windows/Linux/OSX with python.
- OWASP Page: https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project
- Documents: https://www.gitbook.com/book/ali-razmjoo/owasp-zsc/details
- Home: http://zsc.z3r0d4y.com/
- Features: http://zsc.z3r0d4y.com/table.html
- Github: https://github.com/Ali-Razmjoo/OWASP-ZSC
- Archive: https://github.com/Ali-Razmjoo/ZCR-Shellcoder-Archive
- Mailing List: https://groups.google.com/d/forum/owasp-zsc
- API: http://api.z3r0d4y.com
Why use OWASP ZSC ?
Another good reason for obfuscating files or generating shellcode with ZSC is that it can be used during your pen-testing. Malicious hackers use these techniques to bypass anti-virus and load malicious files in systems they have hacked using customized shellcode generators. Anti-virus works with signatures in order to identify harmful files. When using very well known encoders such as msfvenom, files generated by this program might be already flagged by Anti-virus programs.
Our purpose is not to provide a way to bypass anti-virus with malicious intentions, instead, we want to provide pen-testers a way to challenge the security provided by Anti-virus programs and Intrusion Detection systems during a pen test.In this way, they can verify the security just as a black-hat will do.
According to other shellcode generators same as Metasploit tools and etc, OWASP ZSC using new encodes and methods which antiviruses won’t detect. OWASP ZSC encoders are able to generate shell codes with random encodes and that allows you to generate thousands of new dynamic shellcodes with the same job in just a second, that means, you will not get the same code if you use random encodes with same commands, And that make OWASP ZSC one of the best! During the Google Summer of Code, we are working on to generate Windows Shellcode and new obfuscation methods. We are working on the next version that will allow you to generate OSX.