badchars Download - badchars Source code download

badchars

A hex bad char generator to instruct encoders such as shikata-ga-nai to transform those to other chars.

? Installation

pip install badchars

Usage

$ badchars --help
usage: badchars [-h] [-v] [-l int] [-f str]

Badchar generator.

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         Show version information,
  -l int, --length int  Length of badchars to create. Default: 255
  -f str, --format str  Format output: c, python, js, php, ruby, bash

Examples

Plain

$ badchars

x01x02x03x04x05x06x07x08x09x0ax0bx0cx0dx0ex0fx10x11x12x13x14x15x16x17x18x19x1ax1bx1cx1dx1ex1fx20x21x22x23x24x25x26x27x28x29x2ax2bx2cx2dx2ex2fx30x31x32x33x34x35x36x37x38x39x3ax3bx3cx3dx3ex3fx40x41x42x43x44x45x46x47x48x49x4ax4bx4cx4dx4ex4fx50x51x52x53x54x55x56x57x58x59x5ax5bx5cx5dx5ex5fx60x61x62x63x64x65x66x67x68x69x6ax6bx6cx6dx6ex6fx70x71x72x73x74x75x76x77x78x79x7ax7bx7cx7dx7ex7fx80x81x82x83x84x85x86x87x88x89x8ax8bx8cx8dx8ex8fx90x91x92x93x94x95x96x97x98x99x9ax9bx9cx9dx9ex9fxa0xa1xa2xa3xa4xa5xa6xa7xa8xa9xaaxabxacxadxaexafxb0xb1xb2xb3xb4xb5xb6xb7xb8xb9xbaxbbxbcxbdxbexbfxc0xc1xc2xc3xc4xc5xc6xc7xc8xc9xcaxcbxccxcdxcexcfxd0xd1xd2xd3xd4xd5xd6xd7xd8xd9xdaxdbxdcxddxdexdfxe0xe1xe2xe3xe4xe5xe6xe7xe8xe9xeaxebxecxedxeexefxf0xf1xf2xf3xf4xf5xf6xf7xf8xf9xfaxfbxfcxfdxfexff

Python

$ badchars -f python

badchars = (
  "x01x02x03x04x05x06x07x08x09x0ax0bx0cx0dx0ex0fx10"
  "x11x12x13x14x15x16x17x18x19x1ax1bx1cx1dx1ex1fx20"
  "x21x22x23x24x25x26x27x28x29x2ax2bx2cx2dx2ex2fx30"
  "x31x32x33x34x35x36x37x38x39x3ax3bx3cx3dx3ex3fx40"
  "x41x42x43x44x45x46x47x48x49x4ax4bx4cx4dx4ex4fx50"
  "x51x52x53x54x55x56x57x58x59x5ax5bx5cx5dx5ex5fx60"
  "x61x62x63x64x65x66x67x68x69x6ax6bx6cx6dx6ex6fx70"
  "x71x72x73x74x75x76x77x78x79x7ax7bx7cx7dx7ex7fx80"
  "x81x82x83x84x85x86x87x88x89x8ax8bx8cx8dx8ex8fx90"
  "x91x92x93x94x95x96x97x98x99x9ax9bx9cx9dx9ex9fxa0"
  "xa1xa2xa3xa4xa5xa6xa7xa8xa9xaaxabxacxadxaexafxb0"
  "xb1xb2xb3xb4xb5xb6xb7xb8xb9xbaxbbxbcxbdxbexbfxc0"
  "xc1xc2xc3xc4xc5xc6xc7xc8xc9xcaxcbxccxcdxcexcfxd0"
  "xd1xd2xd3xd4xd5xd6xd7xd8xd9xdaxdbxdcxddxdexdfxe0"
  "xe1xe2xe3xe4xe5xe6xe7xe8xe9xeaxebxecxedxeexefxf0"
  "xf1xf2xf3xf4xf5xf6xf7xf8xf9xfaxfbxfcxfdxfexff"
)

Ruby

$ badchars -f ruby

badchars = (
  "x01x02x03x04x05x06x07x08x09x0ax0bx0cx0dx0ex0fx10" +
  "x11x12x13x14x15x16x17x18x19x1ax1bx1cx1dx1ex1fx20" +
  "x21x22x23x24x25x26x27x28x29x2ax2bx2cx2dx2ex2fx30" +
  "x31x32x33x34x35x36x37x38x39x3ax3bx3cx3dx3ex3fx40" +
  "x41x42x43x44x45x46x47x48x49x4ax4bx4cx4dx4ex4fx50" +
  "x51x52x53x54x55x56x57x58x59x5ax5bx5cx5dx5ex5fx60" +
  "x61x62x63x64x65x66x67x68x69x6ax6bx6cx6dx6ex6fx70" +
  "x71x72x73x74x75x76x77x78x79x7ax7bx7cx7dx7ex7fx80" +
  "x81x82x83x84x85x86x87x88x89x8ax8bx8cx8dx8ex8fx90" +
  "x91x92x93x94x95x96x97x98x99x9ax9bx9cx9dx9ex9fxa0" +
  "xa1xa2xa3xa4xa5xa6xa7xa8xa9xaaxabxacxadxaexafxb0" +
  "xb1xb2xb3xb4xb5xb6xb7xb8xb9xbaxbbxbcxbdxbexbfxc0" +
  "xc1xc2xc3xc4xc5xc6xc7xc8xc9xcaxcbxccxcdxcexcfxd0" +
  "xd1xd2xd3xd4xd5xd6xd7xd8xd9xdaxdbxdcxddxdexdfxe0" +
  "xe1xe2xe3xe4xe5xe6xe7xe8xe9xeaxebxecxedxeexefxf0" +
  "xf1xf2xf3xf4xf5xf6xf7xf8xf9xfaxfbxfcxfdxfexff"
)

C code

$ badchars -f c

char badchars[] =
  "x01x02x03x04x05x06x07x08x09x0ax0bx0cx0dx0ex0fx10"
  "x11x12x13x14x15x16x17x18x19x1ax1bx1cx1dx1ex1fx20"
  "x21x22x23x24x25x26x27x28x29x2ax2bx2cx2dx2ex2fx30"
  "x31x32x33x34x35x36x37x38x39x3ax3bx3cx3dx3ex3fx40"
  "x41x42x43x44x45x46x47x48x49x4ax4bx4cx4dx4ex4fx50"
  "x51x52x53x54x55x56x57x58x59x5ax5bx5cx5dx5ex5fx60"
  "x61x62x63x64x65x66x67x68x69x6ax6bx6cx6dx6ex6fx70"
  "x71x72x73x74x75x76x77x78x79x7ax7bx7cx7dx7ex7fx80"
  "x81x82x83x84x85x86x87x88x89x8ax8bx8cx8dx8ex8fx90"
  "x91x92x93x94x95x96x97x98x99x9ax9bx9cx9dx9ex9fxa0"
  "xa1xa2xa3xa4xa5xa6xa7xa8xa9xaaxabxacxadxaexafxb0"
  "xb1xb2xb3xb4xb5xb6xb7xb8xb9xbaxbbxbcxbdxbexbfxc0"
  "xc1xc2xc3xc4xc5xc6xc7xc8xc9xcaxcbxccxcdxcexcfxd0"
  "xd1xd2xd3xd4xd5xd6xd7xd8xd9xdaxdbxdcxddxdexdfxe0"
  "xe1xe2xe3xe4xe5xe6xe7xe8xe9xeaxebxecxedxeexefxf0"
  "xf1xf2xf3xf4xf5xf6xf7xf8xf9xfaxfbxfcxfdxfexff";

Bash

$ badchars -f bash

badchars=(
  \x01 \x02 \x03 \x04 \x05 \x06 \x07 \x08 \x09 \x0a \x0b \x0c \x0d \x0e \x0f \x10
  \x11 \x12 \x13 \x14 \x15 \x16 \x17 \x18 \x19 \x1a \x1b \x1c \x1d \x1e \x1f \x20
  \x21 \x22 \x23 \x24 \x25 \x26 \x27 \x28 \x29 \x2a \x2b \x2c \x2d \x2e \x2f \x30
  \x31 \x32 \x33 \x34 \x35 \x36 \x37 \x38 \x39 \x3a \x3b \x3c \x3d \x3e \x3f \x40
  \x41 \x42 \x43 \x44 \x45 \x46 \x47 \x48 \x49 \x4a \x4b \x4c \x4d \x4e \x4f \x50
  \x51 \x52 \x53 \x54 \x55 \x56 \x57 \x58 \x59 \x5a \x5b \x5c \x5d \x5e \x5f \x60
  \x61 \x62 \x63 \x64 \x65 \x66 \x67 \x68 \x69 \x6a \x6b \x6c \x6d \x6e \x6f \x70
  \x71 \x72 \x73 \x74 \x75 \x76 \x77 \x78 \x79 \x7a \x7b \x7c \x7d \x7e \x7f \x80
  \x81 \x82 \x83 \x84 \x85 \x86 \x87 \x88 \x89 \x8a \x8b \x8c \x8d \x8e \x8f \x90
  \x91 \x92 \x93 \x94 \x95 \x96 \x97 \x98 \x99 \x9a \x9b \x9c \x9d \x9e \x9f \xa0
  \xa1 \xa2 \xa3 \xa4 \xa5 \xa6 \xa7 \xa8 \xa9 \xaa \xab \xac \xad \xae \xaf \xb0
  \xb1 \xb2 \xb3 \xb4 \xb5 \xb6 \xb7 \xb8 \xb9 \xba \xbb \xbc \xbd \xbe \xbf \xc0
  \xc1 \xc2 \xc3 \xc4 \xc5 \xc6 \xc7 \xc8 \xc9 \xca \xcb \xcc \xcd \xce \xcf \xd0
  \xd1 \xd2 \xd3 \xd4 \xd5 \xd6 \xd7 \xd8 \xd9 \xda \xdb \xdc \xdd \xde \xdf \xe0
  \xe1 \xe2 \xe3 \xe4 \xe5 \xe6 \xe7 \xe8 \xe9 \xea \xeb \xec \xed \xee \xef \xf0
  \xf1 \xf2 \xf3 \xf4 \xf5 \xf6 \xf7 \xf8 \xf9 \xfa \xfb \xfc \xfd \xfe \xff
)

PHP

$ badchars -f php

$badchars =
  "x01x02x03x04x05x06x07x08x09x0ax0bx0cx0dx0ex0fx10" +
  "x11x12x13x14x15x16x17x18x19x1ax1bx1cx1dx1ex1fx20" +
  "x21x22x23x24x25x26x27x28x29x2ax2bx2cx2dx2ex2fx30" +
  "x31x32x33x34x35x36x37x38x39x3ax3bx3cx3dx3ex3fx40" +
  "x41x42x43x44x45x46x47x48x49x4ax4bx4cx4dx4ex4fx50" +
  "x51x52x53x54x55x56x57x58x59x5ax5bx5cx5dx5ex5fx60" +
  "x61x62x63x64x65x66x67x68x69x6ax6bx6cx6dx6ex6fx70" +
  "x71x72x73x74x75x76x77x78x79x7ax7bx7cx7dx7ex7fx80" +
  "x81x82x83x84x85x86x87x88x89x8ax8bx8cx8dx8ex8fx90" +
  "x91x92x93x94x95x96x97x98x99x9ax9bx9cx9dx9ex9fxa0" +
  "xa1xa2xa3xa4xa5xa6xa7xa8xa9xaaxabxacxadxaexafxb0" +
  "xb1xb2xb3xb4xb5xb6xb7xb8xb9xbaxbbxbcxbdxbexbfxc0" +
  "xc1xc2xc3xc4xc5xc6xc7xc8xc9xcaxcbxccxcdxcexcfxd0" +
  "xd1xd2xd3xd4xd5xd6xd7xd8xd9xdaxdbxdcxddxdexdfxe0" +
  "xe1xe2xe3xe4xe5xe6xe7xe8xe9xeaxebxecxedxeexefxf0" +
  "xf1xf2xf3xf4xf5xf6xf7xf8xf9xfaxfbxfcxfdxfexff";

Javascript

$ badchars -f js

var badchars =
  "x01x02x03x04x05x06x07x08x09x0ax0bx0cx0dx0ex0fx10" +
  "x11x12x13x14x15x16x17x18x19x1ax1bx1cx1dx1ex1fx20" +
  "x21x22x23x24x25x26x27x28x29x2ax2bx2cx2dx2ex2fx30" +
  "x31x32x33x34x35x36x37x38x39x3ax3bx3cx3dx3ex3fx40" +
  "x41x42x43x44x45x46x47x48x49x4ax4bx4cx4dx4ex4fx50" +
  "x51x52x53x54x55x56x57x58x59x5ax5bx5cx5dx5ex5fx60" +
  "x61x62x63x64x65x66x67x68x69x6ax6bx6cx6dx6ex6fx70" +
  "x71x72x73x74x75x76x77x78x79x7ax7bx7cx7dx7ex7fx80" +
  "x81x82x83x84x85x86x87x88x89x8ax8bx8cx8dx8ex8fx90" +
  "x91x92x93x94x95x96x97x98x99x9ax9bx9cx9dx9ex9fxa0" +
  "xa1xa2xa3xa4xa5xa6xa7xa8xa9xaaxabxacxadxaexafxb0" +
  "xb1xb2xb3xb4xb5xb6xb7xb8xb9xbaxbbxbcxbdxbexbfxc0" +
  "xc1xc2xc3xc4xc5xc6xc7xc8xc9xcaxcbxccxcdxcexcfxd0" +
  "xd1xd2xd3xd4xd5xd6xd7xd8xd9xdaxdbxdcxddxdexdfxe0" +
  "xe1xe2xe3xe4xe5xe6xe7xe8xe9xeaxebxecxedxeexefxf0" +
  "xf1xf2xf3xf4xf5xf6xf7xf8xf9xfaxfbxfcxfdxfexff";

cytopia sec tools

Below is a list of sec tools and docs I am maintaining.

Name	Category	Language	Description
offsec	Documentation	Markdown	Offsec checklist, tools and examples
header-fuzz	Enumeration	Bash	Fuzz HTTP headers
smtp-user-enum	Enumeration	Python 2+3	SMTP users enumerator
urlbuster	Enumeration	Python 2+3	Mutable web directory fuzzer
pwncat	Pivoting	Python 2+3	Cross-platform netcat on steroids
badchars	Reverse Engineering	Python 2+3	Badchar generator
fuzza	Reverse Engineering	Python 2+3	TCP fuzzing tool

Contributing

See Contributing guidelines to help to improve this project.

❗ Disclaimer

This tool may be used for legal purposes only. Users take full responsibility for any actions performed using this tool. The author accepts no liability for damage caused by this tool. If these terms are not acceptable to you, then do not use this tool.