{"id":13845976,"url":"https://github.com/Kibouo/rustpad","last_synced_at":"2025-07-12T03:33:18.137Z","repository":{"id":57665758,"uuid":"426796821","full_name":"Kibouo/rustpad","owner":"Kibouo","description":"Multi-threaded Padding Oracle attacks against any service. Written in Rust.","archived":false,"fork":false,"pushed_at":"2023-03-05T11:34:53.000Z","size":344,"stargazers_count":92,"open_issues_count":1,"forks_count":14,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-10-07T19:19:04.182Z","etag":null,"topics":["cli","cryptography","infosec","padding-oracle-attacks","pentesting","pentesting-tools","rust","tui","web"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Kibouo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2021-11-10T22:29:20.000Z","updated_at":"2024-10-03T13:22:33.000Z","dependencies_parsed_at":"2024-02-21T10:58:42.437Z","dependency_job_id":null,"html_url":"https://github.com/Kibouo/rustpad","commit_stats":{"total_commits":84,"total_committers":1,"mean_commits":84.0,"dds":0.0,"last_synced_commit":"11ce343bad6ef23658890f6162a714abc9983222"},"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kibouo%2Frustpad","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kibouo%2Frustpad/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kibouo%2Frustpad/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kibouo%2Frustpad/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Kibouo","download_url":"https://codeload.github.com/Kibouo/rustpad/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225791478,"owners_count":17524796,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","cryptography","infosec","padding-oracle-attacks","pentesting","pentesting-tools","rust","tui","web"],"created_at":"2024-08-04T17:04:14.669Z","updated_at":"2024-11-21T19:30:58.287Z","avatar_url":"https://github.com/Kibouo.png","language":"Rust","funding_links":[],"categories":["Rust"],"sub_categories":[],"readme":"# rustpad\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://github.com/Kibouo/rustpad/actions?query=workflow%3A%22Rust+CI%22\"\u003e\n    \u003c!-- shield always shows failing. Wait for breaking change issue to be closed: https://github.com/badges/shields/issues/8671 --\u003e\n    \u003c!-- \u003cimg alt=\"build status shield\" src=\"https://img.shields.io/github/actions/workflow/status/Kibouo/rustpad/ci.yaml?logo=github\"\u003e --\u003e\n    \u003cimg alt=\"build status shield\" src=\"https://img.shields.io/github/actions/workflow/status/simple-icons/simple-icons/verify.yml?branch=master\u0026logo=github\u0026label=build\"\u003e\n\u003c/a\u003e\n\u003ca href=\"https://www.rust-lang.org/\"\u003e\n    \u003cimg alt=\"uses Rust shield\" src=\"https://img.shields.io/badge/uses-Rust-orange?logo=rust\"\u003e\n\u003c/a\u003e\n\u003ca href=\"https://github.com/Kibouo/rustpad/blob/main/LICENSE\"\u003e\n    \u003cimg alt=\"license shield\" src=\"https://img.shields.io/github/license/Kibouo/rustpad?color=teal\"\u003e\n\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n\u003cimg alt=\"asciinema example run\" src=\"./assets/example_run.gif\"\u003e\n\u003c/p\u003e\n\n## 👇🏃 Download\n| \u003cp align=\"center\"\u003eArch linux\u003c/p\u003e                                                                                                                                             | \u003cp align=\"center\"\u003eKali / Debian\u003c/p\u003e                                                                                                                         | \u003cp align=\"center\"\u003eOthers\u003c/p\u003e                                                                                                                                   |\n| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| `yay -Syu rustpad`                                                                                                                                                           | See releases                                                                                                                                 | `cargo install rustpad`                                                                                                                                        |\n| \u003cp align=\"center\"\u003e\u003ca href=\"https://aur.archlinux.org/packages/rustpad-bin/\"\u003e\u003cimg alt=\"aur shield\" src=\"https://img.shields.io:/aur/version/rustpad-bin?color=blue\"/\u003e\u003c/a\u003e\u003c/p\u003e | \u003cp align=\"center\"\u003e\u003ca href=\"https://github.com/Kibouo/rustpad/releases\"\u003e\u003cimg alt=\"deb shield\" src=\"https://img.shields.io/badge/deb-v1.8.1-purple\"/\u003e\u003c/a\u003e\u003c/p\u003e | \u003cp align=\"center\"\u003e\u003ca href=\"https://crates.io/crates/rustpad\"\u003e\u003cimg alt=\"crates.io shield\" src=\"https://img.shields.io:/crates/v/rustpad?color=yellow\"/\u003e\u003c/a\u003e\u003c/p\u003e |\n\n## 🔪🏛️ A multi-threaded what now?\n`rustpad` is a multi-threaded successor to the classic [`padbuster`](https://github.com/AonCyberLabs/PadBuster), written in Rust. It abuses a [Padding Oracle vulnerability](https://en.wikipedia.org/wiki/Padding_oracle_attack) to decrypt any cypher text or encrypt arbitrary plain text **without knowing the encryption key**!\n\n## 🦀💻 Features\n- Decryption of cypher texts\n- Encryption of arbitrary plain text\n- Multi-threading on both block and byte level\n- Modern, real-time and interactive TUI!\n- No-TTY support, so you can just pipe output to a file\n- Supports *Web* server oracles...\n- ... and *Script*-based oracles. For when you need just that extra bit of control.\n- Automated calibration of web oracle's (in)correct padding response\n- Progress bar and automated retries\n- Tab auto-completion\n- Block-level caching\n- Smart detection of cypher text encoding, supporting: `hex`, `base64`, `base64url`\n- No IV support\n- Written in purely safe Rust, making sure you don't encounter nasty crashes\n\n## 🗒️🤔 Usage\nUsing `rustpad` to attack a padding oracle is easy. It requires only 4 pieces of information to start:\n- type of oracle (`web`/`script`, see below)\n- target oracle (`--oracle`)\n- cypher text to decrypt (`--decrypt`)\n- block size (`--block-size`)\n\n### Web mode\nWeb mode specifies that the oracle is located on the web. In other words, the oracle is a web server with a URL.\n\nFor a padding oracle attack to succeed, an oracle must say so if a cypher text with incorrect padding was provided. `rustpad` will analyse the oracle's responses and automatically calibrate itself to the oracle's behaviour.\n\n### Script mode\nScript mode was made for power users ~~or CTF players 🏴‍☠️ who were given a script to run~~. The target oracle is a local shell script.\n\nScripts allow you to run attacks against local oracles or more exotic services. Or you can use script mode to customise and extend `rustpad`'s features. However, if you're missing a feature, feel free to open an issue on [GitHub](https://github.com/Kibouo/rustpad/issues)!\n\n### Shell auto-completion\n`rustpad` can generate tab auto-completion scripts for most popular shells:\n```sh\nrustpad setup \u003cshell\u003e\n```\n\nConsult your shell's documentation on what to do with the generated script.\n\n## 🕥💤 Coming soon\n- [ ] smarter URL parsing\n- [ ] advanced calibration: response text should contain \"x\", time-based\n- [ ] automated block size detection\n- [ ] .NET URL token encoding?\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FKibouo%2Frustpad","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FKibouo%2Frustpad","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FKibouo%2Frustpad/lists"}