{"id":15659141,"url":"https://github.com/cytopia/kusanagi","last_synced_at":"2025-05-05T03:26:16.686Z","repository":{"id":52761138,"uuid":"356548845","full_name":"cytopia/kusanagi","owner":"cytopia","description":"Kusanagi is a bind and reverse shell payload generator with obfuscation and badchar support.","archived":false,"fork":false,"pushed_at":"2021-04-19T20:45:40.000Z","size":772,"stargazers_count":22,"open_issues_count":0,"forks_count":6,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-19T04:43:34.938Z","etag":null,"topics":["badchars","kusanagi","obfuscation","obfuscator","payload","payload-generator","reverse-shell-generator"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cytopia.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-04-10T10:35:05.000Z","updated_at":"2024-08-12T20:12:01.000Z","dependencies_parsed_at":"2022-08-29T02:01:20.228Z","dependency_job_id":null,"html_url":"https://github.com/cytopia/kusanagi","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cytopia%2Fkusanagi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cytopia%2Fkusanagi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cytopia%2Fkusanagi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cytopia%2Fkusanagi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cytopia","download_url":"https://codeload.github.com/cytopia/kusanagi/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252431580,"owners_count":21746878,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["badchars","kusanagi","obfuscation","obfuscator","payload","payload-generator","reverse-shell-generator"],"created_at":"2024-10-03T13:15:15.850Z","updated_at":"2025-05-05T03:26:16.639Z","avatar_url":"https://github.com/cytopia.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Kusanagi - 草薙\n\n**TL;DR:** `kusanagi` is a major, bind- and reverse shell payload generator.\n\n\n[![](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)\n[![PyPI](https://img.shields.io/pypi/v/kusanagi)](https://pypi.org/project/kusanagi/)\n[![PyPI - Python Version](https://img.shields.io/pypi/pyversions/kusanagi)](https://pypi.org/project/kusanagi/)\n[![PyPI - Format](https://img.shields.io/pypi/format/kusanagi)](https://pypi.org/project/kusanagi/)\n[![PyPI - Implementation](https://img.shields.io/pypi/implementation/kusanagi)](https://pypi.org/project/kusanagi/)\n[![PyPI - License](https://img.shields.io/pypi/l/kusanagi)](https://pypi.org/project/kusanagi/)\n\nAt its core, it is just a collection of Yaml files that define various *shell commands*,\n*code snippets*, *file specifications* and *obfuscators*. It combines and permutates all of them to generate\npayloads according to someone's need.\n\n**Payloads** are highly searchable and filterable in order\nto generate a *code-*, *file-* or *command* injection with correct binaries for the target architecture\nand removed bad chars that might get filtered/denied by certain mechanisms which are in between you and the target (e.g.: web application firewall).\nAdditional **output encoding** can be applied on your generated payloads (See [list of encoders](https://github.com/cytopia/kusanagi/blob/master/kusanagi/core/encoder/__init__.py#L13)).\n\n**Disclaimer:** It does have a *copy-to-clipboard* function to eliminate heavy mouse gestures.\n\n\u003cimg src=\"doc/screenshot01.png\" height=\"300px;\" style=\"height: 300px;\" /\u003e\n\n\n## :tada: Install\n```bash\npip install kusanagi\n```\n\n\u003e :exclamation: Requires Python \u003e= 3.6\n\n\n\n## :hourglass: Current state\n\n[![Build Status](https://github.com/cytopia/kusanagi/workflows/linting/badge.svg)](https://github.com/cytopia/kusanagi/actions?workflow=linting)\n[![Build Status](https://github.com/cytopia/kusanagi/workflows/building/badge.svg)](https://github.com/cytopia/kusanagi/actions?workflow=building)\n[![Build Status](https://github.com/cytopia/kusanagi/workflows/testing/badge.svg)](https://github.com/cytopia/kusanagi/actions?workflow=testing)\n\n[![Build Status](https://github.com/cytopia/kusanagi/workflows/black/badge.svg)](https://github.com/cytopia/kusanagi/actions?workflow=black)\n[![Build Status](https://github.com/cytopia/kusanagi/workflows/mypy/badge.svg)](https://github.com/cytopia/kusanagi/actions?workflow=mypy)\n[![Build Status](https://github.com/cytopia/kusanagi/workflows/pylint/badge.svg)](https://github.com/cytopia/kusanagi/actions?workflow=pylint)\n[![Build Status](https://github.com/cytopia/kusanagi/workflows/pycode/badge.svg)](https://github.com/cytopia/kusanagi/actions?workflow=pycode)\n[![Build Status](https://github.com/cytopia/kusanagi/workflows/pydoc/badge.svg)](https://github.com/cytopia/kusanagi/actions?workflow=pydoc)\n\n\n`kusanagi` is currently at most an alpha version and in a very early state of development.\n\nFeel free to use it, but expect drastic changes in ui and available command line arguments.\n\nIf you want to support this project, drop me all your payloads and obfuscators you know about.\n\n\n\n## :star: Features\n\nYou can find current features here:\n\n* [ ] Automated Quote escaping\n* [ ] Quote swapping\n* [X] Obfuscation\n* [ ] Permutation\n* [X] Badchar elimination\n* [X] Output encoder\n* [X] Copy to clipboard\n* [X] Command injection\n* [X] Code injection\n* [ ] File injection\n* [ ] Payload: Persistence wrapper\n* [X] Payload: reverse shell\n* [ ] Payload: bind shell\n* [ ] Payload: port forwarding\n* [ ] BYOY: Bring your own yaml - and have custom payloads\n\n\n\n## Usage\n\n### General\n\nKusanagi is separated into different usage section. To start off, you will have to choose between a shell command for command injection (`cmd`), a code snippet from a programming language for code injection (`code`) and a generated file for various exploits injected into it (`file`).\n\n\n```bash\nusage: kusa \u003cpayload\u003e [options] addr [host]\n kusa \u003cpayload\u003e -h\n kusa -v, --version\n kusa -h, --help\n\nKusanagi is a bind and reverse shell payload generator with obfuscation and badchar support.\n\npositional arguments:\n \u003cpayload\u003e\n cmd Generate a command to be executed on a shell.\n code Generate source code (e.g.: php).\n file Inject source code in a file (e.g.: php in jpeg).\n\nmisc arguments:\n -v, --version Show version information and exit\n -h, --help Show this help message and exit\n```\n\n### Injectable commands (`cmd`)\n\nOptions for command injection/execution module.\n\n\u003cdetails\u003e\n \u003csummary\u003e\u003cstrong\u003eClick here to expand full usage\u003c/strong\u003e\u003c/summary\u003e\n\n```bash\nusage: kusa cmd [options] addr [port]\n kusa cmd -h, --help\n\npositional arguments:\n addr Address to listen or connect to.\n\n port (Optional) Port to listen or connect to\n Default: 4444\n\n\nquery arguments:\n -e EXE [EXE ...], --exe EXE [EXE ...]\n Command that will execute the payload\n (e.g.: perl, python, php, nc, sh, bash, cmd, PowerShell, etc)\n Default: do not filter by underlying command.\n\n -s SHELL [SHELL ...], --shell SHELL [SHELL ...]\n Shell on which the command (specified via -e)\n will be executed. Some payloads use crazy output\n redirections or pipes that will only work on certain\n underlying shells.\n (e.g.: dash, sh, bash, zsh, cmd, PowerShell)\n Default: do not filter by underlying shell.\n\n -b BADCHARS, --badchars BADCHARS\n Exclude any payloads that contain the specified bad chars.\n This comes in handy if you encounter a Web Application Firewall\n that prohibits certain characters.\n Default: Ignore badchars\n\n -o {bsd,linux,mac,solaris,windows}, --os {bsd,linux,mac,solaris,windows}\n Only fetch payloads which work on a specific operating system.\n Default: fetch for all OS.\n\n -m bytes, --maxlen bytes\n Exclude any payloads exceeding the specified max length.\n\n\nmutate arguments:\n --obf Run the fun. This switch will apply obfuscator to all\n payloads to get a different set of badchars.\n\n --enc name [name ...]\n Encode the output with one or more encoders.\n When encoding multiple times, pay attention to the\n order of specifying encoders.\n Note that any filtering (-b, -o, etc) is not done on the\n encoded payload. Filtering is done before.\n To view available encoders, use --list-encoders.\n\nhelper arguments:\n -q, --quick Show quick payload results (less detail).\n\n -c [index], --copy [index]\n Copy last shown payload to clipboard or specify index\n of payload to copy to clipboard.\n (indices are shown in square brackets next to payload)\n\n\nmisc arguments:\n -h, --help Show this help message and exit\n```\n\n\u003c/details\u003e\n\n\n#### Examples\n```bash\n# List reverse shells connecting to 10.0.0.1 (port 4444 by default)\nkusa cmd 10.0.0.1\n```\n```bash\n# List reverse shells connecting to 10.0.0.1:1337\nkusa cmd 10.0.0.1 1337\n```\n\n```bash\n# Copy last reverse shell payload to clipboard\nkusa cmd 10.0.0.1 -c\n```\n```bash\n# Copy reverse shell with index 2 to clipboard\nkusa cmd 10.0.0.1 -c 2\n```\n```bash\n# URL encode reverse shell\nkusa cmd 10.0.0.1 --enc url\n```\n```bash\n# Base64 encode and then url encode reverse shell\nkusa cmd 10.0.0.1 --enc base64 url\n```\n```bash\n# Obfuscate payloads\nkusa cmd 10.0.0.1 --obf\n```\n```bash\n# Obfuscated and filter away '/' and '$' characters in payload\nkusa cmd 10.0.0.1 --obf -b '/$'\n```\n\n\n\n### Injectable code (`code`)\n\nOptions for code injection/execution module.\n\n\u003cdetails\u003e\n \u003csummary\u003e\u003cstrong\u003eClick here to expand full usage\u003c/strong\u003e\u003c/summary\u003e\n\n```bash\nusage: kusa code [options] addr [port]\n kusa code -h, --help\n\npositional arguments:\n addr Address to listen or connect to.\n\n port (Optional) Port to listen or connect to\n Default: 4444\n\n\nquery arguments:\n -l LANG [LANG ...], --lang LANG [LANG ...]\n The payload language to query.\n (e.g.: perl, python, php, etc)\n Default: do not filter language.\n\n -s SHELL [SHELL ...], --shell SHELL [SHELL ...]\n Shell on which the command (specified via -e)\n will be executed. Some payloads use crazy output\n redirections or pipes that will only work on certain\n underlying shells.\n (e.g.: dash, sh, bash, zsh, cmd, PowerShell)\n Default: do not filter by underlying shell.\n\n -b BADCHARS, --badchars BADCHARS\n Exclude any payloads that contain the specified bad chars.\n This comes in handy if you encounter a Web Application Firewall\n that prohibits certain characters.\n Default: Ignore badchars\n\n -o {bsd,linux,mac,solaris,windows}, --os {bsd,linux,mac,solaris,windows}\n Only fetch payloads which work on a specific operating system.\n Default: fetch for all OS.\n\n -m bytes, --maxlen bytes\n Exclude any payloads exceeding the specified max length.\n\n\nmutate arguments:\n --obf Run the fun. This switch will apply obfuscator to all\n payloads to get a different set of badchars.\n\n --enc name [name ...]\n Encode the output with one or more encoders.\n When encoding multiple times, pay attention to the\n order of specifying encoders.\n Note that any filtering (-b, -o, etc) is not done on the\n encoded payload. Filtering is done before.\n To view available encoders, use --list-encoders.\n\nhelper arguments:\n -q, --quick Show quick payload results (less detail).\n\n -c [index], --copy [index]\n Copy last shown payload to clipboard or specify index\n of payload to copy to clipboard.\n (indices are shown in square brackets next to payload)\n\n\nmisc arguments:\n -h, --help Show this help message and exit\n\n```\n\n\u003c/details\u003e\n\n\n#### Examples\n```bash\n# List reverse shells connecting to 10.0.0.1 (port 4444 by default)\nkusa code 10.0.0.1\n```\n```bash\n# List reverse shells connecting to 10.0.0.1:1337\nkusa code 10.0.0.1 1337\n```\n\n```bash\n# Copy last reverse shell payload to clipboard\nkusa code 10.0.0.1 -c\n```\n```bash\n# Copy reverse shell with index 2 to clipboard\nkusa code 10.0.0.1 -c 2\n```\n```bash\n# Select only PHP code (-l/--language)\nkusa code 10.0.0.1 -l php\n```\n```bash\n# URL encode reverse shell\nkusa code 10.0.0.1 --enc url\n```\n```bash\n# Base64 encode and then url encode reverse shell\nkusa code 10.0.0.1 --enc base64 url\n```\n```bash\n# Obfuscate payloads\nkusa code 10.0.0.1 --obf\n```\n```bash\n# Obfuscated and filter away '/' and '$' characters in payload\nkusa code 10.0.0.1 --obf -b '/$'\n```\n\n\n\n\n## :lock: [cytopia](https://github.com/cytopia) sec tools\n\nBelow is a list of sec tools and docs I am maintaining.\n\n| Name | Category | Language | Description |\n|----------------------|----------------------|------------|-------------|\n| **[offsec]** | Documentation | Markdown | Offsec checklist, tools and examples |\n| **[header-fuzz]** | Enumeration | Bash | Fuzz HTTP headers |\n| **[smtp-user-enum]** | Enumeration | Python 2+3 | SMTP users enumerator |\n| **[urlbuster]** | Enumeration | Python 2+3 | Mutable web directory fuzzer |\n| **[pwncat]** | Pivoting | Python 2+3 | Cross-platform netcat on steroids |\n| **[kusanagi]** | Payload Generator | Python 3 | Bind- and Reverse shell payload generator |\n| **[badchars]** | Reverse Engineering | Python 2+3 | Badchar generator |\n| **[fuzza]** | Reverse Engineering | Python 2+3 | TCP fuzzing tool |\n| **[docker-dvwa]** | Playground | PHP | DVWA with local priv esc challenges |\n\n[offsec]: https://github.com/cytopia/offsec\n[header-fuzz]: https://github.com/cytopia/header-fuzz\n[smtp-user-enum]: https://github.com/cytopia/smtp-user-enum\n[urlbuster]: https://github.com/cytopia/urlbuster\n[pwncat]: https://github.com/cytopia/pwncat\n[kusanagi]: https://github.com/cytopia/kusanagi\n[badchars]: https://github.com/cytopia/badchars\n[fuzza]: https://github.com/cytopia/fuzza\n[docker-dvwa]: https://github.com/cytopia/docker-dvwa\n\n\n\n## :octocat: Contributing\n\nSee **[Contributing guidelines](CONTRIBUTING.md)** to help to improve this project.\n\n\n\n## :exclamation: Disclaimer\n\nThis tool may be used for legal purposes only. Users take full responsibility for any actions performed using this tool. The author accepts no liability for damage caused by this tool. If these terms are not acceptable to you, then do not use this tool.\n\n\n\n## :page_facing_up: License\n\n**[MIT License](LICENSE.txt)**\n\nCopyright (c) 2021 **[cytopia](https://github.com/cytopia)**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcytopia%2Fkusanagi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcytopia%2Fkusanagi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcytopia%2Fkusanagi/lists"}