{"id":13681081,"url":"https://github.com/devploit/XORpass","last_synced_at":"2025-04-30T03:30:32.409Z","repository":{"id":46515501,"uuid":"217725336","full_name":"devploit/XORpass","owner":"devploit","description":"Encoder to bypass WAF filters using XOR operations.","archived":false,"fork":false,"pushed_at":"2022-07-07T14:00:04.000Z","size":23,"stargazers_count":250,"open_issues_count":0,"forks_count":43,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-11-12T00:36:21.064Z","etag":null,"topics":["bugbounty","pentesting","php","waf-bypass","websec","xor"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/devploit.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-10-26T15:01:44.000Z","updated_at":"2024-09-27T17:24:15.000Z","dependencies_parsed_at":"2022-08-12T12:51:02.060Z","dependency_job_id":null,"html_url":"https://github.com/devploit/XORpass","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devploit%2FXORpass","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devploit%2FXORpass/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devploit%2FXORpass/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devploit%2FXORpass/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/devploit","download_url":"https://codeload.github.com/devploit/XORpass/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251635000,"owners_count":21619124,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","pentesting","php","waf-bypass","websec","xor"],"created_at":"2024-08-02T13:01:25.970Z","updated_at":"2025-04-30T03:30:32.129Z","avatar_url":"https://github.com/devploit.png","language":"Python","readme":"\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://i.imgur.com/iqe1grK.png\" width=\"600\" height=\"200\" \u003e\n\u003c/p\u003e\n\n[![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/dwyl/esta/issues)\n\nXORpass is an encoder to bypass WAF filters using XOR operations.\n\n### Installation \u0026 Usage\n```\ngit clone https://github.com/devploit/XORpass\ncd XORpass\n\n$ python3 xorpass.py -h\n```\n\n### Example of bypass:\nUsing clear PHP function:\n\u003cimg src=\"https://i.imgur.com/qMhGrCA.png\" width=\"800\" height=\"200\"\u003e\n\nUsing XOR bypass of that function:\n```bash\n$ python3 xorpass.py -e \"system(ls)\"\n```\n\u003cimg src=\"https://i.imgur.com/iLF2rg7.png\" width=\"800\" height=\"200\"\u003e\n\n#### Why does PHP treat our payload as a string?\n\nThe ^ is the exclusive or operator, which means that we're in reality working with binary values. So lets break down what happens.\n\nThe XOR operator on binary values will return 1 where just one of the bits were 1, otherwise it returns 0 (0^0 = 0, 0^1 = 1, 1^0 = 1, 1^1 = 0). When you use XOR on characters, you're using their ASCII values. These ASCII values are integers, so we need to convert those to binary to see what's actually going on.\n\n```\nA = 65 = 1000001\nS = 83 = 1010011\nB = 66 = 1000010\n\nA       1000001\n        ^\nS       1010011\n        ^\nB       1000010\n----------------\nresult  1010000 = 80 = P\n\nA^S^B = P\n```\n\nIf we do an 'echo \"A\"^\"S\"^\"B\";' PHP will return us a P as we see.\n\n\u003cimg src=\"https://i.imgur.com/7IAD6ZY.png\" width=\"250\" height=\"100\"\u003e\n\n### Contributors\n[@julianjm](https://github.com/julianjm)\n\n### Contact\n[![Twitter: devploit](https://img.shields.io/badge/-Twitter-blue?style=flat-square\u0026logo=Twitter\u0026logoColor=white\u0026link=https://twitter.com/devploit/)](https://twitter.com/devploit/)\n","funding_links":[],"categories":["Python"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevploit%2FXORpass","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdevploit%2FXORpass","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevploit%2FXORpass/lists"}