{"id":15396594,"url":"https://github.com/hupe1980/zipbomb","last_synced_at":"2025-10-18T05:22:41.922Z","repository":{"id":63784654,"uuid":"569693205","full_name":"hupe1980/zipbomb","owner":"hupe1980","description":"Tool that creates different types of zip bombs.","archived":false,"fork":false,"pushed_at":"2022-11-29T06:45:40.000Z","size":65,"stargazers_count":6,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-29T03:11:55.654Z","etag":null,"topics":["cybersecurity","redteam","zipbomb","zipslip"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hupe1980.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-11-23T12:04:39.000Z","updated_at":"2025-03-12T09:30:32.000Z","dependencies_parsed_at":"2022-11-25T23:15:51.570Z","dependency_job_id":null,"html_url":"https://github.com/hupe1980/zipbomb","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hupe1980%2Fzipbomb","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hupe1980%2Fzipbomb/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hupe1980%2Fzipbomb/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hupe1980%2Fzipbomb/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hupe1980","download_url":"https://codeload.github.com/hupe1980/zipbomb/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249174318,"owners_count":21224695,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","redteam","zipbomb","zipslip"],"created_at":"2024-10-01T15:34:19.638Z","updated_at":"2025-10-18T05:22:36.873Z","avatar_url":"https://github.com/hupe1980.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# zipbomb\n![Build Status](https://github.com/hupe1980/zipbomb/workflows/build/badge.svg) \n[![Go Reference](https://pkg.go.dev/badge/github.com/hupe1980/zipbomb.svg)](https://pkg.go.dev/github.com/hupe1980/zipbomb)\n\u003e Tool that creates different types of zip bombs.\n\n:warning: This is for educational purpose. Don’t try it on live clients/servers!\n\n## Installing\nYou can install the pre-compiled binary in several different ways\n\n### homebrew tap:\n```bash\nbrew tap hupe1980/zipbomb\nbrew install zipbomb\n```\n### scoop:\n```bash\nscoop bucket add zipbomb https://github.com/hupe1980/zipbomb-bucket.git\nscoop install zipbomb\n```\n\n### deb/rpm/apk:\nDownload the .deb, .rpm or .apk from the [releases page](https://github.com/hupe1980/zipbomb/releases) and install them with the appropriate tools.\n\n### manually:\nDownload the pre-compiled binaries from the [releases page](https://github.com/hupe1980/zipbomb/releases) and copy to the desired location.\n\n\n## How to use\n```\nUsage:\n  zipbomb [command]\n\nAvailable Commands:\n  completion  Generate the autocompletion script for the specified shell\n  help        Help about any command\n  no-overlap  Create non-recursive no-overlap zipbomb\n  overlap     Create non-recursive overlap zipbomb\n  zip-slip    Create a zip-slip\n\nFlags:\n  -h, --help            help for zipbomb\n  -o, --output string   output filename (default \"bomb.zip\")\n  -v, --version         version for zipbomb\n\nUse \"zipbomb [command] --help\" for more information about a command.\n```\n\n### Overlap\nCreate non-recursive zipbomb that achieves a high compression ratio by overlapping files inside the zip container\n```\nUsage:\n  zipbomb overlap [flags]\n\nExamples:\n- zipbomb overlap -N 2000 --extra-tag 0x9999 --verify\n- zipbomb overlap -N 2000 -R 200000000\n\nFlags:\n      --alphabet string         alphabet for generating filenames (default \"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\")\n  -L, --compression-level int   compression-level [-2, 9] (default 5)\n      --extension string        extension for generating filenames\n      --extra-tag uint16        extra tag to activate extra-field escaping\n  -h, --help                    help for overlap\n  -B, --kernel-bytes bytesHex   kernel bytes (default 42)\n  -R, --kernel-repeats int      kernel repeats (default 1048576)\n  -N, --num-files int           number of files (default 100)\n      --verify                  verify zip archive\n\nGlobal Flags:\n  -o, --output string   output filename (default \"bomb.zip\")\n```\n\n### No-Overlap\n```\nUsage:\n  zipbomb no-overlap [flags]\n\nFlags:\n      --alphabet string         alphabet for generating filenames (default \"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\")\n  -L, --compression-level int   compression-level [-2, 9] (default 5)\n      --extension string        extension for generating filenames\n  -h, --help                    help for no-overlap\n  -B, --kernel-bytes bytesHex   kernel bytes (default 42)\n  -R, --kernel-repeats int      kernel repeats (default 1048576)\n  -N, --num-files int           number of files (default 100)\n      --verify                  verify zip archive\n\nGlobal Flags:\n  -o, --output string   output filename (default \"bomb.zip\")\n```\n\n### ZipSlip\n```\nUsage:\n  zipbomb zip-slip [flags]\n\nExamples:\n- zipbomb zip-slip --zip-slip \"../../../file-to-overwrite\" --verify\n- zipbomb zip-slip --zip-slip-file \"../../script.sh\"=\"./template.sh\" --verify\n\nFlags:\n  -L, --compression-level int          compression-level [-2, 9] (default 5)\n  -h, --help                           help for zip-slip\n  -B, --kernel-bytes bytesHex          kernel bytes (default 42)\n  -R, --kernel-repeats int             kernel repeats (default 1048576)\n      --verify                         verify zip archive\n      --zip-slip strings               zip slip with kernel bytes\n      --zip-slip-file stringToString   zip slip with file content (default [])\n\nGlobal Flags:\n  -o, --output string   output filename (default \"bomb.zip\")\n```\n\n## References\n- https://www.bamsoftware.com/hacks/zipbomb/\n- https://research.swtch.com/zip\n- https://security.snyk.io/research/zip-slip-vulnerability\n\n## License\n[MIT](LICENCE)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhupe1980%2Fzipbomb","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhupe1980%2Fzipbomb","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhupe1980%2Fzipbomb/lists"}