{"id":33289045,"url":"https://github.com/jaketcooper/ecurl","last_synced_at":"2026-05-06T13:32:47.591Z","repository":{"id":323918303,"uuid":"1095237767","full_name":"jaketcooper/ecurl","owner":"jaketcooper","description":"A lightweight 'Encoded cURL' wrapper for encoding payloads in pentesting automation and custom scripts","archived":false,"fork":false,"pushed_at":"2025-11-12T20:48:01.000Z","size":43,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-11-12T21:20:18.769Z","etag":null,"topics":["bash","curl","cybersecurity","debian","encoding","infosec","injection-attacks","kali","kali-linux","payloads","penetration-testing","pentesting","posix","security","security-testing","security-tools","url","url-encoder","web-security"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jaketcooper.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":null,"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"lfx_crowdfunding":null,"polar":null,"buy_me_a_coffee":null,"thanks_dev":"jaketcooper","custom":null}},"created_at":"2025-11-12T19:25:14.000Z","updated_at":"2025-11-12T20:48:05.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/jaketcooper/ecurl","commit_stats":null,"previous_names":["jaketcooper/ecurl"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/jaketcooper/ecurl","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaketcooper%2Fecurl","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaketcooper%2Fecurl/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaketcooper%2Fecurl/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaketcooper%2Fecurl/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jaketcooper","download_url":"https://codeload.github.com/jaketcooper/ecurl/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaketcooper%2Fecurl/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":284956483,"owners_count":27090690,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-11-17T02:00:06.431Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash","curl","cybersecurity","debian","encoding","infosec","injection-attacks","kali","kali-linux","payloads","penetration-testing","pentesting","posix","security","security-testing","security-tools","url","url-encoder","web-security"],"created_at":"2025-11-17T21:00:56.036Z","updated_at":"2026-05-06T13:32:47.584Z","avatar_url":"https://github.com/jaketcooper.png","language":"Shell","funding_links":["https://thanks.dev/jaketcooper"],"categories":[],"sub_categories":[],"readme":"# ecurl — Encoded cURL for Penetration Testing\n\n![Version](https://img.shields.io/badge/version-1.0.1-blue)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)\n![Shell](https://img.shields.io/badge/language-bash-blue.svg)\n![Status](https://img.shields.io/badge/build-passing-brightgreen.svg)\n![Platform](https://img.shields.io/badge/platform-linux%20%7C%20unix-lightgrey.svg)\n![Kali Ready](https://img.shields.io/badge/kali--ready-yes-critical.svg)\n\n---\n\n## 🔍 Overview\n**ecurl** is an encoded wrapper around [`curl`](https://curl.se/) for **authorized penetration testing** and **security automation**.  \nIt simplifies payload encoding, session persistence, batch payload testing, and JSON-based chaining — all while keeping full `curl` flexibility. _(just add an 'e'!)_\n\nThe tool is lightweight, self-contained (Bash), and tested under **Debian**, **Ubuntu**, and **Kali Linux**.\n\n\u003e ⚠️ Use responsibly. Only perform security testing on systems you have explicit permission to test.\n\n---\n\n## 🚀 Key Features\n\n| Category | Description |\n|-----------|-------------|\n| **Encoding** | URL, double, HTML, Base64, Unicode |\n| **Session Management** | Persistent cookies, replay, export/import |\n| **Batch Testing** | Run payloads from file with delays/threads |\n| **JSON Output** | Base64-safe structured output for pipelines |\n| **Proxy \u0026 TLS** | Full proxy, client cert, and SSL control |\n| **Error Handling** | Granular exit codes, robust curl wrappers |\n| **Colorized Output** | Clear status display with ANSI detection |\n| **Forensics Ready** | History logging to `~/.ecurl_history` |\n\n---\n\n## ⚙️ Installation\n\n### From Source\n```bash\ngit clone https://github.com/jaketcooper/ecurl.git\ncd ecurl\nsudo make install\n````\n\n### From Debian/Kali Package\n\n*(Recommended once released to Kali repos)*\n\n```bash\nsudo apt install ecurl\n```\n\nThis installs:\n\n```\n/usr/bin/ecurl\n/usr/share/man/man1/ecurl.1.gz\n/usr/share/doc/ecurl/*\n```\n\nDependencies are automatically resolved (`curl`, `perl`, `jq`, `liburi-perl`).\n\n---\n\n## 🧠 Usage\n\n```bash\necurl [OPTIONS]\n\n  -i, --injection \u003cTEXT\u003e    Payload to encode and send\n  -t, --target \u003cURL\u003e        Persistent target\n  -c, --count \u003cN\u003e           Number of encoding passes\n  --encode-type \u003cTYPE\u003e      url, html, base64, unicode\n  --json                    Output as JSON (for chaining)\n  --payload-file \u003cFILE\u003e     Batch payload testing\n  --session \u003cNAME\u003e          Named cookie persistence\n  --replay \u003cFILE\u003e           Replay a saved request\n  -s, --show                Show encoded payload only\n  --version                 Display version\n```\n\n### Example 1: Basic Injection\n\n```bash\necurl -t \"https://target/api?id=\" \necurl -i \"' OR '1'='1\"\n```\n\n### Example 2: Batch Test Payloads\n\n```bash\necurl --payload-file payloads.txt -c 2 --delay 1\n```\n\n### Example 3: JSON Chaining\n\n```bash\necurl -i test --json | jq '.response.status'\n```\n\n---\n\n## 🧩 Encoding Example\n\n| Type    | Input        | Output               |\n| ------- | ------------ | -------------------- |\n| url     | `' OR 1=1--` | `%27%20OR%201%3D1--` |\n| html    | `\u003cscript\u003e`   | `\u0026lt;script\u0026gt;`     |\n| base64  | `abc123`     | `YWJjMTIz`           |\n| unicode | `A`          | `\\u0041`             |\n\n---\n\n## 🪄 Advanced Features\n\n* **Replay Mode** — export and rerun full requests\n* **Tamper Scripts** — custom transforms before sending\n* **Grep \u0026 Match Filters** — highlight or extract response fragments\n* **Threaded Batch Mode** — queue large payload sets efficiently\n\n---\n\n## 🧰 Developer Notes\n\n* Written in **pure Bash**, portable across most POSIX shells\n* Error-resistant: no unguarded `eval`, no silent failures\n* Fully compatible with Kali's **Debhelper 12+** build system\n\nFor deeper architectural details, see:\n\n* [`TECHNICAL.md`](TECHNICAL.md)\n* [`PACKAGING.md`](PACKAGING.md)\n\n---\n\n## 🤝 Contributing\n\nContributions, patches, and packaging improvements are welcome.\nPlease see [`CONTRIBUTING.md`](CONTRIBUTING.md) and adhere to the [`CODE_OF_CONDUCT.md`](CODE_OF_CONDUCT.md).\n\n---\n\n## 🛡️ Security Policy\n\nSee [`SECURITY.md`](SECURITY.md) for responsible disclosure and vulnerability reporting.\n\n---\n\n## 🧾 License\n\nLicensed under the [MIT License](LICENSE).\n© 2025 Jake Cooper\n\n---\n\n## 📦 Debian / Kali Packaging Status\n\n`ecurl` is Debian Policy-compliant and structured for inclusion in **Kali Rolling**:\n\n* `debian/control` defines dependencies (`curl`, `perl`, `jq`, `liburi-perl`)\n* `debian/rules` uses standard `dh` build helper\n* Man page: `/usr/share/man/man1/ecurl.1.gz`\n* Lintian clean\n\nFor detailed packaging steps, refer to [`PACKAGING.md`](PACKAGING.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjaketcooper%2Fecurl","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjaketcooper%2Fecurl","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjaketcooper%2Fecurl/lists"}