{"id":17382904,"url":"https://github.com/rem01gaming/unshell","last_synced_at":"2025-10-04T06:54:53.339Z","repository":{"id":256944278,"uuid":"856887656","full_name":"Rem01Gaming/unshell","owner":"Rem01Gaming","description":"Effortlessly deobfuscate any shell scripts","archived":false,"fork":false,"pushed_at":"2024-10-06T03:23:31.000Z","size":460,"stargazers_count":15,"open_issues_count":0,"forks_count":4,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-28T18:21:30.223Z","etag":null,"topics":["base64","bash-obfuscate","deobfuscation","obfuscation","shc","shell","shell-script","shell-scripting","ssc"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Rem01Gaming.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":null,"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"lfx_crowdfunding":null,"polar":null,"buy_me_a_coffee":"rem01gaming","custom":["https://saweria.co/Rem01Gaming"]}},"created_at":"2024-09-13T11:55:33.000Z","updated_at":"2025-03-23T18:17:41.000Z","dependencies_parsed_at":"2024-09-18T03:44:13.293Z","dependency_job_id":"43d6a0a7-628f-49b3-bad3-c6f6594e7020","html_url":"https://github.com/Rem01Gaming/unshell","commit_stats":null,"previous_names":["rem01gaming/unshell"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Rem01Gaming%2Funshell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Rem01Gaming%2Funshell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Rem01Gaming%2Funshell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Rem01Gaming%2Funshell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Rem01Gaming","download_url":"https://codeload.github.com/Rem01Gaming/unshell/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249026766,"owners_count":21200505,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["base64","bash-obfuscate","deobfuscation","obfuscation","shc","shell","shell-script","shell-scripting","ssc"],"created_at":"2024-10-16T07:39:47.109Z","updated_at":"2025-10-04T06:54:48.301Z","avatar_url":"https://github.com/Rem01Gaming.png","language":"Shell","readme":"![unshell_hero](./unshell-banner.png)\n# Unshell\n\u003e The Script Kiddies Nighmare\n\nEffortlessly deobfuscate shell scripts back into source code even with heavenly and multi layered obfuscation. unshell will search for patterns on shell script, determine and deobfuscate accordingly.\n\n## Features\n- Zero configuration: There's no need for any configuration\n- Penetrate: Multi layered obfuscation is not a problem\n- Easy to use: just `unshell -f encrypted1 encrypted2` in cmd\n\n## Supported obfuscation method\n\u003cdetails\u003e\n\u003csummary\u003eShell Script Compiler (SHC)\u003c/summary\u003e\nSHC works internally called execve to shell, it decrypted at runtimes and visible via command line args process\n\neg: \u003ccode\u003e/bin/sh -c \"decrypted shell\"\u003c/code\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eSimple Script Compiler (SSC)\u003c/summary\u003e\nIt works almost the same as SHC but this one uses C++ and shell reads from file descriptor `3`. It visible via `fd` number 3 on the process.\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eRi-crypt\u003c/summary\u003e\nRi-crypt works internally called execve to shell, it decrypted at runtimes and visible via command line args process. we can retrive the shell script using `strace`.\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003ebash-obfuscate (Node.js CLI)\u003c/summary\u003e\nbash-obfuscate works by randomize the script with random variables then execute it in `eval` command.\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eBashrock\u003c/summary\u003e\nBashrock works almost the same way as bash-obfuscate.\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eTPP Tool\u003c/summary\u003e\nThe creator of the this obfuscation said \"it has anti-decode feature\" despite of multilayered base64 encoding that he use can easily decoded.\nAs time of this being written, unshell support up to version 12 of this \"tool\".\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eBashProtector\u003c/summary\u003e\nBashrock randomize the script with random variables layered by single `base64` encryption, then execute it in single `eval` command.\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eExtreme comment/editor EOF trick\u003c/summary\u003e\nSome people obfuscate their script with adding generous amounts of comments in the script until it becomes a really big file, tricking average text editor to shit itself while opening the script so people can't open it.\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003ebzip2\u003c/summary\u003e\nUsually used for obfuscating tunneling/VPN scripts. the actual script is compressed with bzip2 and snuck'ed inside the decompression script itself.\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eAxeron online module\u003c/summary\u003e\nThe script is actually stored somewhere online (usually public GitHub pages, script kiddies ahh behavior) and script on the module does only execution of the actual script after downloaded from cloud, the file link itself is obfuscated with base64 and rot17.\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003ebase64\u003c/summary\u003e\nNot too crazy, just classic \u003ccode\u003eecho \"ZWNobyBzb21lIGJhc2U2NCBlbmNyeXB0ZWQgc2hpdAo=\" | base64 -d | sh\u003c/code\u003e.\n\u003c/details\u003e\n\n## Installation\n```shell\nspath=$(echo $PATH | cut -d: -f1)\ncurl -sLo $spath/unshell https://github.com/Rem01Gaming/unshell/raw/main/unshell\nchmod +x $spath/unshell\n```\n\n## Usage\n```yaml\nunshell - Deobfuscate any shell scripts with multiple methods\n  Usage: unshell [OPTIONS] [FILE]\n  Usage: unshell [OPTIONS] [DIR]\n\n  Options:\n    -h, --help\n      print this message\n    -f, --file [FILE]\n      Scripts you wanted to deobfuscate, multi input is supported\n    -r, --recursive [DIR]\n      Recursively find and deobfuscate all files in the specified directory\n    -v, --verbose\n      Be verbose\n    -d, --execve-delay [SECOND]\n      Set custom execve delay time in seconds for SHC and SSC encryption\n    -U, --update\n      Update the script\n\n  Example usages:\n    unshell -f install.sh menu.sh\n    unshell -v -f /system/bin/gaming_script\n    unshell -d 6.018 -f ./VTK\n    unshell -r .\n```\n\n## WARNING\nUsing unshell to retrieve the original shell script from SHC, SSC, or Ri-crypt obfuscation could potentially harm your machine, these obfuscation type requires to executing the script to order to deobfuscate thus leave your machine in danger if script does something malicious. Avoid running unshell with root permissions unless you fully trust the script!\n\n## Special Credits\n- [kawaii-ghost](https://github.com/kawaii-ghost/deshc) for decsh (shc and ssc deobfucator).\n- [RiProG-id](https://github.com/RiProG-id/Universal-Shell-Dec.git) for universal-shell-dec, the inspiration and foundation of this project.\n","funding_links":["https://buymeacoffee.com/rem01gaming","https://saweria.co/Rem01Gaming"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frem01gaming%2Funshell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frem01gaming%2Funshell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frem01gaming%2Funshell/lists"}