{"id":13998142,"url":"https://github.com/trou/rsbkb","last_synced_at":"2025-05-16T18:09:05.727Z","repository":{"id":37565974,"uuid":"202532423","full_name":"trou/rsbkb","owner":"trou","description":"CLI tools: encoders/decoders, CTF and reverse engineering helpers.","archived":false,"fork":false,"pushed_at":"2025-04-26T21:44:21.000Z","size":315,"stargazers_count":126,"open_issues_count":0,"forks_count":8,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-05-14T18:17:10.181Z","etag":null,"topics":["base64","cli","crc","ctf","decoding","encoding","engineering","hacking","reverse","timestamp","xor","zlib"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trou.png","metadata":{"files":{"readme":"README.md","changelog":"Changelog.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-08-15T11:53:35.000Z","updated_at":"2025-04-26T21:44:24.000Z","dependencies_parsed_at":"2023-09-26T14:57:59.991Z","dependency_job_id":"ed3483d7-b1b4-4105-acc9-cbcadc28acb0","html_url":"https://github.com/trou/rsbkb","commit_stats":null,"previous_names":[],"tags_count":21,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trou%2Frsbkb","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trou%2Frsbkb/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trou%2Frsbkb/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trou%2Frsbkb/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trou","download_url":"https://codeload.github.com/trou/rsbkb/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254582907,"owners_count":22095518,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["base64","cli","crc","ctf","decoding","encoding","engineering","hacking","reverse","timestamp","xor","zlib"],"created_at":"2024-08-09T19:01:25.487Z","updated_at":"2025-05-16T18:09:05.720Z","avatar_url":"https://github.com/trou.png","language":"Rust","funding_links":[],"categories":["Rust"],"sub_categories":[],"readme":"# rsbkb (Rust blackbag)\n\n## What is it?\n\n`rsbkb` has multiple tools which are designed to be called directly (through\nsymlinks, like `busybox`). This allows various operations on data to be chained\neasily like CyberChef but through pipes.\n\nIt also includes various practical tools like `entropy`, a binary `grep`, a\ntimestamp decoder, etc.\n\n\n## Quick start\n\n1. install with `cargo install rsbkb` or download the binary from the [releases](https://github.com/trou/rsbkb/releases) page\n2. run `rsbkb` to list applets\n3. run `rsbkb help \u003capplet\u003e` to learn more\n4. optionally create symlinks to call applets directly: `rsbkb symlink`\n\n## Examples\n\nRead 10 bytes from `/etc/passwd` starting at offset `0x2f`, then `xor` with\n`0xF2`, encode it in URL-safe base64 and finally URL encode it:\n\n```\n$ slice /etc/passwd 0x2f +10 | xor -x f2 | b64 -u | urlenc\nl5%2DdnMjdh4GA3Q%3D%3D\n```\n\nVarious examples:\n\n```\n$ unhex 4141:4141\nAA:AA\n$ echo -n'4141:4141' | unhex\nAA:AA\n$ crc32 '41 41 41 32'\ne60ce752\n$ echo -n '41 41 41 32' | crc32\ne60ce752\n$ echo test | b64 | urlenc\ndGVzdAo%3D\n$ tsdec 146424672000234122\n2065-01-01T00:00:00.0234122Z\n$ tsdec 0\n1970-01-01T00:00:00Z\n$ rsbkb bofpatt 60\nAa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9\n$ rsbkb bofpattoff -b 0x41623841\nDecoded pattern: Ab8A (big endian: true)\nOffset: 54 (mod 20280) / 0x36\n$ echo -n tototutu | rsbkb entropy\n0.188\n$ bgrep -x 454c460201 /bin/ls\n0x1\n$ bgrep \"\\x45\\x4c..\\x01\" /bin/ls\n0x1\n$ findso -p /lib/x86_64-linux-gnu/ -r memcpy /bin/ls\n/lib/x86_64-linux-gnu/libc.so.6\n$ findso -l /etc/ld.so.conf -a memcpy\n/lib/i386-linux-gnu/libc.so.6\n[...]\n$ base 0x14\n20\n$ echo \"echo 'test'\" | escape -t bash-single\n'echo '\"'\"'test'\"'\"''\n```\n\n## How to use\n\n### Build it / Get it\n\n* `cargo build --release`\n* `cargo install rsbkb`\n* get the binary from the [releases page](https://github.com/trou/rsbkb/releases).\n* get the latest artifact from the [Actions](https://github.com/trou/rsbkb/actions) page.\n\n### Usage\n\n\n* Almost all tools take values as an argument on the command line or if not present, read from `stdin`\n* Tool name can be specified on the command line `rsbkb TOOL`\n* Or can be called busybox-style: `ln -s rsbkb unhex ; unhex 4142`. Create symlinks with:\n\n```\nrsbkb symlink\n```\n\n## Included tools\n\n* `hex`: hex encode\n* `unhex`: decode hex data (either in the middle of arbitrary data, or strictly)\n* `b64`: base64 encode (use `-u` or `--URL` for URL-safe b64)\n* `d64`: base64 decode (use `-u` or `--URL` for URL-safe b64)\n* `urlenc`: url encode (see `--help` for advanced options)\n* `urldec`: url decode\n* `xor`: xor (use `-x` to specify the key, in hex, `-f` to specify a file)\n* `crc`: all CRC algorithms implemented in the [Crc](https://docs.rs/crc/3.2.1/crc/) crate\n* `crc16`: CRC-16\n* `crc32`: CRC-32\n* `bofpatt` / `boffpattoff`: buffer overflow pattern generator / offset calculator\n* `tsdec`: decode various timestamps (Epoch with different resolutions, Windows FILETIME)\n* `slice`: take a \"slice\" of a file (like `dd`):\n * `slice input_file 10` will output `input_file` from offset 10 on `stdout`\n * `slice input_file 0x10 0x20` will do the same from 0x10 to 0x20 (excluded)\n * `slice input_file 0x10 +0xFF` will copy `0xFF` bytes starting at `0x10`\n * `slice input_file -0x10` will the last 0x10 bytes from `input_file`\n* `entropy`: entropy of a file\n* `bgrep`: simple binary grep\n* `findso`: find which ELF shared library (.so) exports a given name/function\n* `inflate` and `deflate`: raw inflate/deflate compression, fault tolerant and with optional Zlib header support\n* `base`: easy radix conversion of big integers\n* `escape`: backslash-escape special characters in strings (generic, single quote, shell, bash, bash single)\n* `unescape`: unescape `\\` escaped chars in strings\n\n### Getting help\n\n```console\n$ rsbkb help\nrsbkb 1.8.0 (Rust BlackBag) - by Raphaël Rigo \u003cdevel@syscall.eu\u003e\n\nUsage: rsbkb [APPLET]\n\nAPPLETS:\n  list        list applets\n  hex         hex encode\n  unhex       hex decode\n  urlenc      URL encode\n  urldec      URL decode\n  crc16       compute CRC-16\n  crc32       compute CRC-32\n  crc         flexible CRC computation\n  b64         base64 encode\n  d64         base64 decode\n  bofpattoff  buffer overflow pattern offset finder\n  bofpatt     buffer overflow pattern generator\n  xor         xor value\n  entropy     compute file entropy\n  slice       cut slices from file or stdin\n  bgrep       binary grep\n  findso      find which .so implements a given function\n  tsdec       timestamp decoder\n  deflate     (raw) deflate compression\n  inflate     (raw) inflate decompression\n  base        convert integer between different bases\n  escape      backslash-escape input strings\n  unescape    (backslash) unescape input strings\n  help        Print this message or the help of the given subcommand(s)\n\n$ rsbkb help slice\ncut slices from file or stdin\n\nUsage: rsbkb slice \u003cfile\u003e \u003cstart\u003e [end]\n\nArguments:\n  \u003cfile\u003e   file to slice, - for stdin\n  \u003cstart\u003e  start of slice, relative to end of file if negative\n  [end]    end of slice: absolute, relative to \u003cstart\u003e if prefixed with +, relative to end of file if negative\n```\n\n## Credits and heritage\n\nThis is a Rust reimplementation of some tools found in emonti's\n[rbkb](https://github.com/emonti/rbkb), itself a Ruby reimplementation of\nMatasano's BlackBag.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrou%2Frsbkb","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrou%2Frsbkb","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrou%2Frsbkb/lists"}