Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/nickvourd/supernova

Real fucking shellcode encryptor & obfuscator tool
https://github.com/nickvourd/supernova

aes aes-128-cbc aes-192-cbc aes-256-cbc caesar-cipher chacha20 decryption encryption evasion go golang malware-development obfuscation pentest rc4 redteam rot rot13 shellcode xor

Last synced: 23 days ago
JSON representation

Real fucking shellcode encryptor & obfuscator tool

Host: GitHub
URL: https://github.com/nickvourd/supernova
Owner: nickvourd
License: mit
Created: 2023-08-08T11:30:34.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-04-30T14:35:29.000Z (6 months ago)
Last Synced: 2024-06-19T01:49:17.962Z (5 months ago)
Topics: aes, aes-128-cbc, aes-192-cbc, aes-256-cbc, caesar-cipher, chacha20, decryption, encryption, evasion, go, golang, malware-development, obfuscation, pentest, rc4, redteam, rot, rot13, shellcode, xor
Language: Go
Homepage:
Size: 4.35 MB
Stars: 604
Watchers: 10
Forks: 111
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # Supernova

Real fucking shellcode encryptor & obfuscator.



  



  

  



  

  

  



## Description

Supernova is an open-source tool that empowers users to securely encrypt and/or obfuscate their raw shellcode. 

Supernova supports various features beyond those typically found in a common shellcode encryptor tool. Please refer to the  Features section for more information.

For command-line usage and examples, please refer to our [Wiki](https://github.com/nickvourd/Supernova/wiki).

> If you find any bugs, don’t hesitate to [report them](https://github.com/nickvourd/Supernova/issues). Your feedback is valuable in improving the quality of this project!

## Disclaimer

The authors and contributors of this project are not liable for any illegal use of the tool. It is intended for educational purposes only. Users are responsible for ensuring lawful usage.

## Table of Contents

- [Supernova](#supernova)

  - [Description](#description)

  - [Disclaimer](#disclaimer)

  - [Table of Contents](#table-of-contents)

  - [Acknowledgement](#acknowledgement)

  - [Features](#features)

  - [Installation](#installation)

  - [Usage](#usage)

  - [References](#references)

## Acknowledgement

Special thanks to my brothers [@S1ckB0y1337](https://twitter.com/S1ckB0y1337) and [@IAMCOMPROMISED](https://twitter.com/IAMCOMPROMISED), who provided invaluable assistance during the beta testing phase of the tool.

Grateful acknowledgment to [@y2qaq](https://twitter.com/y2qaq) and [@VeryDampTowel](https://twitter.com/VeryDampTowel) for their valuable contributions.

Special thanks to my friend [@MikeAngelowtt](https://twitter.com/MikeAngelowtt) for all our evening discussions during the development process.

Special thanks to my friend [Efstratios Chatzoglou](https://www.linkedin.com/in/efstratios-chatzoglou-b2b09616b/) and his tool named [Pandora](https://github.com/efchatz/pandora), which inspired me to improve the beauty of this `README.md` file.

This tool was inspired during the malware development courses of [MALDEV Academy](https://maldevacademy.com).

Supernova was created with :heart: by [@nickvourd](https://twitter.com/nickvourd), [@Papadope9](https://twitter.com/Papadope9) and [@0xvm](https://twitter.com/0xvm).

## Features

Supernova offers automatic conversion of the encrypted shellcode into formats compatible with various programming languages, including:

- C

- C#

- Rust

- Nim

- Golang (Community request by [@_atsika](https://twitter.com/_atsika))

- Python

- Perl

- PowerShell

- VBA (Implemented by [@verydamptowel](https://twitter.com/verydamptowel))

- Java

- Ruby

- Raw (Implemented by [@y2qaq](https://twitter.com/y2qaq))

Supports a variety of different ciphers, including:

- ROT

- XOR

- RC4

- AES (AES-128-CBC, AES-192-CBC, AES-256-CBC)

- Chacha20 (Implemented by [@y2qaq](https://twitter.com/y2qaq))

Supports various obfuscation techniques, which make the malicious shellcode appear as if it were:

- IPv4

- IPv6

- MAC

- UUID (Supported by [@S1ckB0y1337](https://twitter.com/S1ckB0y1337) & [@MikeAngelowtt](https://twitter.com/MikeAngelowtt))

Supernova is written in Golang, a cross-platform language, enabling its use on both Windows and Linux systems.

## Installation

You can use the [precompiled binaries](https://github.com/nickvourd/Supernova/releases), or you can manually install Supernova by following the next steps:

1) Clone the repository by executing the following command:

```

git clone https://github.com/nickvourd/Supernova.git

```

2) Once the repository is cloned, navigate into the Supernova directory:

```

cd Supernova

```

3) Install the third-party dependencies:

```

go mod download

```

4) Build Supernova with the following command:

```

go build Supernova

```

## Usage

:information_source: Please refer to the [Supernova Wiki](https://github.com/nickvourd/Supernova/wiki) for detailed usage instructions and examples of commands.

```

███████╗██╗   ██╗██████╗ ███████╗██████╗ ███╗   ██╗ ██████╗ ██╗   ██╗ █████╗

██╔════╝██║   ██║██╔══██╗██╔════╝██╔══██╗████╗  ██║██╔═══██╗██║   ██║██╔══██╗

███████╗██║   ██║██████╔╝█████╗  ██████╔╝██╔██╗ ██║██║   ██║██║   ██║███████║

╚════██║██║   ██║██╔═══╝ ██╔══╝  ██╔══██╗██║╚██╗██║██║   ██║╚██╗ ██╔╝██╔══██║

███████║╚██████╔╝██║     ███████╗██║  ██║██║ ╚████║╚██████╔╝ ╚████╔╝ ██║  ██║

╚══════╝ ╚═════╝ ╚═╝     ╚══════╝╚═╝  ╚═╝╚═╝  ╚═══╝ ╚═════╝   ╚═══╝  ╚═╝  ╚═╝

Supernova v2.1 - Real fucking shellcode encryptor & obfuscator tool.

Supernova is an open source tool licensed under MIT.

Written with <3 by @nickvourd, @Papadope9 and @0xvm.

Please visit https://github.com/nickvourd/Supernova for more...

Usage of Suprenova:

  -debug

        Enable Debug mode

  -enc string

        Shellcode encoding/encryption (i.e., ROT, XOR, RC4, AES, CHACHA20)

  -input string

        Path to a raw shellcode

  -key int

        Key length size for encryption (default 1)

  -lang string

        Programming language to translate the shellcode (i.e., Nim, Rust, C, CSharp, Go, Python, PowerShell, Perl, VBA, Ruby, Java, Raw)

  -obf string

        Shellcode obfuscation (i.e., IPV4, IPV6, MAC, UUID)

  -output string

        Name of the output shellcode file

  -var string

        Name of dynamic variable (default "shellcode")

  -version

        Show Supernova current version

```

## References

- [Caesar Cipher Wikipedia](https://en.wikipedia.org/wiki/Caesar_cipher)

- [XOR Cipher Wikipedia](https://en.wikipedia.org/wiki/XOR_cipher)

- [RC4 Cipher Wikipedia](https://en.wikipedia.org/wiki/RC4)

- [AES Cipher Wikipedia](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard)

- [ChaCha20-Poly1305 Wikipedia](https://en.wikipedia.org/wiki/ChaCha20-Poly1305)

- [Block cipher mode of operation](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation)

- [Sector7 Institute](https://institute.sektor7.net/)

- [MalDev Academy](https://maldevacademy.com/)

- [OSEP-Code-Snippets GitHub by Chvancooten](https://github.com/chvancooten/OSEP-Code-Snippets)

- [From the Front Lines | Hive Ransomware Deploys Novel IPfuscation Technique To Avoid Detection by SentinelOne](https://www.sentinelone.com/blog/hive-ransomware-deploys-novel-ipfuscation-technique/)

- [Shellcode Obfuscation by Bordergate](https://www.bordergate.co.uk/shellcode-obfuscation/)