Giter VIP home page Giter VIP logo

zipbomb's Introduction

zipbomb

Build Status Go Reference

Tool that creates different types of zip bombs.

⚠️ This is for educational purpose. Don’t try it on live clients/servers!

Installing

You can install the pre-compiled binary in several different ways

homebrew tap:

brew tap hupe1980/zipbomb
brew install zipbomb

scoop:

scoop bucket add zipbomb https://github.com/hupe1980/zipbomb-bucket.git
scoop install zipbomb

deb/rpm/apk:

Download the .deb, .rpm or .apk from the releases page and install them with the appropriate tools.

manually:

Download the pre-compiled binaries from the releases page and copy to the desired location.

How to use

Usage:
  zipbomb [command]

Available Commands:
  completion  Generate the autocompletion script for the specified shell
  help        Help about any command
  no-overlap  Create non-recursive no-overlap zipbomb
  overlap     Create non-recursive overlap zipbomb
  zip-slip    Create a zip-slip

Flags:
  -h, --help            help for zipbomb
  -o, --output string   output filename (default "bomb.zip")
  -v, --version         version for zipbomb

Use "zipbomb [command] --help" for more information about a command.

Overlap

Create non-recursive zipbomb that achieves a high compression ratio by overlapping files inside the zip container

Usage:
  zipbomb overlap [flags]

Examples:
- zipbomb overlap -N 2000 --extra-tag 0x9999 --verify
- zipbomb overlap -N 2000 -R 200000000

Flags:
      --alphabet string         alphabet for generating filenames (default "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ")
  -L, --compression-level int   compression-level [-2, 9] (default 5)
      --extension string        extension for generating filenames
      --extra-tag uint16        extra tag to activate extra-field escaping
  -h, --help                    help for overlap
  -B, --kernel-bytes bytesHex   kernel bytes (default 42)
  -R, --kernel-repeats int      kernel repeats (default 1048576)
  -N, --num-files int           number of files (default 100)
      --verify                  verify zip archive

Global Flags:
  -o, --output string   output filename (default "bomb.zip")

No-Overlap

Usage:
  zipbomb no-overlap [flags]

Flags:
      --alphabet string         alphabet for generating filenames (default "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ")
  -L, --compression-level int   compression-level [-2, 9] (default 5)
      --extension string        extension for generating filenames
  -h, --help                    help for no-overlap
  -B, --kernel-bytes bytesHex   kernel bytes (default 42)
  -R, --kernel-repeats int      kernel repeats (default 1048576)
  -N, --num-files int           number of files (default 100)
      --verify                  verify zip archive

Global Flags:
  -o, --output string   output filename (default "bomb.zip")

ZipSlip

Usage:
  zipbomb zip-slip [flags]

Examples:
- zipbomb zip-slip --zip-slip "../../../file-to-overwrite" --verify
- zipbomb zip-slip --zip-slip-file "../../script.sh"="./template.sh" --verify

Flags:
  -L, --compression-level int          compression-level [-2, 9] (default 5)
  -h, --help                           help for zip-slip
  -B, --kernel-bytes bytesHex          kernel bytes (default 42)
  -R, --kernel-repeats int             kernel repeats (default 1048576)
      --verify                         verify zip archive
      --zip-slip strings               zip slip with kernel bytes
      --zip-slip-file stringToString   zip slip with file content (default [])

Global Flags:
  -o, --output string   output filename (default "bomb.zip")

References

License

MIT

zipbomb's People

Contributors

hupe1980 avatar

Stargazers

avatar avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.