Login
QuickResponseC2 is a stealthy Command and Control (C2) framework that enables indirect and covert communication between the attacker and victim machines via an intermediate HTTP/S server. All network activity is limited to uploading and downloading images, making it an fully undetectable by IPS/IDS Systems and an ideal tool for security research and penetration testing.
Command Execution via QR Codes:
Users can send custom commands to the victim machine, encoded as QR codes.
Victims scan the QR code, which triggers the execution of the command on their system.
The command can be anything from simple queries to complex operations based on the test scenario.
Result Retrieval:
Results of the executed command are returned from the victim system and encoded into a QR code.
The server decodes the result and provides feedback to the attacker for further analysis or follow-up actions.
Built-in HTTP Server:
The tool includes a lightweight HTTP server that facilitates the victim machine's retrieval of command QR codes.
Results are sent back to the server as QR code images, and they are automatically saved with unique filenames for easy management.
The attacker's machine handles multiple requests, with HTTP logs organized and saved separately.
Stealthy Communication:
QuickResponseC2 operates under the radar, with minimal traces, providing a covert way to interact with the victim machine without alerting security defenses.
Ideal for security assessments or testing command-and-control methodologies without being detected.
File Handling:
The tool automatically saves all QR codes (command and result) to the server_files directory, using sequential filenames like command0.png, command1.png, etc.
Decoding and processing of result files are handled seamlessly.
User-Friendly Interface:
The tool is operated via a simple command-line interface, allowing users to set up a C2 server, send commands, and receive results with ease.
No additional complex configurations or dependencies are needed.
FreshRSS pip3 install -r requirements.txt
python3 main.py
1 - Run the C2 Server
2 - Build the Victim Implant
https://github.com/user-attachments/assets/382e9350-d650-44e5-b8ef-b43ec90b315d
8080).commandX.png on the HTTP server.commandX.png), it downloads and decodes the image to retrieve the command.resultX.png.resultX.png).
Feel free to fork and contribute! Pull requests are welcome.
file-unpumper is a powerful command-line utility designed to clean and analyze Portable Executable (PE) files. It provides a range of features to help developers and security professionals work with PE files more effectively.
PE Header Fixing: file-unpumper can fix and align the PE headers of a given executable file. This is particularly useful for resolving issues caused by packers or obfuscators that modify the headers.
Resource Extraction: The tool can extract embedded resources from a PE file, such as icons, bitmaps, or other data resources. This can be helpful for reverse engineering or analyzing the contents of an executable.
Metadata Analysis: file-unpumper provides a comprehensive analysis of the PE file's metadata, including information about the machine architecture, number of sections, timestamp, subsystem, image base, and section details.
File Cleaning: The core functionality of file-unpumper is to remove any "pumped" or padded data from a PE file, resulting in a cleaned version of the executable. This can aid in malware analysis, reverse engineering, or simply reducing the file size.
Parallel Processing: To ensure efficient performance, file-unpumper leverages the power of parallel processing using the rayon crate, allowing it to handle large files with ease.
Progress Tracking: During the file cleaning process, a progress bar is displayed, providing a visual indication of the operation's progress and estimated time remaining.
file-unpumper is written in Rust and can be easily installed using the Cargo package manager:
cargo install file-unpumper
<INPUT>: The path to the input PE file.--fix-headers: Fix and align the PE headers of the input file.--extract-resources: Extract embedded resources from the input file.--analyze-metadata: Analyze and display the PE file's metadata.-h, --help: Print help information.-V, --version: Print version information.bash file-unpumper path/to/input.exe
bash file-unpumper --fix-headers --analyze-metadata path/to/input.exe
bash file-unpumper --extract-resources path/to/input.exe
bash file-unpumper --fix-headers --extract-resources --analyze-metadata path/to/input.exe
Contributions to file-unpumper are welcome! If you encounter any issues or have suggestions for improvements, please open an issue or submit a pull request on the GitHub repository.
The latest changelogs can be found in CHANGELOG.md
file-unpumper is released under the MIT License.
Caracal is a static analyzer tool over the SIERRA representation for Starknet smart contracts.
Precompiled binaries are available on our releases page. If you are using Cairo compiler 1.x.x uses the binary v0.1.x otherwise if you are using the Cairo compiler 2.x.x uses v0.2.x.
You need the Rust compiler and Cargo. Building from git:
cargo install --git https://github.com/crytic/caracal --profile release --forceBuilding from a local copy:
git clone https://github.com/crytic/caracal
cd caracal
cargo install --path . --profile release --forceList detectors:
caracal detectorsList printers:
caracal printersTo use with a standalone cairo file you need to pass the path to the corelib library either with the --corelib cli option or by setting the CORELIB_PATH environment variable. Run detectors:
caracal detect path/file/to/analyze --corelib path/to/corelib/srcRun printers:
caracal print path/file/to/analyze --printer printer_to_use --corelib path/to/corelib/srcIf you have a project that uses Scarb you need to add the following in Scarb.toml:
[[target.starknet-contract]]
sierra = true
[cairo]
sierra-replace-ids = trueThen pass the path to the directory where Scarb.toml resides. Run detectors:
caracal detect path/to/dirRun printers:
caracal print path/to/dir --printer printer_to_use| Num | Detector | What it Detects | Impact | Confidence | Cairo |
|---|---|---|---|---|---|
| 1 | controlled-library-call | Library calls with a user controlled class hash | High | Medium | 1 & 2 |
| 2 | unchecked-l1-handler-from | Detect L1 handlers without from address check | High | Medium | 1 & 2 |
| 3 | felt252-overflow | Detect user controlled operations with felt252 type, which is not overflow safe | High | Medium | 1 & 2 |
| 4 | reentrancy | Detect when a storage variable is read before an external call and written after | Medium | Medium | 1 & 2 |
| 5 | read-only-reentrancy | Detect when a view function read a storage variable written after an external call | Medium | Medium | 1 & 2 |
| 6 | unused-events | Events defined but not emitted | Medium | Medium | 1 & 2 |
| 7 | unused-return | Unused return values | Medium | Medium | 1 & 2 |
| 8 | unenforced-view | Function has view decorator but modifies state | Medium | Medium | 1 |
| 9 | unused-arguments | Unused arguments | Low | Medium | 1 & 2 |
| 10 | reentrancy-benign | Detect when a storage variable is written after an external call but not read before | Low | Medium | 1 & 2 |
| 11 | reentrancy-events | Detect when an event is emitted after an external call leading to out-of-order events | Low | Medium | 1 & 2 |
| 12 | dead-code | Private functions never used | Low | Medium | 1 & 2 |
The Cairo column represent the compiler version(s) for which the detector is valid.
cfg: Export the CFG of each function to a .dot filecallgraph: Export function call graph to a .dot fileCheck the wiki on the following topics:
