OWASP ZSC is open source software written in python which lets you generate customized shellcode and convert scripts to an obfuscated script.
This software can be run on Windows/Linux/OSX with python.
Shellcodes are small codes in Assembly language which could be used as the payload in software exploitation. Other usages are in malwares, bypassing antiviruses, obfuscated codes and etc.
According to other shellcode generators same as metasploit tools and etc, The OWASP tool using new encodes and methods which antiviruses won’t detect.
The ZSC encoderes are able to generate shellcodes with random encodes and that’s lets you to get thousands new dynamic shellcodes with same job in just a second,that means you will not get a same code if you use random encodes with same commands, And that make ZSC one of the bests! otherwise it’s gonna generate shellcodes for many operating systems in next versions.
During red-team engagement it will be important to test the post exploitation and see how the security measures implemented will detect and prevent the attack. in case the exploit is obfuscated and may bypass the protection implemented with the antivirus it will be important to review the installed security modules and review the one failed to detect/prevent the attack.
You cane read more and download this tool over here: https://github.com/zdresearch/OWASP-ZSC
- OWASP Page: https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project
- Documents: https://www.gitbook.com/book/ali-razmjoo/owasp-zsc/details
- Home: http://zsc.z3r0d4y.com/
- Features: http://zsc.z3r0d4y.com/table.html
- Github: https://github.com/Ali-Razmjoo/OWASP-ZSC
- Archive: https://github.com/Ali-Razmjoo/ZCR-Shellcoder-Archive
- Mailing List: https://groups.google.com/d/forum/owasp-zsc
- API: http://api.z3r0d4y.com