2018-09-23 14:23 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0004412Kali Linux[All Projects] New Tool Requestspublic2018-05-23 01:14
Reporterwetw0rk 
Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
StatusnewResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0004412: Sickle - Shellcode development tool
DescriptionSickle is a shellcode development tool, created to speed up the various steps needed to create functioning shellcode. Aids the developer in eliminating bad characters, formatting output in various languages, executing shellcode in both Windows and Linux environments, comparing reversed shellcode to original, and disassembling shellcode into assembly language (ARM, x86, etc).
Steps To Reproducegit clone https://github.com/wetw0rk/Sickle.git

cd Sickle/

apt-get install python3-pip

pip3 install capstone

chmod +x sickle.py && cp sickle.py /usr/bin/sickle

sickle
Additional InformationWritten in Python 3, and only dependency required to run is capstone (for disassembly).
Attached Files

-Relationships
+Relationships

-Notes

~0007674

threeway (developer)

is the version of capstone that we have in Kali not new enough for sickle?

~0007675

wetw0rk (reporter)

After checking you are correct, the version currently installed in Kali will work perfectly. I made a couple changes, and verified sickle worked properly on a fresh Kali 2017.3 install.

~0007680

wetw0rk (reporter)

Pushed some changes to the sickle. Thank you for your time.

~0008471

g0tmi1k (administrator)

To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

- [Name] - The name of the tool
- [Version] - What version of the tool should be added?
--- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
- [Homepage] - Where can the tool be found online? Where to go to get more information?
- [Download] - Where to go to get the tool?
- [Author] - Who made the tool?
- [Licence] - How is the software distributed? What conditions does it come with?
- [Description] - What is the tool about? What does it do?
- [Dependencies] - What is needed for the tool to work?
- [Similar tools] - What other tools are out there?
- [How to install] - How do you compile it?
- [How to use] - What are some basic commands/functions to demonstrate it?

~0008548

wetw0rk (reporter)

Absolutely, if there’s any other information that would help let me know. Below is the
requested info:

-[Name] - Sickle

-[Version] - 1.4

-[Homepage] - https://github.com/wetw0rk/Sickle

-[Download] - https://github.com/wetw0rk/Sickle.git

-[Author] - Milton Valencia (wetw0rk)

-[License] - MIT License

-[Description] - Sickle is a shellcode development tool created to speed up the various steps
                    needed to create functioning shellcode. Sickle aids the developer in:
                    identification of bad characters, formatting in multiple languages (python,
                    perl, powershell, etc), executing shellcode in both Linux and Windows environments,
                    comparing reversed shellcode to original, and disassemble shellcode into various
                    architectures (ARM-THUMB, x86-32, x86-64, etc).

-[Dependencies] - capstone (If used within Kali the existing version of capstone works out of the
                    box. Otherwise it’s recommended to install via pip3 `pip3 install capstone`)

-[Similar tools] - msfvenom, ndisasm, shellnoob

-[How to install] - git clone https://github.com/wetw0rk/Sickle.git
                    cd Sickle/ && chmod +x sickle.py && cp sickle.py /usr/bin/sickle
                    echo “Sickle installed!”

-[How to use] - Identification of instructions what result bad characters:
                        sickle -r shellcode -f python -v jumpcode -b "\x00" -c
                    Running shellcode (Sickle detects if Windows or Linux):
                        sickle -r shellcode -rs
                    Comparing shellcode:
                        sickle -r <my reverse shell> -e <original reverse shell>
                    Disassembly of shellcode (x86-64):
                        sickle -r reverse-shell -d -a x86 -m 64
                    Asciinema example:
                        https://asciinema.org/a/7vvVRjZGbY7OlqMsh6dBi7FDU

I also went ahead and added screenshots.

~0008557

wetw0rk (reporter)

I went ahead and added a git tag as well: https://github.com/wetw0rk/Sickle/releases/tag/v1.4

thanks

~0008654

wetw0rk (reporter)

@g0tmi1k I recently released v1.5 the git tag is here:

https://github.com/wetw0rk/Sickle/releases/tag/v1.5

The only notable change is the compare function.

Thanks

~0009169

wetw0rk (reporter)

Whenever a new change is made do we need to release a new tag?

~0009170

threeway (developer)

Not for every change necessarily, but if you consider a new change worth a new release, then you should.

It depends on your idea of versioning.

If it's a bug change, you could do v1.5.1, if it's enough to be considered a new release, you could do v1.6. If it's massive changes, then possibly 2.0.

~0009171

wetw0rk (reporter)

Alright sweet in that case I went ahead and added a new release tag https://github.com/wetw0rk/Sickle/releases/tag/v1.6

Syntax, Running Shellcode in 64bit, and Comparing shellcode has changed. Running shellcode in 64bit is more reliable thanks to contributor luoyeah, and comparing shellcode has dramatically changed since 1.5 (ASM and Opcodes vs just opcodes). Examples below:

Identification of instructions what result bad characters:
  sickle -r shellcode -f python -v jumpcode -b "\x00" -c
Running shellcode (Sickle detects if Windows or Linux):
  sickle -r shellcode -rs
Comparing shellcode:
  sickle -r <my reverse shell> -e <original reverse shell>
Disassembly of shellcode (x86-64):
  sickle -r reverse-shell -a x86_64 -d
Asciinema example:
  https://asciinema.org/a/7vvVRjZGbY7OlqMsh6dBi7FDU
+Notes

-Issue History
Date Modified Username Field Change
2017-12-06 06:14 wetw0rk New Issue
2017-12-09 04:24 threeway Note Added: 0007674
2017-12-09 07:40 wetw0rk Note Added: 0007675
2017-12-11 07:45 wetw0rk Note Added: 0007680
2018-01-26 11:46 g0tmi1k Summary Shellcode development tool => Sickle - Shellcode development tool
2018-01-29 15:13 g0tmi1k Note Added: 0008471
2018-01-29 18:10 wetw0rk File Added: example.png
2018-01-29 18:10 wetw0rk Note Added: 0008548
2018-01-29 23:05 wetw0rk Note Added: 0008557
2018-02-12 00:26 wetw0rk Note Added: 0008654
2018-02-12 00:28 wetw0rk File Added: compare.png
2018-02-12 00:28 wetw0rk File Added: dissemble.png
2018-02-21 09:35 g0tmi1k Product Version 2017.3 =>
2018-05-22 01:51 wetw0rk Note Added: 0009169
2018-05-22 04:26 threeway Note Added: 0009170
2018-05-23 01:14 wetw0rk Note Added: 0009171
+Issue History