View Issue Details

IDProjectCategoryView StatusLast Update
0004412Kali Linux[All Projects] New Tool Requestspublic2018-05-23 01:14
Reporterwetw0rkAssigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
Status newResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0004412: Sickle - Shellcode development tool
DescriptionSickle is a shellcode development tool, created to speed up the various steps needed to create functioning shellcode. Aids the developer in eliminating bad characters, formatting output in various languages, executing shellcode in both Windows and Linux environments, comparing reversed shellcode to original, and disassembling shellcode into assembly language (ARM, x86, etc).
Steps To Reproducegit clone https://github.com/wetw0rk/Sickle.git

cd Sickle/

apt-get install python3-pip

pip3 install capstone

chmod +x sickle.py && cp sickle.py /usr/bin/sickle

sickle
Additional InformationWritten in Python 3, and only dependency required to run is capstone (for disassembly).

Activities

steev

2017-12-09 04:24

developer   ~0007674

is the version of capstone that we have in Kali not new enough for sickle?

wetw0rk

2017-12-09 07:40

reporter   ~0007675

After checking you are correct, the version currently installed in Kali will work perfectly. I made a couple changes, and verified sickle worked properly on a fresh Kali 2017.3 install.

wetw0rk

2017-12-11 07:45

reporter   ~0007680

Pushed some changes to the sickle. Thank you for your time.

g0tmi1k

2018-01-29 15:13

administrator   ~0008471

To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

- [Name] - The name of the tool
- [Version] - What version of the tool should be added?
--- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
- [Homepage] - Where can the tool be found online? Where to go to get more information?
- [Download] - Where to go to get the tool?
- [Author] - Who made the tool?
- [Licence] - How is the software distributed? What conditions does it come with?
- [Description] - What is the tool about? What does it do?
- [Dependencies] - What is needed for the tool to work?
- [Similar tools] - What other tools are out there?
- [How to install] - How do you compile it?
- [How to use] - What are some basic commands/functions to demonstrate it?

wetw0rk

2018-01-29 18:10

reporter   ~0008548

Absolutely, if there’s any other information that would help let me know. Below is the
requested info:

-[Name] - Sickle

-[Version] - 1.4

-[Homepage] - https://github.com/wetw0rk/Sickle

-[Download] - https://github.com/wetw0rk/Sickle.git

-[Author] - Milton Valencia (wetw0rk)

-[License] - MIT License

-[Description] - Sickle is a shellcode development tool created to speed up the various steps
                    needed to create functioning shellcode. Sickle aids the developer in:
                    identification of bad characters, formatting in multiple languages (python,
                    perl, powershell, etc), executing shellcode in both Linux and Windows environments,
                    comparing reversed shellcode to original, and disassemble shellcode into various
                    architectures (ARM-THUMB, x86-32, x86-64, etc).

-[Dependencies] - capstone (If used within Kali the existing version of capstone works out of the
                    box. Otherwise it’s recommended to install via pip3 `pip3 install capstone`)

-[Similar tools] - msfvenom, ndisasm, shellnoob

-[How to install] - git clone https://github.com/wetw0rk/Sickle.git
                    cd Sickle/ && chmod +x sickle.py && cp sickle.py /usr/bin/sickle
                    echo “Sickle installed!”

-[How to use] - Identification of instructions what result bad characters:
                        sickle -r shellcode -f python -v jumpcode -b "\x00" -c
                    Running shellcode (Sickle detects if Windows or Linux):
                        sickle -r shellcode -rs
                    Comparing shellcode:
                        sickle -r <my reverse shell> -e <original reverse shell>
                    Disassembly of shellcode (x86-64):
                        sickle -r reverse-shell -d -a x86 -m 64
                    Asciinema example:
                        https://asciinema.org/a/7vvVRjZGbY7OlqMsh6dBi7FDU

I also went ahead and added screenshots.

example.png (357,345 bytes)

wetw0rk

2018-01-29 23:05

reporter   ~0008557

I went ahead and added a git tag as well: https://github.com/wetw0rk/Sickle/releases/tag/v1.4

thanks

wetw0rk

2018-02-12 00:26

reporter   ~0008654

@g0tmi1k I recently released v1.5 the git tag is here:

https://github.com/wetw0rk/Sickle/releases/tag/v1.5

The only notable change is the compare function.

Thanks

wetw0rk

2018-02-12 00:28

reporter  

compare.png (286,740 bytes)

wetw0rk

2018-02-12 00:28

reporter  

dissemble.png (413,406 bytes)

wetw0rk

2018-05-22 01:51

reporter   ~0009169

Whenever a new change is made do we need to release a new tag?

steev

2018-05-22 04:26

developer   ~0009170

Not for every change necessarily, but if you consider a new change worth a new release, then you should.

It depends on your idea of versioning.

If it's a bug change, you could do v1.5.1, if it's enough to be considered a new release, you could do v1.6. If it's massive changes, then possibly 2.0.

wetw0rk

2018-05-23 01:14

reporter   ~0009171

Alright sweet in that case I went ahead and added a new release tag https://github.com/wetw0rk/Sickle/releases/tag/v1.6

Syntax, Running Shellcode in 64bit, and Comparing shellcode has changed. Running shellcode in 64bit is more reliable thanks to contributor luoyeah, and comparing shellcode has dramatically changed since 1.5 (ASM and Opcodes vs just opcodes). Examples below:

Identification of instructions what result bad characters:
  sickle -r shellcode -f python -v jumpcode -b "\x00" -c
Running shellcode (Sickle detects if Windows or Linux):
  sickle -r shellcode -rs
Comparing shellcode:
  sickle -r <my reverse shell> -e <original reverse shell>
Disassembly of shellcode (x86-64):
  sickle -r reverse-shell -a x86_64 -d
Asciinema example:
  https://asciinema.org/a/7vvVRjZGbY7OlqMsh6dBi7FDU

Issue History

Date Modified Username Field Change
2017-12-06 06:14 wetw0rk New Issue
2017-12-09 04:24 steev Note Added: 0007674
2017-12-09 07:40 wetw0rk Note Added: 0007675
2017-12-11 07:45 wetw0rk Note Added: 0007680
2018-01-26 11:46 g0tmi1k Summary Shellcode development tool => Sickle - Shellcode development tool
2018-01-29 15:13 g0tmi1k Note Added: 0008471
2018-01-29 18:10 wetw0rk File Added: example.png
2018-01-29 18:10 wetw0rk Note Added: 0008548
2018-01-29 23:05 wetw0rk Note Added: 0008557
2018-02-12 00:26 wetw0rk Note Added: 0008654
2018-02-12 00:28 wetw0rk File Added: compare.png
2018-02-12 00:28 wetw0rk File Added: dissemble.png
2018-02-21 09:35 g0tmi1k Product Version 2017.3 =>
2018-05-22 01:51 wetw0rk Note Added: 0009169
2018-05-22 04:26 steev Note Added: 0009170
2018-05-23 01:14 wetw0rk Note Added: 0009171