dimasma0305/Bash_Obfuscation.py

## Bash_Obfuscation.py
import sys

NUMLIST = {
    "\\": "\\\\",
    "0": "${#}",
    "1": "${##}",
    "2": "$((${##}<<$((${##}))))",
    "3": "$((${##}<<$((${##}))^${##}))",
    "4": "$((${##}<<$((${##}))<<$((${##}))))",
    "5": "$((${##}<<$((${##}))<<$((${##}))^${##}))",
    "6": "$(($((${##}<<$((${##}))^${##}))<<${##}))",
    "7": "$(($((${##}<<$((${##}))^${##}))<<${##}^${##}))",
    "8": "$((${##}<<$((${##}))<<$((${##}))<<$((${##}))))",
    "9": "$((${##}<<$((${##}))<<$((${##}))<<$((${##}))^${##}))",
}

BASHSPECIALCHARS = {
    b'': 40, b'\x01': 1, b'\x02': 2, b'\x03': 3, b'\x04': 4, b'\x05': 5, b'\x06': 6, b'\x07': 7, b'\\8': 8, b'\\9': 9, b'\x08': 10, b'\x0e': 16, b'\x0f': 17, b'\x018': 18, b'\x019': 19, b'\x10': 20, b'\x11': 21, b'\x12': 22, b'\x13': 23, b'\x14': 24, b'\x15': 25, b'\x16': 26, b'\x17': 27, b'\x028': 28, b'\x029': 29, b'\x18': 30, b'\x19': 31, b'\x1a': 32, b'\x1b': 33, b'\x1c': 34, b'\x1d': 35, b'\x1e': 36, b'\x1f': 37, b'\x038': 38, b'\x039': 39, b'!': 41, b'"': 42, b'#': 43, b'$': 44, b'%': 45, b'&': 46, b"'": 47, b'\x048': 48, b'\x049': 49, b'(': 50, b')': 51, b'*': 52, b'+': 53, b',': 54, b'-': 55, b'.': 56, b'/': 57, b'\x058': 58, b'\x059': 59, b'0': 60, b'1': 61, b'2': 62, b'3': 63, b'4': 64, b'5': 65, b'6': 66, b'7': 67, b'\x068': 68, b'\x069': 69, b'8': 158, b'9': 159, b':': 72, b';': 73, b'<': 74, b'=': 75, b'>': 76, b'?': 77, b'\x078': 78, b'\x079': 79, b'\\80': 80, b'\\81': 81, b'\\82': 82, b'\\83': 83, b'\\84': 84, b'\\85': 85, b'\\86': 86, b'\\87': 87, b'\\88': 88, b'\\89': 89, b'\\90': 90, b'\\91': 91, b'\\92': 92, b'\\93': 93, b'\\94': 94, b'\\95': 95, b'\\96': 96, b'\\97': 97, b'\\98': 98, b'\\99': 99, b'@': 100, b'A': 101, b'B': 102, b'C': 103, b'D': 104, b'E': 105, b'F': 106, b'G': 107, b'\x088': 108, b'\x089': 109, b'H': 110, b'I': 111, b'J': 112, b'K': 113, b'L': 114, b'M': 115, b'N': 116, b'O': 117, b'P': 120, b'Q': 121, b'R': 122, b'S': 123, b'T': 124, b'U': 125, b'V': 126, b'W': 127, b'X': 130, b'Y': 131, b'Z': 132, b'[': 133, b'\\': 134, b']': 135, b'^': 136, b'_': 137, b'`': 140, b'a': 141, b'b': 142, b'c': 143, b'd': 144, b'e': 145, b'f': 146, b'g': 147, b'h': 150, b'i': 151, b'j': 152, b'k': 153, b'l': 154, b'm': 155, b'n': 156, b'o': 157, b'p': 160, b'q': 161, b'r': 162, b's': 163, b't': 164, b'u': 165, b'v': 166, b'w': 167, b'\x0e8': 168, b'\x0e9': 169, b'x': 170, b'y': 171, b'z': 172, b'{': 173, b'|': 174, b'}': 175, b'~': 176, b'\x7f': 177, b'\x0f8': 178, b'\x0f9': 179, b'\x0180': 180, b'\x0181': 181, b'\x0182': 182, b'\x0183': 183, b'\x0184': 184, b'\x0185': 185, b'\x0186': 186, b'\x0187': 187, b'\x0188': 188, b'\x0189': 189, b'\x0190': 190, b'\x0191': 191, b'\x0192': 192, b'\x0193': 193, b'\x0194': 194, b'\x0195': 195, b'\x0196': 196, b'\x0197': 197, b'\x0198': 198, b'\x0199': 199, b'\x80': 200, b'\x81': 201, b'\x82': 202, b'\x83': 203, b'\x84': 204, b'\x85': 205, b'\x86': 206, b'\x87': 207, b'\x108': 208, b'\x109': 209, b'\x88': 210, b'\x89': 211, b'\x8a': 212, b'\x8b': 213, b'\x8c': 214, b'\x8d': 215, b'\x8e': 216, b'\x8f': 217, b'\x118': 218, b'\x119': 219, b'\x90': 220, b'\x91': 221, b'\x92': 222, b'\x93': 223, b'\x94': 224, b'\x95': 225, b'\x96': 226, b'\x97': 227, b'\x128': 228, b'\x129': 229, b'\x98': 230, b'\x99': 231, b'\x9a': 232, b'\x9b': 233, b'\x9c': 234, b'\x9d': 235, b'\x9e': 236, b'\x9f': 237, b'\x138': 238, b'\x139': 239, b'\xa0': 240, b'\xa1': 241, b'\xa2': 242, b'\xa3': 243, b'\xa4': 244, b'\xa5': 245, b'\xa6': 246, b'\xa7': 247, b'\x148': 248, b'\x149': 249, b'\xa8': 250, b'\xa9': 251, b'\xaa': 252, b'\xab': 253, b'\xac': 254
}

LITERALS = ["{", "}", ",", ">", "<", "<<", ">>", "<<<", ">>>",
            "$", "'", '"', "`", "(", ")", "&", "&&", "#", "!", "|"]


class ParseBash:
    def toBashEscape(self, cmd):
        result = ""
        for mystring in cmd:
            result += f"\\{BASHSPECIALCHARS[bytes(mystring, 'utf-8')]}"
        return result

    def transform(self, cmd):
        result = ""
        for mystring in cmd:
            if mystring in NUMLIST.keys():
                result += NUMLIST[mystring]
            else:
                result += mystring
        return result

    def parse(self, cmd):
        '''
        example input { arg1 , arg2 , arg3 }
        '''
        text: str = cmd
        deob_cmd = ""
        for word in text.split():
            if word in LITERALS:
                deob_cmd += word
            else:
                tmp = self.toBashEscape(word)
                tmp = self.transform(tmp)
                tmp = r"$\'%s\'" % tmp
                deob_cmd += tmp
        return deob_cmd


def obfuscate(txt: str):
    words = txt.split(" ")
    temp = []
    parsed = ""
    for i, word in enumerate(words):
        if word not in LITERALS:
            temp.append(word)
            if i == len(words) - 1:
                wjoin = " , ".join(temp)+" , "
                parsed += ParseBash().parse("$ { ! # } <<< { "+wjoin+" }")
                temp = []
            continue
        wjoin = " , ".join(temp)+" , "
        parsed += ParseBash().parse("$ { ! # } <<< { "+wjoin+" }")
        parsed += word
        temp = []
    return parsed


if __name__ == "__main__":
    try:
        arg1 = sys.argv[1]
        txt_obfuscated = obfuscate(arg1)
        print(txt_obfuscated)
    except Exception as e:
        print(e)
        print("Usage: python3 Bash_Obfuscation.py <Bash Code>")
	import sys

	NUMLIST = {
	"\\": "\\\\",
	"0": "${#}",
	"1": "${##}",
	"2": "$((${##}<<$((${##}))))",
	"3": "$((${##}<<$((${##}))^${##}))",
	"4": "$((${##}<<$((${##}))<<$((${##}))))",
	"5": "$((${##}<<$((${##}))<<$((${##}))^${##}))",
	"6": "$(($((${##}<<$((${##}))^${##}))<<${##}))",
	"7": "$(($((${##}<<$((${##}))^${##}))<<${##}^${##}))",
	"8": "$((${##}<<$((${##}))<<$((${##}))<<$((${##}))))",
	"9": "$((${##}<<$((${##}))<<$((${##}))<<$((${##}))^${##}))",
	}

	BASHSPECIALCHARS = {
	b'': 40, b'\x01': 1, b'\x02': 2, b'\x03': 3, b'\x04': 4, b'\x05': 5, b'\x06': 6, b'\x07': 7, b'\\8': 8, b'\\9': 9, b'\x08': 10, b'\x0e': 16, b'\x0f': 17, b'\x018': 18, b'\x019': 19, b'\x10': 20, b'\x11': 21, b'\x12': 22, b'\x13': 23, b'\x14': 24, b'\x15': 25, b'\x16': 26, b'\x17': 27, b'\x028': 28, b'\x029': 29, b'\x18': 30, b'\x19': 31, b'\x1a': 32, b'\x1b': 33, b'\x1c': 34, b'\x1d': 35, b'\x1e': 36, b'\x1f': 37, b'\x038': 38, b'\x039': 39, b'!': 41, b'"': 42, b'#': 43, b'$': 44, b'%': 45, b'&': 46, b"'": 47, b'\x048': 48, b'\x049': 49, b'(': 50, b')': 51, b'*': 52, b'+': 53, b',': 54, b'-': 55, b'.': 56, b'/': 57, b'\x058': 58, b'\x059': 59, b'0': 60, b'1': 61, b'2': 62, b'3': 63, b'4': 64, b'5': 65, b'6': 66, b'7': 67, b'\x068': 68, b'\x069': 69, b'8': 158, b'9': 159, b':': 72, b';': 73, b'<': 74, b'=': 75, b'>': 76, b'?': 77, b'\x078': 78, b'\x079': 79, b'\\80': 80, b'\\81': 81, b'\\82': 82, b'\\83': 83, b'\\84': 84, b'\\85': 85, b'\\86': 86, b'\\87': 87, b'\\88': 88, b'\\89': 89, b'\\90': 90, b'\\91': 91, b'\\92': 92, b'\\93': 93, b'\\94': 94, b'\\95': 95, b'\\96': 96, b'\\97': 97, b'\\98': 98, b'\\99': 99, b'@': 100, b'A': 101, b'B': 102, b'C': 103, b'D': 104, b'E': 105, b'F': 106, b'G': 107, b'\x088': 108, b'\x089': 109, b'H': 110, b'I': 111, b'J': 112, b'K': 113, b'L': 114, b'M': 115, b'N': 116, b'O': 117, b'P': 120, b'Q': 121, b'R': 122, b'S': 123, b'T': 124, b'U': 125, b'V': 126, b'W': 127, b'X': 130, b'Y': 131, b'Z': 132, b'[': 133, b'\\': 134, b']': 135, b'^': 136, b'_': 137, b'`': 140, b'a': 141, b'b': 142, b'c': 143, b'd': 144, b'e': 145, b'f': 146, b'g': 147, b'h': 150, b'i': 151, b'j': 152, b'k': 153, b'l': 154, b'm': 155, b'n': 156, b'o': 157, b'p': 160, b'q': 161, b'r': 162, b's': 163, b't': 164, b'u': 165, b'v': 166, b'w': 167, b'\x0e8': 168, b'\x0e9': 169, b'x': 170, b'y': 171, b'z': 172, b'{': 173, b'\|': 174, b'}': 175, b'~': 176, b'\x7f': 177, b'\x0f8': 178, b'\x0f9': 179, b'\x0180': 180, b'\x0181': 181, b'\x0182': 182, b'\x0183': 183, b'\x0184': 184, b'\x0185': 185, b'\x0186': 186, b'\x0187': 187, b'\x0188': 188, b'\x0189': 189, b'\x0190': 190, b'\x0191': 191, b'\x0192': 192, b'\x0193': 193, b'\x0194': 194, b'\x0195': 195, b'\x0196': 196, b'\x0197': 197, b'\x0198': 198, b'\x0199': 199, b'\x80': 200, b'\x81': 201, b'\x82': 202, b'\x83': 203, b'\x84': 204, b'\x85': 205, b'\x86': 206, b'\x87': 207, b'\x108': 208, b'\x109': 209, b'\x88': 210, b'\x89': 211, b'\x8a': 212, b'\x8b': 213, b'\x8c': 214, b'\x8d': 215, b'\x8e': 216, b'\x8f': 217, b'\x118': 218, b'\x119': 219, b'\x90': 220, b'\x91': 221, b'\x92': 222, b'\x93': 223, b'\x94': 224, b'\x95': 225, b'\x96': 226, b'\x97': 227, b'\x128': 228, b'\x129': 229, b'\x98': 230, b'\x99': 231, b'\x9a': 232, b'\x9b': 233, b'\x9c': 234, b'\x9d': 235, b'\x9e': 236, b'\x9f': 237, b'\x138': 238, b'\x139': 239, b'\xa0': 240, b'\xa1': 241, b'\xa2': 242, b'\xa3': 243, b'\xa4': 244, b'\xa5': 245, b'\xa6': 246, b'\xa7': 247, b'\x148': 248, b'\x149': 249, b'\xa8': 250, b'\xa9': 251, b'\xaa': 252, b'\xab': 253, b'\xac': 254
	}

	LITERALS = ["{", "}", ",", ">", "<", "<<", ">>", "<<<", ">>>",
	"$", "'", '"', "`", "(", ")", "&", "&&", "#", "!", "\|"]


	class ParseBash:
	def toBashEscape(self, cmd):
	result = ""
	for mystring in cmd:
	result += f"\\{BASHSPECIALCHARS[bytes(mystring, 'utf-8')]}"
	return result

	def transform(self, cmd):
	result = ""
	for mystring in cmd:
	if mystring in NUMLIST.keys():
	result += NUMLIST[mystring]
	else:
	result += mystring
	return result

	def parse(self, cmd):
	'''
	example input { arg1 , arg2 , arg3 }
	'''
	text: str = cmd
	deob_cmd = ""
	for word in text.split():
	if word in LITERALS:
	deob_cmd += word
	else:
	tmp = self.toBashEscape(word)
	tmp = self.transform(tmp)
	tmp = r"$\'%s\'" % tmp
	deob_cmd += tmp
	return deob_cmd


	def obfuscate(txt: str):
	words = txt.split(" ")
	temp = []
	parsed = ""
	for i, word in enumerate(words):
	if word not in LITERALS:
	temp.append(word)
	if i == len(words) - 1:
	wjoin = " , ".join(temp)+" , "
	parsed += ParseBash().parse("$ { ! # } <<< { "+wjoin+" }")
	temp = []
	continue
	wjoin = " , ".join(temp)+" , "
	parsed += ParseBash().parse("$ { ! # } <<< { "+wjoin+" }")
	parsed += word
	temp = []
	return parsed


	if __name__ == "__main__":
	try:
	arg1 = sys.argv[1]
	txt_obfuscated = obfuscate(arg1)
	print(txt_obfuscated)
	except Exception as e:
	print(e)
	print("Usage: python3 Bash_Obfuscation.py <Bash Code>")