### Install and Run ZigStrike Application
Source: https://github.com/0xsp-srd/zigstrike/blob/main/README.md
This snippet outlines the steps to clone the ZigStrike repository, navigate to the application directory, and run the Python web interface. It requires Git and Python 3.x with Flask installed.
```bash
git clone https://github.com/0xsp-SRD/ZigStrike/
cd ZigStrike/App/
python3 App.py
```
--------------------------------
### Build and Run ZigStrike with Docker
Source: https://github.com/0xsp-srd/zigstrike/blob/main/README.md
This section details how to use Docker to build the ZigStrike image and run it as a container. This method is useful for users experiencing issues with direct installation or for a more isolated environment. It requires Docker to be installed.
```bash
git clone https://github.com/0xsp-SRD/ZigStrike/
cd ZigStrike/
# Build the image
docker build -t zigstrike .
# Run the container
docker run -p 5002:5002 zigstrike
```
--------------------------------
### Copy MD5 Hash to Clipboard with JavaScript
Source: https://github.com/0xsp-srd/zigstrike/blob/main/App/templates/implants.html
This JavaScript code enables users to copy MD5 hashes to their clipboard by clicking on elements with the class 'md5-hash'. Upon a successful copy, it displays a temporary 'Copied to clipboard!' tooltip near the cursor. It also adds a visual cue (pointer cursor and tooltip) to indicate that the hash is clickable.
```javascript
document.addEventListener('DOMContentLoaded', function() {
const md5Hashes = document.querySelectorAll('.md5-hash');
md5Hashes.forEach(hash => {
hash.addEventListener('click', function() {
const text = this.textContent;
navigator.clipboard.writeText(text).then(() => {
const tooltip = document.createElement('div');
tooltip.textContent = 'Copied to clipboard!';
tooltip.style.position = 'absolute';
tooltip.style.left = (event.pageX + 10) + 'px';
tooltip.style.top = (event.pageY - 30) + 'px';
tooltip.style.backgroundColor = '#00ff00';
tooltip.style.color = '#000';
tooltip.style.padding = '5px 10px';
tooltip.style.borderRadius = '3px';
tooltip.style.fontSize = '12px';
tooltip.style.zIndex = '1000';
tooltip.style.transition = 'opacity 0.5s ease';
document.body.appendChild(tooltip);
setTimeout(() => {
tooltip.style.opacity = '0';
setTimeout(() => {
document.body.removeChild(tooltip);
}, 500);
}, 1500);
});
});
hash.style.cursor = 'pointer';
hash.title = 'Click to copy to clipboard';
});
});
```
--------------------------------
### Shellcode Compilation Form Submission (JavaScript)
Source: https://github.com/0xsp-srd/zigstrike/blob/main/App/templates/index.html
Handles the submission of the compilation form, including pre-submission validation for protection features and content. It sends the form data via an AJAX POST request to the server and handles the response, including downloading the compiled shellcode or displaying error messages. The script also manages UI feedback for compilation status.
```javascript
document.getElementById('compileForm').addEventListener('submit', function(e) { e.preventDefault(); const enableProtection = document.getElementById('enable_protection'); const protectionFeatures = document.querySelectorAll('input[name="protection_features"]:checked'); // Validate sandbox protection if (!enableProtection.checked || protectionFeatures.length === 0) { const notification = document.getElementById('notification'); notification.style.backgroundColor = '#ff0000'; notification.textContent = 'Please enable sandbox protection and select at least one option'; notification.style.display = 'block'; notification.style.opacity = '1'; return false; } // Proceed with form submission if validation passes const formData = new FormData(this); // Show notification var notification = document.getElementById('notification'); notification.style.display = 'block'; setTimeout(() => { notification.style.opacity = '1'; }, 10); // Send AJAX request fetch('/', { method: 'POST', headers: { 'Accept': 'application/x-msdownload', }, body: formData, credentials: 'same-origin' }) .then(response => { if (!response.ok) { return response.json().then(err => { throw new Error(err.error || 'Compilation failed'); }); } return response.blob(); }) .then(blob => { // Hide notification notification.style.opacity = '0'; setTimeout(() => { notification.style.display = 'none'; }, 500); // Create download link // var url = window.URL.createObjectURL(blob); // var a = document.createElement('a'); // a.href = url; // a.download = 'output.' + document.getElementById('extension').value; // document.body.appendChild(a); // a.click(); // window.URL.revokeObjectURL(url); }) .catch(error => { console.error('Error:', error); notification.textContent = error.message || 'Compilation failed'; notification.style.backgroundColor = '#ff0000'; setTimeout(() => { notification.style.opacity = '0'; setTimeout(() => { notification.style.display = 'none'; }, 500); }, 3000); }); });
```
--------------------------------
### JavaScript Shellcode Conversion Utilities
Source: https://github.com/0xsp-srd/zigstrike/blob/main/App/templates/index.html
These JavaScript functions handle the conversion of shellcode between raw byte format and hexadecimal string representation. They are used for inputting, displaying, and manipulating shellcode data within a web interface. The functions include logic for file reading, format toggling, and user feedback.
```javascript
function convertToHexFormat(rawShellcode) {
let hexArray = [];
for (let i = 0; i < rawShellcode.length; i++) {
let hex = rawShellcode.charCodeAt(i).toString(16).padStart(2, '0');
hexArray.push('\\x' + hex);
}
return hexArray.join('');
}
function handleRawShellcodeFile(file) {
const reader = new FileReader();
reader.onload = function(e) {
const arrayBuffer = e.target.result;
const bytes = new Uint8Array(arrayBuffer);
let hexString = '';
for (let i = 0; i < bytes.length; i++) {
hexString += '\\x' + bytes[i].toString(16).padStart(2, '0');
}
document.querySelector('textarea[name="content"]').value = hexString;
const notification = document.getElementById('notification');
notification.style.backgroundColor = '#00ff00';
notification.textContent = 'Shellcode converted successfully!';
notification.style.display = 'block';
notification.style.opacity = '1';
setTimeout(() => {
notification.style.opacity = '0';
setTimeout(() => {
notification.style.display = 'none';
notification.innerHTML = `
Compiling...it could take a while depending on the size of the shellcode
`;
}, 500);
}, 1000);
};
reader.readAsArrayBuffer(file);
}
document.getElementById('toggleFormat').addEventListener('click', function() {
let textarea = document.querySelector('textarea[name="content"]');
let content = textarea.value;
if (this.textContent.includes('Manual')) {
this.innerHTML = ' Raw Format';
textarea.placeholder = "Enter comma-separated shellcode (\\x41\\x42...)";
} else {
this.innerHTML = ' Manual Input';
textarea.placeholder = "Enter raw shellcode";
}
if (content) {
if (content.includes('\\x')) {
let raw = content.split('\\x')
.filter(x => x)
.map(x => String.fromCharCode(parseInt(x, 16)))
.join('');
textarea.value = raw;
} else {
textarea.value = convertToHexFormat(content);
}
}
});
document.getElementById('uploadShellcode').addEventListener('click', function() {
document.getElementById('shellcodeFile').click();
});
document.getElementById('shellcodeFile').addEventListener('change', function(e) {
if (e.target.files.length > 0) {
handleRawShellcodeFile(e.target.files[0]);
}
});
const textarea = document.querySelector('textarea[name="content"]');
textarea.addEventListener('dragover', function(e) {
e.preventDefault();
this.style.borderColor = '#00ff00';
this.style.boxShadow = '0 0 20px #00ff00';
});
textarea.addEventListener('dragleave', function(e) {
e.preventDefault();
this.style.borderColor = '#00ff00';
this.style.boxShadow = '0 0 10px #00ff00';
});
textarea.addEventListener('drop', function(e) {
e.preventDefault();
this.style.borderColor = '#00ff00';
this.style.boxShadow = '0 0 10px #00ff00';
if (e.dataTransfer.files.length > 0) {
handleRawShellcodeFile(e.dataTransfer.files[0]);
}
});
document.querySelectorAll('input[name="injection_method"]').forEach(radio => {
radio.addEventListener('change', function() {
const processInput = document.getElementById('process-input');
if (this.value === 'remote_mapping' || this.value === 'remote_thread' || this.value === 'early_cascade') {
processInput.style.display = 'block';
document.getElementById('process-name').required = true;
} else {
processInput.style.display = 'none';
document.getElementById('process-name').required = false;
}
});
});
document.getElementById('process-name').addEventListener('input', function() {
const processName = this.value.trim();
if (processName && !processName.match(/^[\]w\- .]+\.exe$/i)) {
this.style.borderColor = '#ff0000';
this.style.boxShadow = '0 0 10px #ff0000';
} else {
this.style.borderColor = '#00ff00';
this.style.boxShadow = '0 0 10px #00ff00';
}
});
fetch('/implants')
.then(response => {
const implantCountElement = document.getElementById('implants-count');
const count = localStorage.getItem('implants-count') || 0;
implantCountElement.textContent = count;
})
.catch(error => console.error('Error fetching implants count:', error));
```
--------------------------------
### Sandbox Protection Toggling (JavaScript)
Source: https://github.com/0xsp-srd/zigstrike/blob/main/App/templates/index.html
Manages the visibility and interactivity of sandbox protection options based on a master 'enable protection' checkbox. When enabled, it displays the associated checkboxes and enables them; when disabled, it hides the options and disables the checkboxes, resetting their checked state. This enhances user experience by only showing relevant options.
```javascript
document.getElementById('enable_protection').addEventListener('change', function() { const protectionChoices = document.getElementById('protection_choices'); const checkboxes = protectionChoices.querySelectorAll('input[type="checkbox"]'); if (this.checked) { protectionChoices.style.display = 'block'; checkboxes.forEach(checkbox => checkbox.disabled = false); } else { protectionChoices.style.display = 'none'; checkboxes.forEach(checkbox => { checkbox.disabled = true; checkbox.checked = false; }); } });
```
--------------------------------
### Shellcode to Hex Conversion Utility (JavaScript)
Source: https://github.com/0xsp-srd/zigstrike/blob/main/App/templates/index.html
A utility function designed to convert a raw shellcode string into a hexadecimal format. It iterates through the input string, appending each character's hexadecimal representation to an array. This is useful for preparing shellcode for embedding or transmission in certain formats.
```javascript
function convertToHexFormat(rawShellcode) { let hexArray = [];
for (let i = 0; i < rawShellcode.length; i++) {
hexArray.push(rawShellcode.charCodeAt(i).toString(16).padStart(2, '0'));
}
return hexArray.join('');
}
```
--------------------------------
### Toggle Details Visibility with JavaScript
Source: https://github.com/0xsp-srd/zigstrike/blob/main/App/templates/implants.html
This JavaScript code adds functionality to toggle the visibility of detailed information sections on the page. It listens for clicks on elements with the class 'details-toggle' and updates the display of corresponding detail divs, changing the button text between 'Details' and 'Hide Details'.
```javascript
document.addEventListener('DOMContentLoaded', function() {
const detailsToggles = document.querySelectorAll('.details-toggle');
detailsToggles.forEach(toggle => {
toggle.addEventListener('click', function(e) {
e.preventDefault();
const implantId = this.getAttribute('data-id');
const detailsDiv = document.getElementById(`details-${implantId}`);
if (detailsDiv.style.display === 'block') {
detailsDiv.style.display = 'none';
this.innerHTML = ' Details';
} else {
detailsDiv.style.display = 'block';
this.innerHTML = ' Hide Details';
}
});
});
});
```
--------------------------------
### Client-side Shellcode Input Validation (JavaScript)
Source: https://github.com/0xsp-srd/zigstrike/blob/main/App/templates/index.html
Validates user input for shellcode content, preventing the use of specific invalid characters such as double quotes, parentheses, and semicolons. It provides real-time feedback to the user and disables the submit button if invalid characters are detected. This script is essential for preventing script injection or other security vulnerabilities.
```javascript
function validateContent(content) { const invalidChars = ['"', '(', ')', ';']; let foundChars = []; for (let char of invalidChars) { if (content.includes(char)) { foundChars.push(char); } } return foundChars; }
document.querySelector('textarea[name="content"]').addEventListener('input', function() { const invalidChars = validateContent(this.value); if (invalidChars.length > 0) { const notification = document.getElementById('notification'); notification.style.backgroundColor = '#ff0000'; notification.textContent = `Please remove invalid characters: ${invalidChars.join(' ')}`; notification.style.display = 'block'; notification.style.opacity = '1'; // Disable the submit button document.querySelector('button[type="submit"]').disabled = true; // Add visual indication to textarea this.style.borderColor = '#ff0000'; this.style.boxShadow = '0 0 10px #ff0000'; } else { const notification = document.getElementById('notification'); notification.style.display = 'none'; notification.style.opacity = '0'; // Re-enable the submit button document.querySelector('button[type="submit"]').disabled = false; // Reset textarea styling this.style.borderColor = '#00ff00'; this.style.boxShadow = '0 0 10px #00ff00'; } });
document.getElementById('compileForm').addEventListener('submit', function(e) { const content = this.querySelector('textarea[name="content"]').value; const invalidChars = validateContent(content); if (invalidChars.length > 0) { e.preventDefault(); const notification = document.getElementById('notification'); notification.style.backgroundColor = '#ff0000'; notification.textContent = `Cannot compile: Please remove invalid characters: ${invalidChars.join(' ')}`; notification.style.display = 'block'; notification.style.opacity = '1'; return; } });
```
=== COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.