Skip to content

ZigStrike, a powerful Payload Delivery Pipeline developed in Zig, offering a variety of injection techniques and anti-sandbox features.

License

Notifications You must be signed in to change notification settings

0xsp-SRD/ZigStrike

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ZigStrike

ZigStrike is a robust shellcode loader developed in Zig, offering a variety of injection techniques and anti-sandbox features. It leverages compile-time capabilities for efficient shellcode allocation, demonstrating proven success in bypassing advanced security solutions. ZigStrike includes a custom payload builder, allowing users to easily select and construct payloads via a web application built with Python.

Known issues

  • compiling issue when dealing with large shellcode [FIXED]
  • flask could not handle large POST request [FIXED]
  • notification popup is not accurate [FIXED]
  • Rundll32 is not supported [TBD- due to quick detection]

Features

  • Multiple Injection Techniques:

    • Local Thread
    • Local Mapping
    • Remote Mapping
    • Remote Thread hijacking
  • Anti-Sandbox Protection:

    • TPM Presence Check
    • Domain Join Check
  • Output Formats:

    • XLL (Excel Add-in)
    • DLL
  • Advanced Features:

    • Base64 Shellcode Encoding
    • Compile-time String Processing
    • Memory Protection Handling
    • Process Targeting

Prerequisites

  • Zig 0.13.0
  • Python 3.x (for the web interface)
  • Flask

Article

The following article is released for ZigStrike highlighting the features and showcase the capabilities to bypass advanced security solutions.

https://kpmg.com/nl/en/home/insights/2024/12/zig-strike-the-ultimate-toolkit-for-payload-creation-and-evasion.html

Installation

git clone https://github.com/0xsp-SRD/ZigStrike/
cd ZigStrike/App/ 
python3 App.py 

Docker

you have problem running it? you can run it via docker.

git clone https://github.com/0xsp-SRD/ZigStrike/
cd ZigStrike/

# Build the image
docker build -t zigstrike .

# Run the container
docker run -p 5002:5002 zigstrike

Pending feature

  • [ 🔺 ] Sleep Obfuscation.
  • [ 🔺 ] Function Stomping.

Reporting Bugs or Issues

If you encounter any bugs or issues while using ZigStrike, please report them by opening an issue in the Issues section of this repository. When reporting, please include detailed information about the problem, steps to reproduce it, and any relevant logs or screenshots. This will help us address the issue more efficiently.

Support and Donations

If you find ZigStrike useful and would like to support its development, consider buying me a coffee! Your support is greatly appreciated and helps maintain and improve the project. You can make a donation through Buy Me a Coffee.https://buymeacoffee.com/zux0x3a

About

ZigStrike, a powerful Payload Delivery Pipeline developed in Zig, offering a variety of injection techniques and anti-sandbox features.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published