Data

Tools

Indexes

Applications

Experiments

Open Source Science

https://github.com/copyleftdev/zippys

A security tool for detecting, testing, and exploiting Zip Slip vulnerabilities. This tool is designed for security research and penetration testing purposes only.

https://github.com/copyleftdev/zippys

Science Score: 26.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (10.2%) to scientific vocabulary

Keywords

pentest-tool research security zipslip
Last synced: 9 months ago · JSON representation

Repository

A security tool for detecting, testing, and exploiting Zip Slip vulnerabilities. This tool is designed for security research and penetration testing purposes only.

Basic Info
  • Host: GitHub
  • Owner: copyleftdev
  • License: other
  • Language: Go
  • Default Branch: main
  • Homepage:
  • Size: 1.67 MB
Statistics
  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • Open Issues: 0
  • Releases: 0
Topics
pentest-tool research security zipslip
Created 10 months ago · Last pushed 10 months ago
Metadata Files
Readme Changelog Contributing License Security

README.md

ZipSlip Security Tool

Zippys Logo

A security tool for detecting, testing, and exploiting Zip Slip vulnerabilities. This tool is designed for security research and penetration testing purposes only.

Features

  • Generate malicious ZIP files with path traversal payloads
  • Test systems for Zip Slip vulnerabilities in a controlled environment
  • Scan directories for potentially vulnerable ZIP files
  • Detailed reporting of vulnerable files and paths
  • Safe testing mode to prevent accidental damage

Installation

  1. Ensure you have Go 1.21 or later installed
  2. Clone this repository
  3. Install dependencies: bash go mod download
  4. Build the tool: bash go build -o zippys

Usage

``` Usage: zippys -m|--mode MODE [options]

Advanced Zip Slip Security Tool

Options: -m, --mode MODE Operation mode: 'generate', 'test', or 'scan' (required) -d, --dir DIR Target directory for scanning or testing (default: .) -o, --output FILE Output file for malicious ZIP (default: malicious.zip) -p, --path PATH Malicious path for ZIP slip (e.g., '../../evil.txt') (default: ../../evil.txt) -c, --content TEXT Content for the malicious file (default: This is a malicious payload for Zip Slip testing) -t, --test Test mode (safer for experimentation) -v, --verbose Enable verbose output -h, --help Display this help message ```

Examples

Generate a malicious ZIP file

bash ./zippys -m generate -o payload.zip -p "../../../etc/passwd" -c "malicious content"

Test if a system is vulnerable to Zip Slip

bash ./zippys -m test -v

Scan a directory for vulnerable ZIP files

bash ./zippys -m scan -d /path/to/scan

Security Considerations

  • This tool is for authorized security testing and research purposes only
  • Always obtain proper authorization before testing systems you don't own
  • Use the -t/--test flag when experimenting to prevent accidental damage
  • The tool includes safety checks, but use with caution

License

This tool is provided for educational and research purposes only. Use responsibly and only on systems you have permission to test.

Author

copyleftdev

Owner

  • Name: Donald Johnson
  • Login: copyleftdev
  • Kind: user
  • Location: Los Angeles

GitHub Events

Total
  • Watch event: 1
  • Push event: 3
  • Create event: 1
Last Year
  • Watch event: 1
  • Push event: 3
  • Create event: 1

Dependencies

.github/workflows/ci.yml actions
  • actions/cache v4 composite
  • actions/checkout v4 composite
  • actions/setup-go v4 composite
  • actions/upload-artifact v4 composite
  • codecov/codecov-action v3 composite
.github/workflows/release.yml actions
  • actions/checkout v4 composite
  • actions/setup-go v4 composite
go.mod go
  • github.com/davecgh/go-spew v1.1.1
  • github.com/fatih/color v1.18.0
  • github.com/inconshreveable/mousetrap v1.1.0
  • github.com/mattn/go-colorable v0.1.13
  • github.com/mattn/go-isatty v0.0.20
  • github.com/pmezard/go-difflib v1.0.0
  • github.com/rodaine/table v1.3.0
  • github.com/spf13/cobra v1.9.1
  • github.com/spf13/pflag v1.0.6
  • github.com/stretchr/testify v1.10.0
  • golang.org/x/sys v0.25.0
  • gopkg.in/yaml.v3 v3.0.1
go.sum go
  • github.com/cpuguy83/go-md2man/v2 v2.0.6
  • github.com/davecgh/go-spew v1.1.0
  • github.com/davecgh/go-spew v1.1.1
  • github.com/fatih/color v1.18.0
  • github.com/google/go-cmp v0.6.0
  • github.com/inconshreveable/mousetrap v1.1.0
  • github.com/mattn/go-colorable v0.1.13
  • github.com/mattn/go-isatty v0.0.16
  • github.com/mattn/go-isatty v0.0.20
  • github.com/mattn/go-runewidth v0.0.16
  • github.com/pmezard/go-difflib v1.0.0
  • github.com/rivo/uniseg v0.2.0
  • github.com/rodaine/table v1.3.0
  • github.com/russross/blackfriday/v2 v2.1.0
  • github.com/spf13/cobra v1.9.1
  • github.com/spf13/pflag v1.0.6
  • github.com/stretchr/objx v0.1.0
  • github.com/stretchr/objx v0.4.0
  • github.com/stretchr/objx v0.5.0
  • github.com/stretchr/objx v0.5.2
  • github.com/stretchr/testify v1.7.1
  • github.com/stretchr/testify v1.8.0
  • github.com/stretchr/testify v1.8.4
  • github.com/stretchr/testify v1.9.0
  • github.com/stretchr/testify v1.10.0
  • golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab
  • golang.org/x/sys v0.6.0
  • golang.org/x/sys v0.25.0
  • gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405
  • gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c
  • gopkg.in/yaml.v3 v3.0.1