ecurl — Encoded cURL for Penetration Testing

---

🔍 Overview

ecurl is an encoded wrapper around curl for authorized penetration testing and security automation.
It simplifies payload encoding, session persistence, batch payload testing, and JSON-based chaining — all while keeping full curl flexibility. (just add an 'e'!)

The tool is lightweight, self-contained (Bash), and tested under Debian, Ubuntu, and Kali Linux.

⚠️ Use responsibly. Only perform security testing on systems you have explicit permission to test.

---

🚀 Key Features

Category	Description
Encoding	URL, double, HTML, Base64, Unicode
Session Management	Persistent cookies, replay, export/import
Batch Testing	Run payloads from file with delays/threads
JSON Output	Base64-safe structured output for pipelines
Proxy & TLS	Full proxy, client cert, and SSL control
Error Handling	Granular exit codes, robust curl wrappers
Colorized Output	Clear status display with ANSI detection
Forensics Ready	History logging to ~/.ecurl_history

---

⚙️ Installation

From Source

git clone https://github.com/jaketcooper/ecurl.git
cd ecurl
sudo make install

From Debian/Kali Package

(Recommended once released to Kali repos)

sudo apt install ecurl

This installs:

/usr/bin/ecurl
/usr/share/man/man1/ecurl.1.gz
/usr/share/doc/ecurl/*

Dependencies are automatically resolved (curl, perl, jq, liburi-perl).

---

🧠 Usage

ecurl [OPTIONS]

  -i, --injection <TEXT>    Payload to encode and send
  -t, --target <URL>        Persistent target
  -c, --count <N>           Number of encoding passes
  --encode-type <TYPE>      url, html, base64, unicode
  --json                    Output as JSON (for chaining)
  --payload-file <FILE>     Batch payload testing
  --session <NAME>          Named cookie persistence
  --replay <FILE>           Replay a saved request
  -s, --show                Show encoded payload only
  --version                 Display version

Example 1: Basic Injection

ecurl -t "https://target/api?id=" 
ecurl -i "' OR '1'='1"

Example 2: Batch Test Payloads

ecurl --payload-file payloads.txt -c 2 --delay 1

Example 3: JSON Chaining

ecurl -i test --json | jq '.response.status'

---

🧩 Encoding Example

Type	Input	Output
url	' OR 1=1--	%27%20OR%201%3D1--
html	<script>	&lt;script&gt;
base64	abc123	YWJjMTIz
unicode	A	\u0041

---

🪄 Advanced Features

• Replay Mode — export and rerun full requests
• Tamper Scripts — custom transforms before sending
• Grep & Match Filters — highlight or extract response fragments
• Threaded Batch Mode — queue large payload sets efficiently

---

🧰 Developer Notes

• Written in pure Bash, portable across most POSIX shells
• Error-resistant: no unguarded eval, no silent failures
• Fully compatible with Kali's Debhelper 12+ build system

For deeper architectural details, see:

• TECHNICAL.md
• PACKAGING.md

---

🤝 Contributing

Contributions, patches, and packaging improvements are welcome. Please see CONTRIBUTING.md and adhere to the CODE_OF_CONDUCT.md.

---

🛡️ Security Policy

See SECURITY.md for responsible disclosure and vulnerability reporting.

---

🧾 License

Licensed under the MIT License. © 2025 Jake Cooper

---

📦 Debian / Kali Packaging Status

ecurl is Debian Policy-compliant and structured for inclusion in Kali Rolling:

• debian/control defines dependencies (curl, perl, jq, liburi-perl)
• debian/rules uses standard dh build helper
• Man page: /usr/share/man/man1/ecurl.1.gz
• Lintian clean

For detailed packaging steps, refer to PACKAGING.md.