This project is a practical framework designed to study how offensive payloads are transformed to evade signature-based detection systems like AV, EDR, and IPS. It provides a controlled lab environment to understand the limitations of static detection.
The framework is divided into four main functional modules:
- Base64: Binary-to-text encoding/decoding.
- XOR: Symmetric bitwise encryption using a user-defined key.
- ROT13: Simple substitution cipher.
- Random Insertion: Injecting junk characters to break static signatures.
- Character Splitting: Breaking strings into chunks for variable assembly.
- Reversible Transformations: String reversal technique].
- Hex Escaping: Converting payloads into hex escape sequences (
\\xHH).
- Simulated Signatures: Keyword-matching against common shellcode patterns.
- YARA Integration: Support for professional-grade static detection rules.
- Generates comparative results in Text (
.txt) and JSON formats.
The framework follows a 5-step process:
- Input: Load a raw string or read from a file.
- Encoder Selection: Choose one or multiple encoding layers.
- Obfuscation: Apply string mutation techniques.
- Evasion Testing: Run the payload against the detection engine.
- Reporting: Calculate effectiveness and save the results.
python3 payload_framework.py --payload "bash -i" --methods base64,xor,escape --xor_key "secret"This project is for educational and defensive security research only.