Initial

LICENSE.md

@@ -0,0 +1,5 @@
+MIT License
+Copyright (c) 2018 Vincent Yiu
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,53 @@
+# IPFuscator
+
+## Author
+
+Vincent Yiu (@vysecurity)
+
+## Blog Post
+https://vincentyiu.co.uk/ipfuscation/
+
+## What is IPFuscator?
+
+IPFuscation is a technique that allows for IP addresses to be represented in hexadecimal or decimal instead of the decimal encoding we are used to. IPFuscator allows us to easily convert to these alternative formats that are interpreted in the same way.
+
+## Usage
+
+1) `git clone https://github.com/vysec/ipfuscator`
+2) `python ipfuscator.py 127.0.0.1`
+
+```
+IPFuscator
+Author: Vincent Yiu (@vysecurity)
+https://www.github.com/vysec/IPFuscator
+Version: 0.1.0
+
+IP Address:     127.0.0.1
+
+Decimal:        2130706433
+Hexadecimal:    0x7f000001
+Octal:          017700000001
+
+Full Hex:       0x7f.0x0.0x0.0x1
+Full Oct:       0177.0.0.01
+
+Random Padding:
+Hex:    0x000000000007f.0x000000000000000000000000000000.0x0000.0x0000000000000000000000001
+Oct:    00000000000000000000000177.000000000000000000.00000000000000000000000000000.000001
+
+Random base:
+#1:     0x7f.0x0.0.01
+#2:     0x7f.0x0.0x0.1
+#3:     0177.0x0.0x0.0x1
+#4:     0x7f.0.0.01
+#5:     127.0x0.0.0x1
+
+Random base with random padding:
+#1:     127.0x00000000.000000.000000000000000001
+#2:     127.0x0000000000000.0x00000000000000000000000000000.0001
+#3:     0000000000000000177.0x0000000000000000000000.0x00000000000000000000000000.1
+#4:     0000000000000000000177.0.000000.1
+#5:     127.0000000000000000000000.0x0000000000000000000.000000000000000000000000000001
+```
+
+3) Take any representation and use it in commands such as `ping`. You can also use it for a command and control endpoint.

ipfuscator.py

@@ -0,0 +1,145 @@
+#!/usr/bin/env python
+
+from argparse import ArgumentParser
+import struct
+import re, random
+
+
+__version__ = '0.1.0'
+
+
+def get_args():
+	parser = ArgumentParser()
+	parser.add_argument('ip', help='The IP to perform IPFuscation on')
+	parser.add_argument('-o', '--output', help='Output file')
+	return parser.parse_args()
+
+def banner():
+	print "IPFuscator"
+	print "Author: Vincent Yiu (@vysecurity)"
+	print "https://www.github.com/vysec/IPFuscator"
+	print "Version: {}".format(__version__)
+	print ""
+
+def checkIP(ip):
+	m = re.match('\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\Z',ip)
+
+	if m:
+		# Valid IP format
+		parts = ip.split('.')
+		if len(parts) == 4:
+			# Valid IP
+			for i in parts:
+					if int(i) > 255 or int(i) < 0:
+						return False
+			return True
+		else:
+			 return False
+	else:
+		return False
+
+def printOutput(ip):
+	parts = ip.split('.')
+
+	decimal = int(parts[0]) * 16777216 + int(parts[1]) * 65536 + int(parts[2]) * 256 + int(parts[3])
+	print ""
+
+	print "Decimal:\t{}".format(decimal)
+	#hexadecimal = "0x%02X%02X%02X%02X" % (int(parts[0]), int(parts[1]), int(parts[2]), int(parts[3]))
+	print "Hexadecimal:\t{}".format(hex(decimal))
+
+	#octal = oct(decimal)
+	print "Octal:\t\t{}".format(oct(decimal))
+
+	print ""
+
+	hexparts = []
+	octparts = []
+
+	for i in parts:
+		hexparts.append(hex(int(i)))
+		octparts.append(oct(int(i)))
+
+	print "Full Hex:\t{}".format('.'.join(hexparts))
+	print "Full Oct:\t{}".format('.'.join(octparts))
+
+	print ""
+	print "Random Padding: "
+
+	randhex = ""
+
+	for i in hexparts:
+		randhex += i.replace('0x','0x' + '0' * random.randint(1,30)) + '.'
+
+	randhex = randhex[:-1]
+	print "Hex:\t{}".format(randhex)
+
+	randoct = ""
+	for i in octparts:
+		randoct += '0' * random.randint(1,30) + i + '.'
+
+	randoct = randoct[:-1]
+
+	print "Oct:\t{}".format(randoct)
+
+	print ""
+	print "Random base:"
+
+	randbase = []
+
+	count = 0
+	while count < 5:
+		randbaseval = ""
+		for i in range(0,4):
+			val = random.randint(0,2)
+			if val == 0:
+				# dec
+				randbaseval += parts[i] + '.'
+			elif val == 1:
+				# hex
+				randbaseval += hexparts[i] + '.'
+			else:
+				randbaseval += octparts[i] + '.'
+				# oct
+		randbase.append(randbaseval[:-1])
+		print "#{}:\t{}".format(count+1, randbase[count])
+		count += 1
+
+	print ""
+	print "Random base with random padding:"
+
+	randbase = []
+
+	count = 0
+	while count < 5:
+		randbaseval = ""
+		for i in range(0,4):
+			val = random.randint(0,2)
+			if val == 0:
+				# dec
+				randbaseval += parts[i] + '.'
+			elif val == 1:
+				# hex
+				randbaseval += hexparts[i].replace('0x', '0x' + '0' * random.randint(1,30)) + '.'
+			else:
+				randbaseval += '0' * random.randint(1,30) + octparts[i] + '.'
+				# oct
+		randbase.append(randbaseval[:-1])
+		print "#{}:\t{}".format(count+1, randbase[count])
+		count += 1
+
+
+def main():
+	banner()
+
+	args = get_args()
+
+	if checkIP(args.ip):
+		print "IP Address:\t{}".format(args.ip)
+		printOutput(args.ip)
+	else:
+		print "[!] Invalid IP format: {}".format(args.ip)
+
+
+if __name__ == '__main__':
+	main()