2024-05-17 19:30:11 +00:00
# Balsamic
balsamic is a library for sending malicious pickles to a vunlerable application, via web requests, or a malicious server or client(currently ipv4 only).
we will add more payloads but for now we just execute shell commands. via the oscmd payload.
2024-05-23 22:02:48 +00:00
2024-05-17 19:30:11 +00:00
## useage (standalone)
web request mode
```
2024-05-23 21:59:15 +00:00
usage: balsamic.py webreq [-h] [-m METHOD] -u URL [-p PARAMETER] [-co COOKIE] -P PAYLOAD
[-c COMMAND] [-H HEADERS]
2024-05-17 19:30:11 +00:00
options:
-h, --help show this help message and exit
-m METHOD, --method METHOD
2024-05-23 21:59:15 +00:00
-u URL, --url URL
2024-05-17 19:30:11 +00:00
-p PARAMETER, --parameter PARAMETER
-co COOKIE, --cookie COOKIE
-P PAYLOAD, --payload PAYLOAD
-c COMMAND, --command COMMAND
2024-05-23 21:59:15 +00:00
-H HEADERS, --headers HEADERS
2024-05-17 19:30:11 +00:00
```
socksend mode
```
usage: balsamic.py socksend [-h] -rh RHOST -rp RPORT -P PAYLOAD [-c COMMAND] [-s STEPS]
options:
-h, --help show this help message and exit
-rh RHOST, --rhost RHOST
-rp RPORT, --rport RPORT
-P PAYLOAD, --payload PAYLOAD
-c COMMAND, --command COMMAND
-s STEPS, --steps STEPS
2024-05-18 03:08:13 +00:00
-e ENCODE, --encode Encode
2024-05-17 19:30:11 +00:00
```
socklisten mode
```
usage: balsamic.py socklisten [-h] -lp LPORT -P PAYLOAD [-c COMMAND]
options:
-h, --help show this help message and exit
-lp LPORT, --lport LPORT
-P PAYLOAD, --payload PAYLOAD
-c COMMAND, --command COMMAND
2024-05-18 03:08:13 +00:00
-s STEPS, --steps STEPS
-e ENCODE, --encode Encode
2024-05-17 19:30:11 +00:00
```
## useage (library)
```
2024-05-17 23:38:43 +00:00
from balsamic import balsamic
2024-05-17 19:30:11 +00:00
balsamic.utility.command="command"
2024-05-23 21:59:15 +00:00
balsamic.webreq("method", "url", "payload", "param", "cookie", custom_headers)
balsamic.socksend("rhost", rport, "payload", enc, steps)
balsamic.socklisten(lport, "payload", enc, steps)
2024-05-17 19:30:11 +00:00
```
