Skip to content
/ Injectra Public

Injectra is a Python-based tool for injecting custom payloads into various file types using their magic numbers. It supports file types like zip, rar, docx, jpg, and more, allowing for customizable payloads. It ensures seamless payload injection while maintaining the integrity of the original file.

AnonKryptiQuz.github.io/
64 stars 12 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

AnonKryptiQuz/Injectra

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
POC
POC
 
 
Injectra.py
Injectra.py
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Injectra: Payload Injection via File Magic Numbers

Injectra is a robust tool designed for injecting custom payloads into files based on their magic numbers. By leveraging this technique, Injectra modifies files for penetration testing and security research purposes. The tool detects the file type by analyzing its magic numbers and injects the payload seamlessly into the correct position.

Features

  • Magic Number-Based Payload Injection: Identifies file types using magic numbers and injects payloads precisely into their headers.
  • Customizable Payloads: Supports user-defined payloads, with a default PHP-based payload for command execution.
  • Broad File Type Support: Compatible with file types like zip, rar, docx, jpg, png, pdf, and more.
  • Interactive CLI: Includes features like auto-completion for file paths and detailed prompts to guide users.
  • Dependency Management: Automatically checks and installs required Python packages.

Prerequisites

  • Python 3.x
  • prompt_toolkit
  • colorama

Installation

  1. Clone the repository:

    git clone https://github.com/AnonKryptiQuz/Injectra.git
cd Injectra

  2. Install required packages:

    pip install -r requirements.txt

    Ensure requirements.txt contains the following:

    prompt_toolkit==3.0.36
colorama==0.4.6

Usage

  1. Run the tool:

    Start the tool by running:

    python Injectra.py

  2. Follow the prompts:

    • Select the file to inject the payload into.
    • Choose or customize the payload for injection.
    • Specify the name of the output file.

  3. View the results:

    • If the magic number is detected, the payload is injected successfully.
    • The modified file is saved with the output name you provide.

  4. Example Payload: By default, Injectra uses the following PHP payload for command execution:

    <?php system($_GET["cmd"]); ?>

    Users can customize the payload during runtime by providing their own.

Supported File Types

Injectra currently supports the following file types:

  • Compressed Archives: zip, rar
  • Documents: pdf, docx
  • Media: jpg, png, mp4, mp3
  • Text Files: txt (special handling for files without magic numbers)

Practical Guide

For detailed instructions on how to use the files generated by Injectra (such as the not_malicious.jpeg and malicious.jpeg), please refer to the GUIDE.md inside the POC directory. This guide provides step-by-step instructions on testing payload injections with example files.

Disclaimer

  • Educational Purposes Only: Injectra is intended for educational and security research purposes. It is not to be used for malicious or unauthorized activities. Users must obtain proper authorization before testing any file or system.

Author

Created by: AnonKryptiQuz

About

Injectra is a Python-based tool for injecting custom payloads into various file types using their magic numbers. It supports file types like zip, rar, docx, jpg, and more, allowing for customizable payloads. It ensures seamless payload injection while maintaining the integrity of the original file.

AnonKryptiQuz.github.io/

Resources

Readme
Activity

Stars

64 stars

Watchers

3 watching

Forks

12 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages