Pencode is a tool that helps you to create payload encoding chains. It has been designed to be used in automation whereever it is required to apply multiple encodings to a payload (and possibly inserting the payload to a template in between).
pencode
can be used as a standalone command line tool or as a library for other Go programs.
go install github.com/ffuf/pencode/cmd/pencode@latest
pencode - complex payload encoder v0.4
Usage: ./pencode FUNC1 FUNC2 FUNC3...
./pencode reads input from stdin by default, which is typically piped from another process.
OPTIONS:
-input reads input from a file, line by line.
ENCODERS
b64encode - Base64 encoder
hexencode - Hex string encoder
htmlescape - HTML escape
jsonescape - JSON escape
unicodeencodeall - Unicode escape string encode (all characters)
urlencode - URL encode reserved characters
urlencodeall - URL encode all characters
utf16 - UTF-16 encoder (Little Endian)
utf16be - UTF-16 encoder (Big Endian)
xmlescape - XML escape
DECODERS
b64decode - Base64 decoder
hexdecode - Hex string decoder
htmlunescape - HTML unescape
jsonunescape - JSON unescape
unicodedecode - Unicode escape string decode
urldecode - URL decode
xmlunescape - XML unescape
HASHES
md5 - MD5 sum
sha1 - SHA1 checksum
sha224 - SHA224 checksum
sha256 - SHA256 checksum
sha384 - SHA384 checksum
sha512 - SHA512 checksum
OTHER
filename.tmpl - Replaces string #PAYLOAD# in content of a file that has .tmpl extension.
lower - Convert string to lowercase
upper - Convert string to uppercase
To urlencode, base64encode and hex encode a string:
$ echo 'what%ever'|pencode urlencode b64encode hexencode
64326868644355794e5756325a58493d
Any command line parameter that is a file path ending with .tmpl
is considered as a template file by
pencode. It attempts to read the file content and to replace instances of a string #PAYLOAD#
within the file with
the input in the current encoder chain.
Pencode can provide tab completion for available encoders. Bash, Zsh, and Fish are supported.
$ pencode <TAB>
b64decode hexdecode unicodedecode urldecode urlencodeall utf16be
...
In order to activate shell completion, you need to inform your shell that completion is available for your script.
To get auto-complete working you need to source
the pencode-completion.bash
file in your ~/.bashrc
or similar:
source ~/path/to/pencode-completion.bash
To get auto-complete working you need to enable autocomplete (not needed if you have Oh-My-Zsh) using autoload -U compaudit && compinit
or by putting it into ~/.zshrc
Then source
the pencode-completion.zsh
file in your .zshrc
or similar:
source ~/path/to/pencode-completion.zsh
To get auto-complete working you need to source
the pencode-completion.fish
file to your config folder ~/.config/fish/completions/pencode.fish
or similar:
source ~/path/to/pencode-completion.fish
package main
import (
"fmt"
"github.com/ffuf/pencode/pkg/pencode"
)
func main() {
inputdata := "Whatever you wish to run through the chain"
# A slice of encoders in the preferred encoding chain execution order
encoders := []string{
"utf16",
"b64encode",
}
chain := pencode.NewChain()
err := chain.Initialize(encoders)
if err != nil {
panic(err)
}
output, err := chain.Encode([]byte(inputdata))
if err != nil {
panic(err)
}
fmt.Print(string(output))
}
pencode
is released under MIT license. See LICENSE.