GitHub: https://github.com/AnonKryptiQuz/Injectra
Injectra is a robust tool designed for injecting custom payloads into files based on their magic numbers. By leveraging this technique, Injectra modifies files for penetration testing and security research purposes. The tool detects the file type by analyzing its magic numbers and injects the payload seamlessly into the correct position.
Features
- Magic Number-Based Payload Injection: Identifies file types using magic numbers and injects payloads precisely into their headers.
- Customizable Payloads: Supports user-defined payloads, with a default PHP-based payload for command execution.
- Broad File Type Support: Compatible with file types like
zip
,rar
,docx
,jpg
,png
,pdf
, and more. - Interactive CLI: Includes features like auto-completion for file paths and detailed prompts to guide users.
- Dependency Management: Automatically checks and installs required Python packages.
Prerequisites
- Python 3.x
- prompt_toolkit
- colorama
Installation
- Clone the repository:git clone https://github.com/AnonKryptiQuz/Injectra.git
cd Injectra
Install required packages:pip install -r requirements.txtEnsure requirements.txt
contains the following:
prompt_toolkit==3.0.36
colorama==0.4.6
Usage
- Run the tool:Start the tool by running:python Injectra.py
- Follow the prompts:
- Select the file to inject the payload into.
- Choose or customize the payload for injection.
- Specify the name of the output file.
- View the results:
- If the magic number is detected, the payload is injected successfully.
- The modified file is saved with the output name you provide.
- Example Payload: By default, Injectra uses the following PHP payload for command execution:<?php system($_GET["cmd"]); ?>Users can customize the payload during runtime by providing their own.
Supported File Types
Injectra currently supports the following file types:
- Compressed Archives:
zip
,rar
- Documents:
pdf
,docx
- Media:
jpg
,png
,mp4
,mp3
- Text Files:
txt
(special handling for files without magic numbers)
Practical Guide
For detailed instructions on how to use the files generated by Injectra (such as the not_malicious.jpeg
and malicious.jpeg
), please refer to the GUIDE.md inside the POC directory. This guide provides step-by-step instructions on testing payload injections with example files.
Disclaimer
- Educational Purposes Only: Injectra is intended for educational and security research purposes. It is not to be used for malicious or unauthorized activities. Users must obtain proper authorization before testing any file or system.
Author
Created by: AnonKryptiQuz