A quick script to spot the usage of Unicode Bidi (bidirectional) characters that could lead to an Invisible Backdoor

Last update: Dec 29, 2022

Overview

Invisible Backdoor Detector

Invisible Backdoor Detector is a little Python script that allows you to spot and remove Bidi characters that could lead to an invisible backdoor. If you don't know what that is you should check the related paragraph.

Table of contents
What is an Invisible Backdoor
Installation and Usage
Examples
Contributions
Credits
License

What is an Invisbile Backdoor

An Invisible Backdoor is exactly what you think: a backdoor that you cannot see! It was described by Wolfgang Ettlinger at Certitude in this blog post. It leverages the presence of Unicode characters (Bidi characters) which behaves like normal spaces. In conjunction with the Javascript object destructuring those characters may allow an attacker to introduce a backdoor into an open-source project without anyone noticing it. Check out the blog post for more info.

Installation and Usage

python3 -m pip install -r requirements.txt
python3 invisible-backdoor-detector.py path 
   
     [--remove]

The path argument is mandatory while the --remove argument allows you to automatically remove the spotted Bidi characters

Example

The example folder provides a working example of an invisible backdoor in Node.js, you may test the script on that folder. If you want to try out the backdoor you can add the following parameter to the query string:

%E3%85%A4=

Contributions

Everyone is invited to contribute! If you are a user of the tool and have a suggestion for a new feature or a bug to report, please do so through the issue tracker.

Credits

Developed by Angelo Delicato @SecSI

License

invisible-backdoor-detector is released under the MIT LICENSE

A quick script to spot the usage of Unicode Bidi (bidirectional) characters that could lead to an Invisible Backdoor

Related tags

Overview

Invisible Backdoor Detector

Table of Contents

What is an Invisbile Backdoor

Installation and Usage

Example

Contributions

Credits

License

Owner

SecSI

Proof of concept for CVE-2021-24086, a NULL dereference in tcpip.sys triggered remotely.

Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527) using standard Impacket.

NexScanner is a tool which allows you to scan a website and find the admin login panel and sub-domains

Fast python tool to test apache path traversal CVE-2021-41773 in a List of url

Python script to tamper with pages to test for Log4J Shell vulnerability.

Scans all drives for log4j jar files and gets their version from the manifest

Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.

GDID (Google Dorks for Information Disclosure)

LeLeLe: A tool to simplify the application of Lattice attacks.

Python bindings to LibreSSL library

Make files with as many random bytes as you want

the metasploit script(POC) about CVE-2021-36260

Arbitrium is a cross-platform, fully undetectable remote access trojan, to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding rules

Click-Jack - Automatic tool to find Clickjacking Vulnerability in various Web applications

SEBUAH TOOLS TERMUX CRACK AKUN FF HOMKI AKUN EPEP DAH SATU FOLLOW AE YA BROO AWOKWOK

Scarecrow is a tool written in Python3 allowing you to protect your Python3 scripts.

An open-source post-exploitation framework for students, researchers and developers.

ThePhish: an automated phishing email analysis tool

This is a simple PoC for the newly found Polkit error names PwnKit

M.E.A.T. - Mobile Evidence Acquisition Toolkit