/ZWSP-Tool

ZWSP-Tool is a powerful toolkit that allows to manipulate zero width spaces quickly and easily. ZWSP-Tool allows in particular to detect, clean, hide, extract and bruteforce a text containing zero width spaces.

Primary LanguagePythonMIT LicenseMIT

🔍 ZWSP-Tool

zwsp-tool


About ZWSP Toolkit

ZWSP-Tool is a powerful toolkit that allows to manipulate 
zero width spaces quickly and easily. ZWSP-Tool allows in 
particular to detect, clean, hide, extract and bruteforce 
a text containing zero width spaces.

📥 Installation

Clone the repository :

$ git clone https://github.com/TwistAtom/ZWSP-Tool.git

Move in the folder :

$ cd ZWSP-Tool

Add the execution right to the installation file :

$ chmod +x install.sh

Finally, run the installation file :

$ ./install.sh

🚀 Launch

After installation, you can now launch the ZWSP toolkit from anywhere by typing :

$ zwsp-tool

❌ Uninstallation

$ cd ZWSP-Tool
$ ./uninstall.sh

⚙️ Options

Clean module

Parameter Type Format Default Note
-i,
--ignore
string "<char_1>, <char_2>, ..." Ignore characters.
-s,
--specific
string "<char_1>, <char_2>, ..." Clean specific characters.

Detect module

Parameter Type Format Default Note
-i,
--ignore
string "<char_1>, <char_2>, ..." Ignore characters.
-r,
--replace
string {dotted, escaped, named} dotted Character replacing zero width spaces.
-s,
--search
string "<char_1>, <char_2>, ..." Search characters.

Embed module

Parameter Type Format Default Note
-c,
--characters
string "<char_1>, <char_2>, ..." ('\u200b', '\u200c', '\u200d', '\u200e', '\u200f') Zero width characters to use to encode the private text. Use the list argument to see some possible characters.
-e,
--encryption
string {AES, RSA, PGP} Encryption type.
-m,
--mask
string <hidden_text> Text to hide in another text (public text).
Required
Note: cannot be used with -M, --mfile
-M,
--mfile
string <path_to_file> Text from a file to hide in another text (public text).
Required
Note: cannot be used with -m, --mask
-s,
--space
boolean [[y/yes/true, n/no/false]] True If enabled, it allows a better discretion by only putting spaces of zero width in existing visible spaces.
-t,
--threshold
integer <number> 35 Size of an encoding string, the larger the number, the more it is possible to encode different characters. However it is best to keep a small size in order to remain discreet.
-u,
--unconstrain
boolean [[y/yes/true, n/no/false]] False If enabled (enabled by default), hides the masking parameters with the private text in the cover text (public text). In order not to need to remember the parameters at the time of extraction.
-z,
--equalize
boolean [[y/yes/true, n/no/false]] True If enabled, evenly distribute the zero width spaces, corresponding to the hidden text (private text), on the set of visible spaces of the cover text (public text).

Extract module

Parameter Type Format Default Note
-c,
--characters
string "<char_1>, <char_2>, ..." ('\u200b', '\u200c', '\u200d', '\u200e', '\u200f') Zero width characters to use to decode the private text. Use the 'list' argument to see some possible characters.
-e,
--encryption
string {AES, RSA, PGP} Encryption type.
-t,
--threshold
integer <number> 35 Size of an encoding string, the larger the number, the more it is possible to encode different characters. However it is best to keep a small size in order to remain discreet.

Bruteforce module

Parameter Type Format Default Note
-b,
--base
integer <base> Manually choose a fixed base (e.g : 2 for binary) to force the text. Please note, the base chosen cannot exceed the number of zero width spaces available in the lists.
-c,
--characters
string "<char_1>, <char_2>, ..." ('\u200b', '\u200c', '\u200d', '\u200e', '\u200f') Zero width characters to use to decode the private text.
-d,
--demo
integer <preview_size> 50 Size of the preview in number of characters. This allows you to quickly view and analyze bruteforce attempts.
-e,
--encryption
string {AES, RSA, PGP} Encryption type.
-s,
--search
string "<term_1>, <term_2>, ..." Specific terms to search for validate a bruteforce attempt.
Note: cannot be used with -w, --wily
-t,
--threshold
string "<start_range>, <end_range>" (10, 38) Size of an encoding string, the larger the number, the more it is possible to encode different characters. Select the threshold range to test.
-w,
--wily
boolean [[y/yes/true, n/no/false]] True Intelligent algorithm that only selects attempts that can be interesting to study. Please note that this is largely based on the composition of the latin alphabet.

Arguments in common

Parameter Type Format Default Note
-f,
--force
string Overwrite the output file if already existing.
-o,
--output
string <output_file> File to store the results.
-p,
--public
string <public_text> Visible text to use entered from the command line.
Required
Note: cannot be used with -P, --pfile
-P,
--pfile
string <path_to_file> Visible text to use from a text file.
Required
Note: cannot be used with -p, --public
-q,
--quiet
boolean False Disable output verbosity.
-v,
--verbose
boolean False Increase output verbosity.

✒️ Examples

1 - Detect zero width characters in text file by displaying them as red dotted markers on standard output :

$ zwsp-tool detect -P path_to_file/suspicious_text.txt

2 - Remove zero width characters from a text file :

$ zwsp-tool clean -P path_to_file/suspicious_text.txt

3 - Hide private text in cover text with encryption and store the result in an external file :

$ zwsp-tool -o result.txt embed -p "Public text" -m "Private text" -e AES

4 - Extract a private text contained in a cover text and display it on standard output :

$ zwsp-tool extract -P path_to_file/text.txt -e AES 

5 - Bruteforce a suspicious text containing zero-width characters :

$ zwsp-tool bruteforce -P path_to_file/suspicious_text.txt

📋 To-do list

  • add other type of encryption
  • improve zero width space detection
  • operate the unconstrained mode

📃 License

Copyright © 2020 TwistAtom
Licensed under the MIT.