• Stars
    star
    232
  • Rank 172,847 (Top 4 %)
  • Language
    C
  • License
    GNU General Publi...
  • Created almost 4 years ago
  • Updated almost 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Jaws is an invisible programming language! Inject invisible code into other languages and files! Created for security research -- see blog post

Jaws Logo

Jaws is an invisible interpreted programming language that was created for antivirus research. Since Jaws code is composed entirely of whitespace characters, it can easily coexist with other programming languages to create polyglot code.

The research behind Jaws aims to build awareness that unknown interpreters can be dangerous. Behavior based detection is becoming the gold standard as antivirus bypasses become more common. You could add signatures for Jaws, but nothing is stopping an advanced attacker from reproducing their own unknown interpreters. When the "code" of the malware is completely unreadable but can execute anyways, it exploits a fundamental flaw in the foundation of static analysis tools. To read more about Jaws and why it was created, please refer to my blog post or my undergrad honors thesis.

Tools for developing Jaws programs can be found in the various directories of this repository.

Disclaimer: this project is a POC. I'm not the most experienced C developer, so the Jaws VM probably has memory leaks and other flaws. I recommend you use this for fun, not for any serious projects.

Install

You can install all the programs by running the following command in the top level directory:

$ make && make install <-- (you will be prompted for your sudo password)

Tools

jaws

Jaws virtual machine

Jaws is an interpreted language, so a virtual machine has been created to run Jaws programs. The virtual machine source code and language specification for Jaws can be found in the jawsVM directory.

finc

Fin-to-Jaws compiler

Because Jaws instructions are entirely composed of invisible characters, a visible version of Jaws, called Fin, has been created. Fin allows you to write Jaws programs in a visible, human-debuggable fashion. Once you have written a Fin program, you can compile it to Jaws using the 'finc' compiler. The compiler source code and language specification for Fin can be found in the finCompiler directory.

Roadmap

Code Injection

Jaws injector

I want to create a tool that can take Jaws code and inject it into many different file types including:

  • non-whitespace controlled file formats
    • C, Java, etc.
    • markup files
    • text files
  • whitespace controlled file formats
    • Python, etc.
  • image files
    • JPG, PNG, GIF, etc.

More Repositories

1

RanSim

Ransomware simulation script written in PowerShell. Useful for testing your defenses and backups against real ransomware-like activity in a controlled setting.
PowerShell
191
star
2

Respotter

Respotter is a Responder honeypot! Catch attackers as soon as they spin up Responder in your environment.
Python
148
star
3

AdvancedHuntingQueries

Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant
102
star
4

mediator

An extensible, end-to-end encrypted reverse shell that works across networks without port forwarding.
Python
95
star
5

foxception

Isolated Firefox browser with pre-configured extensions. Customize with your own extensions as needed.
Dockerfile
21
star
6

github-leak-audit

A GitHub workflow to identify employees that have leaked your organization's code
Python
11
star
7

dual-license-templates

Various commercial license templates for dual-license use.
11
star
8

CAPy

A Certificate Authority microservice that can generate server/client certificates through an API interface
Python
7
star
9

winbin.wtf

WinBin.wtf is a Windows file documentation site to help you understand what various Windows files are, what they should do, and other useful information about them.
Python
5
star
10

lawndoc

3
star
11

pia-socks

Custom container and deployment configuration for a VPN reverse proxy. Eventually I plan to add compatibility with other VPN providers.
Dockerfile
2
star
12

flair

Repository for our Compilers class project.
Python
1
star
13

dotfiles

My Linux configuration files for easy setup
Vim Script
1
star
14

commander

Cross-platform endpoint agent framework with easy capability adding
Python
1
star
15

jailshell

Toy alternative shell mainly for CTF challenges that retains functionality while limiting capability in the event of an adversary gaining shell access. Also includes a honeypot bash emulator.
Python
1
star
16

kali-scripts

My scripts that I've made to do things more easily in Kali Linux
Python
1
star