Hey guys,
I’ve been working on a huge project since the beginning of August, and now that finals are done I plan to be working more on it. But before I start adding too many more features, I would really like some people to test it out in its current state and give me feedback. So I thought posting it here would be a good way to do that 
Without further ado, let me introduce you to Bashfuscator, a modular Bash obfuscation framework written in Python 3.
Link: https://github.com/Bashfuscator/Bashfuscator
Demo video: https://asciinema.org/a/6LmMVyoxUbDIwvl5yzynVbrS1
Example obfuscated payload (input is cat /etc/passwd):
${@~}eval "$(pr""i''n\t${@%%G}f "\x$(""${*##x:}prin""$'\x74'f %s 'P?'|${*//_f/M:}md5\s''\um|${@,,}c""\ut -b 24-25)""${@^^}";${*~~}prin''t\f "\x$(prin"${@,,}"tf %s '~'|${*%%>}m$'\144'5s$'\165'\m|${*##hG}$'\x63'$'\x75'${@##N|}t -b 4-5)";''${*%%Z}print$'\x66' "\x$(p''r$'\x69'n""\t$'\x66' %s '2['|md${*##+}5""sum|${@##l}cu${!@}t -b 17-18${@^^})"${*^}&&p""r""$'\151'ntf "\x$($'\x70'r${@/m}int$'\x66' %s '1'|${*,}m\d5${!*}su$'\155'|${*%%E}c${*%%#}ut -b 16-17)";$'\160'''\r$'\151'\n""t""${@,}f "\x$(p\rintf %s 't9'${*//i/wm}|${*/J\)}m"${@//j/6=}"d5s''um|"${@}"''c${*#L\{}u${*//0}t -b 2-3${*})"&&${*~~}pri''nt\f "\x$(p\ri$'\x6e't\f %s 'g}'${*//\!J}|$@m''${*~}d5su${@/99}m|${*/7}"${@,}"c''ut -b 2-3)""${@//#p/B\(}";p""${*#=}r${*/\{/]}in$'\x74'f "\x$(\p"${@,,}"rin$'\x74'\f %s 'sW'|md\5''su""m"${@//rR/#i}"|cut -b 7-8)"&&""\p$'\x72'$'\x69'nt\f "\x$(p""${*//3U}r${*,}in${*/me}t''f %s '.'${@%g}|''"${@~}"md\5$'\x73'${*%#X}um|"${@,}"""$'\x63'\u$'\x74' -b 13-14)"${*~}&&${@~~}$'\x70'r$'\x69'ntf "\x$(\printf %s 'g'${*#Jh}|md$'\65'""sum|""c\u\t -b 2-3${@^^})"&&${*~~}pri""\ntf "\x$(p''r''\i$'\156'''t''f %s 'fC'${*//F-/^}|${@,}m$'\x64'5sum|''cut -b 19-20)"${*,}&&"${@//9/*#}"pr''i\n"""${@~}"tf "\x$(${@,}p\r""$'\x69'$'\x6e'$*t\f %s 'ys'|$'\155'""d5sum$*|cu\t -b 12-13"${@^^}")"${@//yZ}&&p""$'\162'in$'\164'f "\x$(printf %s '('|${@}""md5''$'\163'''$'\x75'm|c$'\165'\t -b 7-8${*//\(P/k})"&&${*/rd}$'\160'${*//Q5/u}r"${@//</3}"i${*~}n""tf "\x$(p\r${*//W}in$'\x74'f %s '{J'${*~}|md${@%%NA}5\sum|c$'\165'$'\x74' -b 27-28"${@^^}")"${*^^};printf "\x$(""p""rintf %s ';e'|m${@/4}d5sum|${!@}c''$'\x75't -b 3-4"${@,}")"&&$*${*^^}prin$'\x74'f "\x$(""p""\r"$@"i""\n''tf %s 'q;'"${@~~}"|${*,,}m''d5sum"${@~~}"|"${@,,}"cu''\t -b 14-15)")"
Bashfuscator makes obfuscating Bash one-liners and scripts incredibly easy. It can be used from the command line, or as a Python library. You can manually specify commands or scripts for Bashfuscator to obfuscate, feed it stdin to obfuscate and pass output though a pipeline, or use it an existing Python 3 project.
A great example of Bashfuscator’s use as a library is integration with a reverse or bind shell handler. In only 3 extra lines of code, every command you send through your reverse or bind shell will now be obfuscated transparently. Example:
from bashfuscator.core.obfuscation_handler import ObfuscationHandler
# socket code here
obHandler = ObfuscationHandler()
inputCmd = input("$ ")
obfCommand = obHandler.genObfuscationLayer(inputCmd)
# send command to reverse/bind shell
I intend for red teamers to use Bashfuscator to evade or bypass detections or make incident response much more time consuming. The modular and extendable nature of Bashfuscator allows red teams to build their own innovative and custom obfuscation modules, to keep blue team on their toes 
Conversely, I intend for blue teamers to use Bashfuscator to generate thousands of varied, complex, and layered payloads that they can use to improve or create robust Bash obfuscation detections. This tool wasn’t just built for the red team, blue team’s gotta have some fun too 
So, if you’re still interested in this project, please try it out and let me know any and every thought or criticism you have. Installation and basic usage instructions are in the README, but I would recommend also viewing the usage docs and help menu for advanced usage. Bashfuscator really comes to life when you’re cooking your own obfuscation recipe (Hint: try the --choose-mutators option).
Do note that the project is still in development; there are bugs, but overall I believe the project is reasonably stable. If you find a bug, checkout the ‘dev’ branch, and verify it exists there as well before reporting it to me please. I’ve done a lot of work there that I haven’t merged into master yet.
Also, as I’ve previously mentioned, Bashfuscator is a framework, designed to be extended with additional obfuscation modules. There isn’t any formal documentation regarding how to create an obfuscation module, but if you contact me I’ll be happy to walk you through the process. I’ve had a few people add modules already, but I could always use some more. I’m sure you guys have some crazy ideas in you!
One last thing: I have a lot of ideas for features I’m going to be adding to the project in the near future. Check the issues panel for issues I self-assigned, that’ll give you an idea for what’s to come 
And as far as lengthening IR, 