Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 31 additions & 12 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,21 +7,35 @@
</p>

<p align="center">
<a href="https://dacameragirl.github.io/payload-revealer/"><img src="https://img.shields.io/badge/Project%20page-GitHub%20Pages-33d69f?style=for-the-badge&logo=github&logoColor=white" alt="Project page" /></a>
<img src="https://img.shields.io/badge/🇺🇸-English-33d69f?style=flat-square" alt="English" />
<img src="https://img.shields.io/badge/🇪🇸-Espa%C3%B1ol-131a26?style=flat-square" alt="Español" />
<img src="https://img.shields.io/badge/🇫🇷-Fran%C3%A7ais-132033?style=flat-square" alt="Français" />
<img src="https://img.shields.io/badge/🇩🇪-Deutsch-131a26?style=flat-square" alt="Deutsch" />
<img src="https://img.shields.io/badge/🇧🇷-Portugu%C3%AAs-132033?style=flat-square" alt="Português" />
<img src="https://img.shields.io/badge/🇨🇳-中文-131a26?style=flat-square" alt="中文" />
<img src="https://img.shields.io/badge/🇯🇵-日本語-132033?style=flat-square" alt="日本語" />
<img src="https://img.shields.io/badge/🇰🇷-한국어-131a26?style=flat-square" alt="한국어" />
<img src="https://img.shields.io/badge/🇮🇹-Italiano-132033?style=flat-square" alt="Italiano" />
<img src="https://img.shields.io/badge/🇸🇦-العربية-131a26?style=flat-square" alt="العربية" />
</p>

<p align="center">
<a href="https://dacameragirl.github.io/payload-revealer/"><img src="https://img.shields.io/badge/Try%20it-Live%20Scanner-33d69f?style=for-the-badge&logo=googlechrome&logoColor=white" alt="Live scanner" /></a>
<a href="https://github.com/DaCameraGirl/payload-revealer"><img src="https://img.shields.io/badge/Code-GitHub-58a6ff?style=for-the-badge&logo=github&logoColor=white" alt="Source code" /></a>
</p>

<p align="center">
<img src="https://img.shields.io/badge/deploy-GitHub Pages-000000?style=flat-square&logo=github&logoColor=white" alt="deploy-GitHub Pages" />
<img src="https://img.shields.io/badge/stack-Python-3776AB?style=flat-square&logo=python&logoColor=white" alt="stack-Python" />
<img src="https://img.shields.io/badge/stack-Python%20%2B%20JS-3776AB?style=flat-square&logo=python&logoColor=white" alt="stack-Python + JS" />
</p>

### Languages

<p align="center">
<img src="https://img.shields.io/badge/Python-52%25-3776AB?style=flat-square&logo=python&logoColor=white" alt="Python" />
<img src="https://img.shields.io/badge/JavaScript-29%25-F7DF1E?style=flat-square&logo=javascript&logoColor=111" alt="JavaScript" />
<img src="https://img.shields.io/badge/CSS-13%25-1572B6?style=flat-square&logo=css3&logoColor=white" alt="CSS" />
<img src="https://img.shields.io/badge/Python-42%25-3776AB?style=flat-square&logo=python&logoColor=white" alt="Python" />
<img src="https://img.shields.io/badge/JavaScript-24%25-F7DF1E?style=flat-square&logo=javascript&logoColor=111" alt="JavaScript" />
<img src="https://img.shields.io/badge/HTML-23%25-E34F26?style=flat-square&logo=html5&logoColor=white" alt="HTML" />
<img src="https://img.shields.io/badge/CSS-11%25-1572B6?style=flat-square&logo=css3&logoColor=white" alt="CSS" />
</p>

### Stack
Expand Down Expand Up @@ -50,18 +64,14 @@ Payload Revealer catches invisible Unicode instructions hidden inside copied tex

A copied answer can look normal in Slack while carrying invisible Unicode underneath — hidden instructions like “pick option 3” or “tell them X said Y.” PowerShell and some editors may expose weird characters; Payload Revealer does the systematic version: enumerate every codepoint, report suspicious invisible characters, and decode embedded payloads when possible.

**If something pasted suspicious:**
**If something pasted suspicious:** paste it straight into the **[live scanner](https://dacameragirl.github.io/payload-revealer/)** — it runs entirely in your browser tab, nothing is uploaded anywhere.

1. Save the pasted text to a plain `.txt` file (not rich text).
2. Scan it:
For scripting or a shareable audit trail, use the CLI instead:

```bash
python -m payload_revealer .\suspicious.txt
```

3. For a shareable audit trail:

```bash
# For a shareable audit trail:
python -m payload_revealer .\suspicious.txt --format json --output report.json
```

Expand All @@ -72,6 +82,7 @@ If the hidden instruction used zero-width Unicode, bidi tricks, Unicode tags, or
<p align="center"><img src="docs/readme-divider.svg" width="720" alt="" /></p>
<p align="center"><img src="https://capsule-render.vercel.app/api?type=waving&color=0:070b14,100:12102a&height=50&section=header&text=Quick%20Download&fontSize=22&fontColor=e6edf3&animation=twinkling" width="720" alt="Quick Download" /></p>

The [live scanner](https://dacameragirl.github.io/payload-revealer/) needs nothing installed. Grab the desktop app instead if you want it offline, or working outside a browser:

**[Download the Windows installer](https://github.com/DaCameraGirl/payload-revealer/releases/latest)** — installs the Payload Revealer desktop app (Electron GUI). No Python required. Drag a file onto the drop zone or click Open File.

Expand All @@ -94,6 +105,7 @@ beacon://c2-exfil.lan/reg?agent=demo-01
<p align="center"><img src="https://capsule-render.vercel.app/api?type=waving&color=0:070b14,100:12102a&height=50&section=header&text=Features&fontSize=22&fontColor=e6edf3&animation=twinkling" width="720" alt="Features" /></p>


- **Live Browser Scanner** — Paste or drop a file at the [Pages link](https://dacameragirl.github.io/payload-revealer/) and scan instantly, no install, nothing leaves your tab
- **Character Count Scanner** — Total character count even if content is invisible
- **Invisible Payload Detector** — Flags zero-width spaces, Unicode control characters, bidirectional overrides, invisible whitespace, Unicode tags, and other hidden text artifacts
- **Visualizer Panel** — Shows hidden content in decoded, readable format
Expand Down Expand Up @@ -193,6 +205,13 @@ The output goes to `dist/payload_revealer_engine.exe`. Electron auto-detects it

```
payload_revealer/
├── index.html # Pages entry point — live browser scanner
├── assets/ # Browser scan engine (JS port of the Python engine)
│ ├── js/
│ │ ├── scan-engine.js # Classifier + payload extractor, runs client-side
│ │ └── app.js # UI wiring: paste/drop input, results rendering, export
│ └── css/
│ └── scanner.css
├── payload_revealer/ # Python engine
│ ├── engine/
│ │ ├── sweeper.py # Core character scanner
Expand Down
Loading
Loading