hlldz/SpookFlare
Fork: 187 Star: 946 (更新于 2024-11-29 08:39:41)
license: Apache-2.0
Language: Python .
Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures.
最后发布版本: v2.0 ( 2018-05-02 19:06:26)
SpookFlare
SpookFlare has a different perspective to bypass security measures and it gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader/dropper generator for Meterpreter, Empire, Koadic etc. SpookFlare has obfuscation, encoding, run-time code compilation and character substitution features. So you can bypass the countermeasures of the target systems like a boss until they "learn" the technique and behavior of SpookFlare payloads.
- Obfuscation
- Encoding
- Run-time Code Compiling
- Character Substitution
- Patched Meterpreter Stage Support
- Blocked powershell.exe Bypass
___ ___ ___ ___ _ _____ _ _ ___ ___
/ __| _ \/ _ \ / _ \| |/ / __| | /_\ | _ \ __|
\__ \ _/ (_) | (_) | ' <| _|| |__ / _ \| / _|
|___/_| \___/ \___/|_|\_\_| |____/_/ \_\_|_\___|
Version : 2.0
Author : Halil Dalabasmaz
WWW : artofpwn.com, spookflare.com
Twitter : @hlldz
Github : @hlldz
Licence : Apache License 2.0
Note : Stay in shadows!
[*] You can use "help" command for access help section.
SpookFlare > list
ID | Payload | Description
----+------------------------+------------------------------------------------------------
1 | meterpreter/binary | .EXE Meterpreter Reverse HTTP and HTTPS loader
2 | meterpreter/powershell | PowerShell based Meterpreter Reverse HTTP and HTTPS loader
3 | javascript/hta | .HTA loader with .HTML extension for specific command
4 | vba/macro | Office Macro loader for specific command
Installation
# git clone https://github.com/hlldz/SpookFlare.git
# cd SpookFlare
# pip install -r requirements.txt
Technical Details
https://artofpwn.com/spookflare.html
Usage Videos and Tutorials
- SpookFlare HTA Loader for Koadic: https://youtu.be/6OyZuyIbRLU
- SpookFlare PowerShell/VBA Loaders for Meterpreter: https://youtu.be/xFBRZz78U_M
- v1.0 Usage Video: https://www.youtube.com/watch?v=p_eKKVoEl0o
Note
I developed the SpookFlare and technique for use in penetration tests, red team engagements and it is purely educational. Please use with responsibility and stay in shadows!
Acknowledgements and References
Special thanks to the following projects and contributors.
主题(topics):
antivirus-evasion, antivirus-testing, av-bypass, av-evasion, bypass, dropper, endpoint-bypass, loader, obfuscation
hlldz/SpookFlare同语言 Python最近更新仓库
2024-12-22 18:18:34 LeslieLeung/heimdallr
2024-12-22 09:03:32 ultralytics/ultralytics
2024-12-21 13:26:40 notepad-plus-plus/nppPluginList
2024-12-21 11:42:53 XiaoMi/ha_xiaomi_home
2024-12-21 04:33:22 comfyanonymous/ComfyUI
2024-12-20 18:47:56 home-assistant/core