{"id":13840645,"url":"https://github.com/lengjibo/FourEye","last_synced_at":"2025-07-11T09:32:42.142Z","repository":{"id":44172627,"uuid":"320434522","full_name":"lengjibo/FourEye","owner":"lengjibo","description":"AV Evasion Tool For Red Team Ops","archived":false,"fork":false,"pushed_at":"2021-12-08T11:55:15.000Z","size":2453,"stargazers_count":753,"open_issues_count":3,"forks_count":153,"subscribers_count":16,"default_branch":"main","last_synced_at":"2024-11-20T03:50:00.396Z","etag":null,"topics":["antivirus-evasion","av-evasion","bypassav","redteam","shellcode"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lengjibo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-12-11T01:29:58.000Z","updated_at":"2024-11-06T06:56:43.000Z","dependencies_parsed_at":"2022-09-22T11:40:42.491Z","dependency_job_id":null,"html_url":"https://github.com/lengjibo/FourEye","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lengjibo%2FFourEye","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lengjibo%2FFourEye/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lengjibo%2FFourEye/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lengjibo%2FFourEye/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lengjibo","download_url":"https://codeload.github.com/lengjibo/FourEye/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225712576,"owners_count":17512427,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["antivirus-evasion","av-evasion","bypassav","redteam","shellcode"],"created_at":"2024-08-04T17:00:51.298Z","updated_at":"2024-11-21T10:30:32.744Z","avatar_url":"https://github.com/lengjibo.png","language":"C","funding_links":[],"categories":["C"],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e FourEye（重明） - AV Evasion Tool For Red Team Ops\u003c/h1\u003e\n\n用于快速生成免杀的 EXE 可执行文件，目前拥有三种免杀方法。\n\n```\n ______                   ___           \n(_) |                    / (_)          \n   _|_  __          ,_   \\__         _  \n  / | |/  \\_|   |  /  |  /    |   | |/  \n (_/   \\__/  \\_/|_/   |_/\\___/ \\_/|/|__/\n                                 /|     \n                                 \\|   \n\n\n                    v1.8 stable !\n                    author lengyi@HongHuSec Lab !\n\n FourEye BypassFrameWork | BypassAV your shellcode \u0026\u0026 exe \n```\n\n## 声明\n![#f03c15](https://via.placeholder.com/15/f03c15/000000?text=+) 仅限用于技术研究和获得正式授权的测试活动。\n\n## 安装方法\n\n推荐使用kali linux系统安装.\n\n\u003e git clone https://github.com/lengjibo/FourEye.git\n\n\u003e cd FourEye\n\n\u003e chmod 755 setup.sh \n\n\u003e ./setup.sh\n\n\u003e python3 BypassFramework.py\n\n\n**因为是linux下编译，所以编译文件会有体积大的问题，该工具为三天内的产物，可能有不少bug，欢迎在issus处与我反馈**\n\n\n## 使用方法\n\n### shellcode\n\n\u003e python3 BypassFramework.py\n\n![image](https://raw.githubusercontent.com/lengjibo/FourEye/main/image/1.png)\n\n\u003e 选择shellcode\n\n![image](https://raw.githubusercontent.com/lengjibo/FourEye/main/image/2.png)\n\n\u003e 选择免杀方式，1：Fiber、2：APC、3：图片分离，选择加密方式，xor或者rot13，然后输入shellcode，选择位数，x64或者x86\n\n![image](https://raw.githubusercontent.com/lengjibo/FourEye/main/image/3.png)\n\n\u003e 执行execute\n\n![image](https://raw.githubusercontent.com/lengjibo/FourEye/main/image/4.png)\n\n\n### exe\n\n\u003e 选择exe，然后输入exe即可\n\n\n![image](https://raw.githubusercontent.com/lengjibo/FourEye/main/image/5.png)\n\n\n### demo。已上传至B站。\n\nhttps://www.bilibili.com/video/BV1zy4y1S7ZM/\n\nhttps://www.bilibili.com/video/BV1Sh411Z7qc\n\nhttps://www.bilibili.com/video/BV1b54y1x7RT\n\n## 引用\n\n大多数方法均为网上已经公开的方法，本人只是对其整合、优化，多来自于ired，感谢其分享精神。\n\n## update\n\n2020.2.03: 火绒已对其标记，且用且珍惜\n\n2020.12.14：增加其对exe的免杀，方法参考@bats3c，若使用报错请安装x86_64-w64-mingw32-gcc\n\n2021.01.03: 增加x86、x64的支持\n\n2021.01.09: 隐藏窗口\n\n2021.01.26: 增加UUID免杀方法，修复部分bug,增加安装脚本@zhzyker\n\n\n## TODO\n\n- 增加更多的免杀、shellcode加密方法\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flengjibo%2FFourEye","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flengjibo%2FFourEye","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flengjibo%2FFourEye/lists"}