{"id":21995272,"url":"https://github.com/rek7/fireelf","last_synced_at":"2025-04-05T08:07:18.853Z","repository":{"id":45897917,"uuid":"181957835","full_name":"rek7/fireELF","owner":"rek7","description":"fireELF - Fileless Linux Malware Framework","archived":false,"fork":false,"pushed_at":"2019-04-17T21:42:38.000Z","size":146,"stargazers_count":664,"open_issues_count":0,"forks_count":112,"subscribers_count":24,"default_branch":"master","last_synced_at":"2025-03-29T07:07:37.929Z","etag":null,"topics":["backdoor","exploit-development","exploitation","exploitation-framework","framework","linux","malware","malware-development","pentesting","python","redteam","security","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rek7.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-04-17T19:45:23.000Z","updated_at":"2025-03-27T06:45:52.000Z","dependencies_parsed_at":"2022-08-22T19:10:41.702Z","dependency_job_id":null,"html_url":"https://github.com/rek7/fireELF","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rek7%2FfireELF","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rek7%2FfireELF/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rek7%2FfireELF/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rek7%2FfireELF/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rek7","download_url":"https://codeload.github.com/rek7/fireELF/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247305934,"owners_count":20917208,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backdoor","exploit-development","exploitation","exploitation-framework","framework","linux","malware","malware-development","pentesting","python","redteam","security","security-tools"],"created_at":"2024-11-29T21:13:53.252Z","updated_at":"2025-04-05T08:07:18.807Z","avatar_url":"https://github.com/rek7.png","language":"Python","readme":"# fireELF\n[![License](https://img.shields.io/badge/license-MIT-green.svg)](https://github.com/rek7/fireELF/blob/master/LICENSE)\n\nfireELF is a opensource fileless linux malware framework thats crossplatform and allows users to easily create and manage payloads. By default is comes with 'memfd_create' which is a new way to run linux elf executables completely from memory, without having the binary touch the harddrive.\n## Screenshots\n![Screenshot](img/ss1.png)\n![Screenshot](img/ss2.png)\n## Features\n* Choose and build payloads\n* Ability to minify payloads\n* Ability to shorten payloads by uploading the payload source to a pastebin, it then creates a very small stager compatible with python \u003c= 2.7 which allows for easy deployment\n* Output created payload to file\n* Ability to create payload from either a url or a local binary\n\n## Included payload memfd_create\nThe only included payload 'memfd_create' is based on the research of [Stuart](https://magisterquis.github.io/2018/03/31/in-memory-only-elf-execution.html), this payload creates an anonymous file descriptor in memory it then uses fexecve to execute the binary directly from the file descriptor. This allows for the execution completely in memory which means that if the linux system gets restarted, the payload will be no where to be found.\n## Creating a Payload\nBy default fireELF comes with 'memfd_create' but users can develop their own payloads. By default the payloads are stored in payloads/ and in order to create a valid payload you simply need to include a dictonary named 'desc' with the parameters 'name', 'description', 'archs', and 'python_vers'. An example desc dictonary is below:\n\n```python\ndesc = {\"name\" : \"test payload\", \"description\" : \"new memory injection or fileless elf payload\", \"archs\" : \"all\", \"python_vers\" : \"\u003e2.5\"}\n```\n\nIn addition to the 'desc' dictonary the entry point the plugin engine i built uses requires a main function which will automatically get passed two parameters, one is a boolean that if its true it means its getting passed a url the second parameter it gets passed is the data. An example of a simple entry point is below:\n```python\ndef main(is_url, url_or_payload):\n    return\n```\nIf you have a method feel free to commit a payload!\n## Installation\nDownload the dependencies by running: \n\n```\npip3 -U -r dep.txt\n```\n\nfireELF is developed in [Python](http://www.python.org/download/) 3.x.x\n## Usage\n```\nusage: main.py [-h] [-s] [-p PAYLOAD_NAME] [-w PAYLOAD_FILENAME]\n               (-u PAYLOAD_URL | -e EXECUTABLE_PATH)\n\nfireELF, Linux Fileless Malware Generator\n\noptional arguments:\n  -h, --help           show this help message and exit\n  -s                   Supress Banner\n  -p PAYLOAD_NAME      Name of Payload to Use\n  -w PAYLOAD_FILENAME  Name of File to Write Payload to (Highly Recommended if\n                       You're not Using the Paste Site Option)\n  -u PAYLOAD_URL       Url of Payload to be Executed\n  -e EXECUTABLE_PATH   Location of Executable\n  ```\n","funding_links":[],"categories":["\u003ca id=\"a63015576552ded272a242064f3fe8c9\"\u003e\u003c/a\u003eELF"],"sub_categories":["\u003ca id=\"929786b8490456eedfb975a41ca9da07\"\u003e\u003c/a\u003e工具"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frek7%2Ffireelf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frek7%2Ffireelf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frek7%2Ffireelf/lists"}