{"id":26863890,"url":"https://github.com/sayan690/weaponised-dfe","last_synced_at":"2026-04-10T01:06:44.686Z","repository":{"id":285240161,"uuid":"957469705","full_name":"Sayan690/Weaponised-DFE","owner":"Sayan690","description":"Fetch a remote C# Assembly and execute it in memory using Assembly.Load","archived":false,"fork":false,"pushed_at":"2025-03-30T14:09:46.000Z","size":9,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-30T14:33:04.007Z","etag":null,"topics":["command-and-control","csharp","dotnet","dotnet-assembly","fileless-malware","flask","python3","ssl-certificates","tls-certificate"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Sayan690.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-30T13:05:02.000Z","updated_at":"2025-03-30T14:09:49.000Z","dependencies_parsed_at":"2025-03-30T14:43:10.855Z","dependency_job_id":null,"html_url":"https://github.com/Sayan690/Weaponised-DFE","commit_stats":null,"previous_names":["sayan690/weaponised-dfe"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sayan690%2FWeaponised-DFE","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sayan690%2FWeaponised-DFE/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sayan690%2FWeaponised-DFE/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sayan690%2FWeaponised-DFE/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Sayan690","download_url":"https://codeload.github.com/Sayan690/Weaponised-DFE/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246413363,"owners_count":20773052,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["command-and-control","csharp","dotnet","dotnet-assembly","fileless-malware","flask","python3","ssl-certificates","tls-certificate"],"created_at":"2025-03-31T03:33:06.840Z","updated_at":"2025-12-30T23:15:32.187Z","avatar_url":"https://github.com/Sayan690.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# DotnetFilelessExecution\n\n## Overview\n\nWeaponised DFE is the advanced implementation of DotnetFilelessExecution. It can fetch a remote .NET Assembly, and execute it filelessly (in memory), i.e., without having to save it on the disk, all while being more secure, and undetectable than the previous DotnetFilelessExecution.\n\n## Watch the DEMO\n\n[![Watch the demo](https://img.youtube.com/vi/X9_8joF9UgA/0.jpg)](https://www.youtube.com/watch?v=X9_8joF9UgA)\n\n## Compilation\n\nI have used direct command-line compilation using the `dotnet` command, but of course you can use Visual Studio.\n\nBtw, before compiling make sure to change the attacker ip address.\n\nFor me, here are the compilation steps ...\n```cmd\ncd Weaponised-DFE\ndotnet add package Microsoft.CodeAnalysis.CSharp.Scripting\ndotnet run\n```\nor\n\n```cmd\ncd Weaponised-DFE\ndotnet add package Microsoft.CodeAnalysis.CSharp.Scripting\ndotnet publish -c Release -r win-x64 --self-contained true -o out\n```\n\n## Usage\n\n- Create openssl keys and certs, as under the auth directory.\n\n```bash\nmkdir auth\nopenssl req -new -x509 -newkey rsa:4096 -nodes -keyout auth/key.pem -out auth/cert.pem -days 10000\n```\n\n- Rename the listening host, port, and the name of the .NET Assembly you want to execute in the `https.py`.\n\n- Rename the connect back attacker ip address in the `toExec.cs`.\n\n- Rename the connect back attacker ip address in the `Program.cs` inside the `Weaponised-DFE` directory before compilation.\n\n- Start the https server on the attacker side\n\n```bash\npython3 https.py\n```\n\n- Run Weaponised-DFE on victim side.\n\n```cmd\ndotnet run\n```\n\nor\n\n```cmd\n.\\Weaponised-DFE.exe\n```\n\n## Note\nFor demonstration purposes, the connect back address is hard coded inside the program, which can be changed as needed.\n\n## Disclaimer\nThis project is intended for educational and security testing purposes only. The author is not responsible for any misuse of this tool.\n\n## Author\nDeveloped by **Sayan Ray** [@BareBones90](https://x.com/BareBones90)\n\n## License\nThis project is licensed under the MIT License - see the LICENSE file for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsayan690%2Fweaponised-dfe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsayan690%2Fweaponised-dfe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsayan690%2Fweaponised-dfe/lists"}