{"id":13842904,"url":"https://github.com/zeroSteiner/crimson-forge","last_synced_at":"2025-07-11T17:32:08.970Z","repository":{"id":44543510,"uuid":"165701669","full_name":"zeroSteiner/crimson-forge","owner":"zeroSteiner","description":"Sustainable shellcode evasion","archived":false,"fork":false,"pushed_at":"2024-12-11T17:10:05.000Z","size":493,"stargazers_count":109,"open_issues_count":2,"forks_count":9,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-05-26T06:09:46.057Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zeroSteiner.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-01-14T17:10:41.000Z","updated_at":"2025-04-17T00:36:20.000Z","dependencies_parsed_at":"2024-10-26T20:33:25.437Z","dependency_job_id":"a123a6b1-fd11-4790-9091-f8050086ed21","html_url":"https://github.com/zeroSteiner/crimson-forge","commit_stats":{"total_commits":165,"total_committers":1,"mean_commits":165.0,"dds":0.0,"last_synced_commit":"a99ace9d8cdeb01b33bfdb85b1bf234fcbda86c0"},"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/zeroSteiner/crimson-forge","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zeroSteiner%2Fcrimson-forge","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zeroSteiner%2Fcrimson-forge/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zeroSteiner%2Fcrimson-forge/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zeroSteiner%2Fcrimson-forge/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zeroSteiner","download_url":"https://codeload.github.com/zeroSteiner/crimson-forge/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zeroSteiner%2Fcrimson-forge/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264862476,"owners_count":23674981,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:01:50.395Z","updated_at":"2025-07-11T17:32:08.652Z","avatar_url":"https://github.com/zeroSteiner.png","language":"Python","funding_links":[],"categories":["Python","Python (1887)"],"sub_categories":[],"readme":".. image:: https://github.com/securestate/crimson-forge/blob/master/data/crimson-forge-logo.png\n\nCrimson Forge\n=============\n\nCrimson Forge intends to provide sustainable evasion capabilities for native\ncode on the x86 and AMD64 architectures. It achieves this by rewriting the input\ncode utilizing the following two techniques:\n\n**Shuffling:** Instructions are shuffled into a new order at the basic block\nlevel. This is a reliable technique and does not modify the size of resulting\nbinary.\n\n**Alterations:** Instructions are swapped with functional equivalents,\neffectively de-optimizing them. New instructions are inserted into the same\ngraph used by the Shuffling technique, allowing them to be reordered as well.\n\nDue to the nature of the re-writing, it is not necessary for processed shellcode\nto exist within writeable memory. This eliminates a very common pattern which is\nidentified as malicious by many AV and EDR systems.\n\nInstallation\n------------\n\nSee the `INSTALL.md \u003cINSTALL.md\u003e`__ for installation instructions.\n\nGetting Started\n---------------\n\nOnce installed, utilize the primary command line interface at\n``./crimson-forge``. The help menu documents each of the options. Basic usage\nincludes specifying an architecture (e.g. ``amd64`` or ``x86``), providing an\ninput file, and specifying an output file. By default both the input and output\nfiles are expected to be raw shellcode, not executable files such EXEs. Use the\n``--format`` and ``--output-format`` options to specify the input and output\ndata formats respectively. Note that the ``--output-format`` option can be\nspecified multiple times. Additionally, arguments can be defined in a file one\nper line and passed using the syntax ``./crimson-forge @file/with/args.txt``.\nSee `data/common-arguments.txt \u003cdata/common-arguments.txt\u003e`__ as an example.\n\nKnown Limitations\n-----------------\n\n**Unstaged Payloads:** Unstaged payloads as generated by the Metasploit\nFramework are currently not functional due to the constraints on the file\nformat.\n\n**Tainted References:** Certain payloads retrieve references to their location\nin memory and then apply a static offset to it. Crimson Forge has no way to\nidentify the significance of the static offset which will change when\n*Alterations* are applied. Crimson Forge will attempt to identify instances\nwhere this occurs and will disable *Alterations* altogether to ensure a\nfunctional output is produced. However, disabling *Alterations* limits the\ncapability to generate unique binaries.\n\n**Encoded Payloads:** All encoding modules within the Metasploit Framework\nrequire the shellcode to be placed in memory with Read, Write and Execute (RWX)\npermissions. This defeats the purpose of Crimson Forge. See also *Tainted\nReferences*. \n\n**Overlapping Instructions:** In certain, theoretical scenarios instructions may\noverlap with one another. This would be the case where one instruction jumps or\ncalls an address within another instruction. This would cause the block-level\nanalysis to be misaligned.\n\nThe following example would result in a jump into the body of the move\ninstruction resulting in the flow of execution being `jmp $+3, inc eax` rather\nthan what is stated.\n\n.. code:: asm\n\n  jmp  $+3\n  mov  eax, 0xc0ff0000\n\nTechnical Documentation\n-----------------------\n\nThe existing technical documentation of the internal API is able to be built\nwith Sphinx. Build the documentation with the following command:\n\n  sphinx-build -a -E -v -b html docs/source docs/html\n\nCredits\n-------\n\nCrimson Forge was originally designed and developed by RSM US LLP in Q1 of 2019\nas part of an offensive security research and development initiative.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FzeroSteiner%2Fcrimson-forge","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FzeroSteiner%2Fcrimson-forge","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FzeroSteiner%2Fcrimson-forge/lists"}