https://github.com/lengjibo/FourEye

AV Evasion Tool For Red Team Ops
https://github.com/lengjibo/FourEye

antivirus-evasion av-evasion bypassav redteam shellcode

Last synced: 3 months ago
JSON representation

AV Evasion Tool For Red Team Ops

• Host: GitHub
• URL: https://github.com/lengjibo/FourEye
• Owner: lengjibo
• License: apache-2.0
• Created: 2020-12-11T01:29:58.000Z (almost 4 years ago)
• Default Branch: main
• Last Pushed: 2021-12-08T11:55:15.000Z (almost 3 years ago)
• Last Synced: 2024-05-02T18:07:57.463Z (6 months ago)
• Topics: antivirus-evasion, av-evasion, bypassav, redteam, shellcode
• Language: C
• Homepage:
• Size: 2.34 MB
• Stars: 739
• Watchers: 16
• Forks: 152
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-hacking-lists - lengjibo/FourEye - AV Evasion Tool For Red Team Ops (C)

README

        
 FourEye（重明） - AV Evasion Tool For Red Team Ops


用于快速生成免杀的 EXE 可执行文件，目前拥有三种免杀方法。

```

 ______                   ___           

(_) |                    / (_)          

   _|_  __          ,_   \__         _  

  / | |/  \_|   |  /  |  /    |   | |/  

 (_/   \__/  \_/|_/   |_/\___/ \_/|/|__/

                                 /|     

                                 \|   

                    v1.8 stable !

                    author lengyi@HongHuSec Lab !

 FourEye BypassFrameWork | BypassAV your shellcode && exe 

```

## 声明

![#f03c15](https://via.placeholder.com/15/f03c15/000000?text=+) 仅限用于技术研究和获得正式授权的测试活动。

## 安装方法

推荐使用kali linux系统安装.

> git clone https://github.com/lengjibo/FourEye.git

> cd FourEye

> chmod 755 setup.sh 

> ./setup.sh

> python3 BypassFramework.py

**因为是linux下编译，所以编译文件会有体积大的问题，该工具为三天内的产物，可能有不少bug，欢迎在issus处与我反馈**

## 使用方法

### shellcode

> python3 BypassFramework.py

![image](https://raw.githubusercontent.com/lengjibo/FourEye/main/image/1.png)

> 选择shellcode

![image](https://raw.githubusercontent.com/lengjibo/FourEye/main/image/2.png)

> 选择免杀方式，1：Fiber、2：APC、3：图片分离，选择加密方式，xor或者rot13，然后输入shellcode，选择位数，x64或者x86

![image](https://raw.githubusercontent.com/lengjibo/FourEye/main/image/3.png)

> 执行execute

![image](https://raw.githubusercontent.com/lengjibo/FourEye/main/image/4.png)

### exe

> 选择exe，然后输入exe即可

![image](https://raw.githubusercontent.com/lengjibo/FourEye/main/image/5.png)

### demo。已上传至B站。

https://www.bilibili.com/video/BV1zy4y1S7ZM/

https://www.bilibili.com/video/BV1Sh411Z7qc

https://www.bilibili.com/video/BV1b54y1x7RT

## 引用

大多数方法均为网上已经公开的方法，本人只是对其整合、优化，多来自于ired，感谢其分享精神。

## update

2020.2.03: 火绒已对其标记，且用且珍惜

2020.12.14：增加其对exe的免杀，方法参考@bats3c，若使用报错请安装x86_64-w64-mingw32-gcc

2021.01.03: 增加x86、x64的支持

2021.01.09: 隐藏窗口

2021.01.26: 增加UUID免杀方法，修复部分bug,增加安装脚本@zhzyker

## TODO

- 增加更多的免杀、shellcode加密方法