Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/lengjibo/FourEye
AV Evasion Tool For Red Team Ops
https://github.com/lengjibo/FourEye
antivirus-evasion av-evasion bypassav redteam shellcode
Last synced: 21 days ago
JSON representation
AV Evasion Tool For Red Team Ops
- Host: GitHub
- URL: https://github.com/lengjibo/FourEye
- Owner: lengjibo
- License: apache-2.0
- Created: 2020-12-11T01:29:58.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2021-12-08T11:55:15.000Z (about 3 years ago)
- Last Synced: 2024-11-20T03:50:00.396Z (22 days ago)
- Topics: antivirus-evasion, av-evasion, bypassav, redteam, shellcode
- Language: C
- Homepage:
- Size: 2.34 MB
- Stars: 753
- Watchers: 16
- Forks: 153
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - lengjibo/FourEye - AV Evasion Tool For Red Team Ops (C)
README
FourEye(重明) - AV Evasion Tool For Red Team Ops
用于快速生成免杀的 EXE 可执行文件,目前拥有三种免杀方法。
```
______ ___
(_) | / (_)
_|_ __ ,_ \__ _
/ | |/ \_| | / | / | | |/
(_/ \__/ \_/|_/ |_/\___/ \_/|/|__/
/|
\|v1.8 stable !
author lengyi@HongHuSec Lab !FourEye BypassFrameWork | BypassAV your shellcode && exe
```## 声明
![#f03c15](https://via.placeholder.com/15/f03c15/000000?text=+) 仅限用于技术研究和获得正式授权的测试活动。## 安装方法
推荐使用kali linux系统安装.
> git clone https://github.com/lengjibo/FourEye.git
> cd FourEye
> chmod 755 setup.sh
> ./setup.sh
> python3 BypassFramework.py
**因为是linux下编译,所以编译文件会有体积大的问题,该工具为三天内的产物,可能有不少bug,欢迎在issus处与我反馈**
## 使用方法
### shellcode
> python3 BypassFramework.py
![image](https://raw.githubusercontent.com/lengjibo/FourEye/main/image/1.png)
> 选择shellcode
![image](https://raw.githubusercontent.com/lengjibo/FourEye/main/image/2.png)
> 选择免杀方式,1:Fiber、2:APC、3:图片分离,选择加密方式,xor或者rot13,然后输入shellcode,选择位数,x64或者x86
![image](https://raw.githubusercontent.com/lengjibo/FourEye/main/image/3.png)
> 执行execute
![image](https://raw.githubusercontent.com/lengjibo/FourEye/main/image/4.png)
### exe
> 选择exe,然后输入exe即可
![image](https://raw.githubusercontent.com/lengjibo/FourEye/main/image/5.png)
### demo。已上传至B站。
https://www.bilibili.com/video/BV1zy4y1S7ZM/
https://www.bilibili.com/video/BV1Sh411Z7qc
https://www.bilibili.com/video/BV1b54y1x7RT
## 引用
大多数方法均为网上已经公开的方法,本人只是对其整合、优化,多来自于ired,感谢其分享精神。
## update
2020.2.03: 火绒已对其标记,且用且珍惜
2020.12.14:增加其对exe的免杀,方法参考@bats3c,若使用报错请安装x86_64-w64-mingw32-gcc
2021.01.03: 增加x86、x64的支持
2021.01.09: 隐藏窗口
2021.01.26: 增加UUID免杀方法,修复部分bug,增加安装脚本@zhzyker
## TODO
- 增加更多的免杀、shellcode加密方法