Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/x86-512/metamorpheus
A metamorphic shellcode obfuscator capable of generating more unique shellcodes than there are atoms in the OBSERVABLE UNIVERSE and designed for shellcodes/implants that need to run in W^X memory.
https://github.com/x86-512/metamorpheus
av-evasion backdoor c2 code-mutation exploit implant metamorphic obfuscator polymorphic shellcode
Last synced: 14 days ago
JSON representation
A metamorphic shellcode obfuscator capable of generating more unique shellcodes than there are atoms in the OBSERVABLE UNIVERSE and designed for shellcodes/implants that need to run in W^X memory.
- Host: GitHub
- URL: https://github.com/x86-512/metamorpheus
- Owner: x86-512
- Created: 2024-07-12T01:31:26.000Z (6 months ago)
- Default Branch: main
- Last Pushed: 2024-12-10T20:15:52.000Z (23 days ago)
- Last Synced: 2024-12-10T21:25:12.378Z (23 days ago)
- Topics: av-evasion, backdoor, c2, code-mutation, exploit, implant, metamorphic, obfuscator, polymorphic, shellcode
- Language: Python
- Homepage:
- Size: 363 KB
- Stars: 0
- Watchers: 2
- Forks: 1
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Metamorpheus
Metamorpheus is a polymorphic/metamorphic shellcode obfuscator that is designed to evade signature-based antivirus solutions and payload-based IPS Systems. Shellcode generated with this script is also capable of bypassing some basic dynamic detection mechanisms.
This script is able to generate up to $10^{149}$ different combinations of shellcode, which is more than the number of atoms in the observable universe($10^{80}$).
Some features in this script facilitate sandbox and debugger evasion, while complicating disassembly. This script can also be used to set the C2 ip and port.
Metamorpheus is designed to work in W^X memory regions (you can either write or execute, but not both), so you can place obfuscated code into the .text section of a PE file. It also works on shellcode for exploits.
# How to run
1. Install Dependencies
2. Make a file, with the instruction size (32 or 64) on the first line and the shellcode on the second line. Newlines and " will be ignored. Specify any areas in your shellcode where you need an ip address or port with IP/PORT.
3. Run main.py by its correct syntax, `python3 main.py - --file= IP= PORT=`Shellcode file format:
```
Line 1:
Line 2+:
```# Features
| Feature | Description |
| --- | --- |
| Anti Debug | Checks the trap flag. If it is 1, the program crashes. |
| Garbage Bytes | Adds random bytes to shift the disassembler's perceived instruction locations. |
| Logic Replacement | Changes constants in the program for mov instructions. |
| Long Sleep | Adds a long loop before the shellcode executes. |
| Useless Instructions | Adds useless instructions that have no impact on how the shellcode is run. |These features often involve adding instructions to existing shellcode. Therefore, all subroutine-related instructions are updated correctly with regards to what was added. This will take in to account whether a call is inside or outside of the shellcode and what is between the jump and its target.
# Examples:
Metasploit windows/shell/reverse_tcp with garbage byte insertion:
![Metasploit Reverse TCP Windows x86 Shellcode](examples/msf_windows_reverse_tcp.png)# Issues
- If you are having a disassembly error, please check for any instructions labeled `(bad)` in https://defuse.ca/online-x86-assembler.htm.
- Meterpreter shellcode does not work due to disassembly issues related to Keystone and Capstone.# Dependencies
- Python: At least 3.10
- Pip: At least 22.0.0
- [Library] keystone-engine: At least 0.9.0
- [Library] capstone: At least 5.0.0Open a terminal in the polymorpheus directory and type: `pip install -r requirements.txt`