GithubHelp home page GithubHelp logo

minedevelopes / phantom-evasion Goto Github PK

View Code? Open in Web Editor NEW

This project forked from oddcod3/phantom-evasion

0.0 1.0 0.0 126 KB

Python AV evasion tool capable to generate FUD executable even with the most common 32 bit metasploit payload(exe/elf/dmg/apk)

License: GNU General Public License v3.0

Python 100.00%

phantom-evasion's Introduction

PHANTOM EVASION

Version 0.2 released!

Phantom-Evasion is a malware stub generator tool written in python. The aim of this tool is to make antivirus evasion an easy task for pentesters with the use of prewritten modules capable to generate (almost) undetectable executable even with most common 32 bit metasploit payload. This tool combine AV Sandbox detection with static analysis evasion

Format: exe/elf/apk/dmg

MODULE TYPE:

Windows,Linux,Android,Osx,Universal (Platform-Target)

Universal modules produces malware stub executable using pyinstaller for the OS used during generation process.

New: FUD msfvenom 64bit payload

Now 64 bit payloads are fully supported and completely FUD

New: Custom Encoder

New multibyte xor encoder with C decryption stub compatible with msfvenom and custom payloads

New: Powershell payload support

New powershell oneline dropper usefull to drop empire oneline payload

New powershell script dropper support msfvenom powershell payloads and custom powershell payload

Powershell script dropper can't execute 32 bit powershell payload on 64 bit target Be sure in that case to use 64 bit payload

Getting Started

Simply git clone or download and unzip Phantom-Evasion folder

Installing

kali linux:

The best. Actually the only OS truly supported.

Automatic setup, simply launch with:

python phantom-evasion.py

or:

chmod +x ./phantom-evasion.py

./phantom-evasion.py

windows 10

Install python 2.7

You need to install dependencies manually:

Install & setup gcc,cygwin,pyinstaller,apktool,openssl,metasploit

remember to set Environment variables

go to phantom-evasion folder and launch:

py phantom-evasion.py

linux with apt:

You need to manually install metasploit framework if not present then:

Automatic setup, simply launch with:

python phantom-evasion.py

or:

chmod +x ./phantom-evasion.py

./phantom-evasion.py

linux no apt:

You need to install dependencies manually:

Install & setup gcc,mingw-w64,pyinstaller,apktool,openssl,metasploit,zipalign

Module choice

Modules which targets specified platform are prefixed with Windows,Linux,Android,OSX,

Universal modules create an executable type dependending on which platform is used during generation process (pyinstaller)

Modules options

Multipath modules support both msfvenom payload or custom shellcode

Powershell oneline dropper support empire one-liner payload

Powershell script dropper support msfvenom powershell payloads or custom powershell scripts

Android msvenom smali obfuscator module support both msfvenom payload obfuscation and injection in existing apk (if apktool succeed in baksmailing the apk)

Pytherpreter modules supports all python msfvenom payload

Warning

Never rename generated executable (choose file name during generation process)

Actually there is no error checking routine on user input!! Be sure to input options correctly!!

PYTHON3 COMPATIBILITY TEMPORARILY SUSPENDED!

Like Jon Snow "I know nothing"

Cross platform autocompile SUPPORTED:

Using linux :

GCC used to compile source code to ELF format

Mingw-w64 used to compile source code to EXE format

Pyinstaller used to generate pyhton ELF execuatable

in windows:

GCC used to compile source code to EXE format

Cygwin > AUTOCOMPILE ELF not supported

Pyinstaller used to generate python EXE executable

When using "msfvenom payload" options phantom evasion will autocompile 32 bit executable when a 32 bit payload is selected Instead 64 bit executable will be generated using 64 bit payload

Example:

Windows/meterpreter/reverse_tcp  (autocompiled to exe 32 bit)

Windows/x64/meterpreter/reverse_tcp (autocompiled to exe 64 bit)

Equivalent for linux modules

When using "Polymorphic Powershell Script Dropper" remember that 32 bit powershell payloads are not compatible with 64 bit powershell target and vice versa

license

GPLv3.0

Want to Donate?

if you like my code you can buy me a beer

Bitcoin (BTC) :   1GgvVkgagqVcmWyppG8xPCjEpfhhUgyyJQ

Litecoin (LTC) :   LhUnmVNC7wcBCb1uiZ9S2AKkvTDSDHJB6H

Ethereum (ETH) :   0xb025bcF5b4D7F9Fd26a2D4B1412D1c0776C7B2E9

phantom-evasion's People

Contributors

oddcod3 avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.