GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → tokyoneon → Armor

tokyoneon / Armor

Armor is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners.

Programming Languages

shell
77523 projects

Labels

macosencryptionosxpenetration-testingencodingkali-linuxopensslpayloadattackinformation-securityantiviruskaliantivirus-evasion

Projects that are alternatives of or similar to Armor

Chimera
Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
Stars: ✭ 463 (+103.07%)
Mutual labels:  kali-linux, penetration-testing, payload, attack, information-security, antivirus, kali, antivirus-evasion
Lscript
The LAZY script will make your life easier, and of course faster.
Stars: ✭ 3,056 (+1240.35%)
Mutual labels:  kali-linux, penetration-testing, payload, antivirus-evasion
Z0172CK-Tools
Hacking Tools Z0172CK
Stars: ✭ 31 (-86.4%)
Mutual labels:  attack, kali-linux, payload
Quiver
Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.
Stars: ✭ 140 (-38.6%)
Mutual labels:  kali-linux, penetration-testing, kali
Rapidpayload
Framework RapidPayload - Metasploit Payload Generator | Crypter FUD AntiVirus Evasion
Stars: ✭ 174 (-23.68%)
Mutual labels:  kali-linux, penetration-testing, antivirus-evasion
anubis
Captive wifi hotspot bypass tool for Linux
Stars: ✭ 46 (-79.82%)
Mutual labels:  penetration-testing, information-security, kali-linux
Webspoilt
This script will you help to find the information about the website and to help in penetrating testing
Stars: ✭ 34 (-85.09%)
Mutual labels:  penetration-testing, kali-linux, kali
Webkiller
Tool Information Gathering Write By Python.
Stars: ✭ 300 (+31.58%)
Mutual labels:  kali-linux, penetration-testing, kali
Infosec reference
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Stars: ✭ 4,162 (+1725.44%)
Mutual labels:  osx, penetration-testing, information-security
Msfpc
MSFvenom Payload Creator (MSFPC)
Stars: ✭ 808 (+254.39%)
Mutual labels:  kali-linux, payload, kali
Proton
Proton Framework is a Windows post-exploitation framework similar to other Windows post-exploitation frameworks. The major difference is that the Proton Framework does most of its operations using Windows Script Host, with compatibility in the core to support a default installation of Windows 2000 with no service packs all the way through Windows 10.
Stars: ✭ 142 (-37.72%)
Mutual labels:  kali-linux, payload
Qemu Images
A collection of disk images and virtual machines that can be used by the QEMU emulator
Stars: ✭ 145 (-36.4%)
Mutual labels:  kali-linux, kali
Antimalware Research
Research on Anti-malware and other related security solutions
Stars: ✭ 163 (-28.51%)
Mutual labels:  antivirus, antivirus-evasion
Relayer
SMB Relay Attack Script
Stars: ✭ 136 (-40.35%)
Mutual labels:  payload, kali
Cyberchef
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
Stars: ✭ 13,674 (+5897.37%)
Mutual labels:  encoding, encryption
Reconnoitre
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Stars: ✭ 1,824 (+700%)
Mutual labels:  kali-linux, penetration-testing
Lhttps
Create https for local development environment or localhost.
Stars: ✭ 172 (-24.56%)
Mutual labels:  osx, openssl
Buffer overflow
Don't let buffer overflows overflow your mind
Stars: ✭ 131 (-42.54%)
Mutual labels:  penetration-testing, information-security
Mutual Tls Ssl
🔐 Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC examples are included
Stars: ✭ 163 (-28.51%)
Mutual labels:  encryption, openssl
Wifi Txpower Unlocker
Stars: ✭ 173 (-24.12%)
Mutual labels:  kali-linux, kali
View All Similar Projects ➔

Armor

Armor is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners. Below is an example gif of Armor being used with a simple Netcat payload.

Armor

A Netcat listener is started on port 4444. The "payload.txt" file is read and shown to contain a simple Bash one-liner that, when executed, will create a TCP connection between the target MacBook at the attacker's Netcat listener. Armor is used to encrypt the bash one-liner. Ncat is used to host the decryption key on the attacker's server. When the stager is executed in the target MacBook (not shown in the gif), the bash one-liner is decrypted and executed without writing any data to the harddrive. Ncat immediately terminates the listener after the key has been used. When the Netcat connection is established, the attacker has remote access to the target MacBook.

Admittedly, encrypting most macOS-specific payloads is overkill. This specific bash one-liner is capable of bypassing antivirus without the help of Armor. But this is just an exmaple. The same degree of obfuscation can be applied to sophisticated Python, Ruby, and Shell scripts designed to execute a variety of advanced attacks.

Installation

Armor relies on LibreSSL to encrypt the input file and create the SSL certificate. If LibreSSL isn't found in your system, Armor will attempt to install it. The function for this can be found in the armor.sh file. Ncat is also a dependency and can be installed in Kali using $ apt-get update && apt-get install nmap.

Armor can be cloned and executed using the below commands.

git clone https://github.com/tokyoneon/Armor
cd Armor/
chmod +x armor.sh
./armor.sh /path/to/payload.txt 1.2.3.4 443

The 1.2.3.4 address is the attacker's IP address where the decryption key will be hosted. This can be a local IP address or VPS. The port number (443), is arbitrary and can be changed as needed.

Questions and concerns:

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].