GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → rek7 → Fireelf

rek7 / Fireelf

Licence: mit
fireELF - Fileless Linux Malware Framework

Programming Languages

python
139335 projects - #7 most used programming language

Labels

linuxsecurityframeworksecurity-toolspentestingmalwareredteamexploitationexploitation-framework

Projects that are alternatives of or similar to Fireelf

Mxtract
mXtract - Memory Extractor & Analyzer
Stars: ✭ 499 (+14.71%)
Mutual labels:  security-tools, pentesting, malware, redteam, exploitation
Exploitpack
Exploit Pack -The next generation exploit framework
Stars: ✭ 728 (+67.36%)
Mutual labels:  security-tools, pentesting, exploitation, exploitation-framework
Diamorphine
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
Stars: ✭ 725 (+66.67%)
Mutual labels:  security-tools, pentesting, malware, redteam
Winpwn
Automation for internal Windows Penetrationtest / AD-Security
Stars: ✭ 1,303 (+199.54%)
Mutual labels:  pentesting, redteam, exploitation
Pentesting Bible
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+1964.6%)
Mutual labels:  pentesting, malware, redteam
Impost3r
👻Impost3r -- A linux password thief
Stars: ✭ 355 (-18.39%)
Mutual labels:  security-tools, pentesting, redteam
Prismatica
Responsive Command and Control System
Stars: ✭ 81 (-81.38%)
Mutual labels:  pentesting, exploitation, exploitation-framework
Arissploit
Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.
Stars: ✭ 114 (-73.79%)
Mutual labels:  pentesting, exploitation, exploitation-framework
Stowaway
👻Stowaway -- Multi-hop Proxy Tool for pentesters
Stars: ✭ 500 (+14.94%)
Mutual labels:  security-tools, pentesting, redteam
Awesome Mobile Security
An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.
Stars: ✭ 1,837 (+322.3%)
Mutual labels:  security-tools, pentesting, redteam
Pentesting Cookbook
A set of recipes useful in pentesting and red teaming scenarios
Stars: ✭ 82 (-81.15%)
Mutual labels:  security-tools, pentesting, redteam
Nimscan
🚀 Fast Port Scanner 🚀
Stars: ✭ 134 (-69.2%)
Mutual labels:  security-tools, pentesting, redteam
Arsenal
Extensible Red Team Framework
Stars: ✭ 99 (-77.24%)
Mutual labels:  framework, malware, redteam
Fdsploit
File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (-54.25%)
Mutual labels:  security-tools, pentesting, exploitation
A Red Teamer Diaries
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (-12.18%)
Mutual labels:  security-tools, pentesting, redteam
Suid3num
A standalone python script which utilizes python's built-in modules to enumerate SUID binaries, separate default binaries from custom binaries, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! ( ͡~ ͜ʖ ͡°)
Stars: ✭ 342 (-21.38%)
Mutual labels:  pentesting, exploitation
Ttps
Tactics, Techniques, and Procedures
Stars: ✭ 335 (-22.99%)
Mutual labels:  pentesting, redteam
Sqli Hunter
SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.
Stars: ✭ 340 (-21.84%)
Mutual labels:  pentesting, exploitation
Reconnote
Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security professionals & bug-hunters
Stars: ✭ 322 (-25.98%)
Mutual labels:  security-tools, pentesting
Cobalt strike extension kit
Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.
Stars: ✭ 345 (-20.69%)
Mutual labels:  pentesting, redteam
View All Similar Projects ➔

fireELF

License

fireELF is a opensource fileless linux malware framework thats crossplatform and allows users to easily create and manage payloads. By default is comes with 'memfd_create' which is a new way to run linux elf executables completely from memory, without having the binary touch the harddrive.

Screenshots

Screenshot Screenshot

Features

  • Choose and build payloads
  • Ability to minify payloads
  • Ability to shorten payloads by uploading the payload source to a pastebin, it then creates a very small stager compatible with python <= 2.7 which allows for easy deployment
  • Output created payload to file
  • Ability to create payload from either a url or a local binary

Included payload memfd_create

The only included payload 'memfd_create' is based on the research of Stuart, this payload creates an anonymous file descriptor in memory it then uses fexecve to execute the binary directly from the file descriptor. This allows for the execution completely in memory which means that if the linux system gets restarted, the payload will be no where to be found.

Creating a Payload

By default fireELF comes with 'memfd_create' but users can develop their own payloads. By default the payloads are stored in payloads/ and in order to create a valid payload you simply need to include a dictonary named 'desc' with the parameters 'name', 'description', 'archs', and 'python_vers'. An example desc dictonary is below:

desc = {"name" : "test payload", "description" : "new memory injection or fileless elf payload", "archs" : "all", "python_vers" : ">2.5"}

In addition to the 'desc' dictonary the entry point the plugin engine i built uses requires a main function which will automatically get passed two parameters, one is a boolean that if its true it means its getting passed a url the second parameter it gets passed is the data. An example of a simple entry point is below:

def main(is_url, url_or_payload):
    return

If you have a method feel free to commit a payload!

Installation

Download the dependencies by running:

pip3 -U -r dep.txt

fireELF is developed in Python 3.x.x

Usage

usage: main.py [-h] [-s] [-p PAYLOAD_NAME] [-w PAYLOAD_FILENAME]
               (-u PAYLOAD_URL | -e EXECUTABLE_PATH)

fireELF, Linux Fileless Malware Generator

optional arguments:
  -h, --help           show this help message and exit
  -s                   Supress Banner
  -p PAYLOAD_NAME      Name of Payload to Use
  -w PAYLOAD_FILENAME  Name of File to Write Payload to (Highly Recommended if
                       You're not Using the Paste Site Option)
  -u PAYLOAD_URL       Url of Payload to be Executed
  -e EXECUTABLE_PATH   Location of Executable
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].