Search the Community

geacon_pro is an Anti-Virus bypassing CobaltStrike Beacon written in Golang based on the geacon project. geacon_pro supports CobaltStrike version 4.1+ geacon_pro has implemented most functions of Beacon. The core of bypassing Anti-Virus can be reflected in three aspects: There is no CobaltStrike Beacon feature. Viruses written in Golang can bypass the detection of antivirus software to a certain extent. Some dangerous functions which can be easily detected by antivirus software has been changed to more stealthy implementations. Functions Windows platform: sleep, shell, upload, download, exit, cd, pwd, file_browse, ps, kill, getuid, mkdir, rm, cp, mv, run, execute, drives, powershell-import, powershell, execute-assembly, Multiple thread injection methods (you can replace the source code yourself), inject, shinject, dllinject, pipe, Various CobaltStrike native reflection dll injection (mimikatz, portscan, screenshot, keylogger, etc.), steal_token, rev2self, make_token, getprivs, proxy, delete self, timestomp, etc. Supports reflectiveDll, execute-assembly, powershell, powerpick, upload and execute, and other functions of cna custom plugins. Linux, Mac platform: sleep, shell, upload, download, exit, cd, pwd, file_browse, ps, kill, getuid, mkdir, rm, cp, mv, delete self, etc. Process management and file management support graphical interaction. [hide][Hidden Content]]

What is phpMussel? An ideal solution for shared hosting environments, where it’s often not possible to utilize or install conventional anti-virus protection solutions, phpMussel is a PHP script designed to detect trojans, viruses, malware and other threats within files uploaded to your system wherever the script is hooked, based on the signatures of ClamAV and others. For information regarding HOW TO INSTALL {2A+2B} and HOW TO USE {3A+3B} phpMussel, please refer either to the Wiki or to the documentation included within the “_docs” directory of this repository. Features: Licensed as GNU General Public License version 2.0 (GPLv2). Easy to install, easy to customize, easy to use. Works for any system with PHP+PCRE installed, regardless of OS (PHP+PCRE required). Fully configurable based on your needs. Ideal solution for shared hosting services. Ideal solution for forum systems in need of file upload protection. Does NOT require shell access. Does NOT require administrative privileges. CLI mode available (for now, just under Windows, very soon with other OS). Good, strong, stable support base. [hide][Hidden Content]]

What is phpMussel? An ideal solution for shared hosting environments, where it’s often not possible to utilize or install conventional anti-virus protection solutions, phpMussel is a PHP script designed to detect trojans, viruses, malware and other threats within files uploaded to your system wherever the script is hooked, based on the signatures of ClamAV and others. For information regarding HOW TO INSTALL {2A+2B} and HOW TO USE {3A+3B} phpMussel, please refer either to the Wiki or to the documentation included within the “_docs” directory of this repository. Features: Licensed as GNU General Public License version 2.0 (GPLv2). Easy to install, easy to customize, easy to use. Works for any system with PHP+PCRE installed, regardless of OS (PHP+PCRE required). Fully configurable based on your needs. Ideal solution for shared hosting services. Ideal solution for forum systems in need of file upload protection. Does NOT require shell access. Does NOT require administrative privileges. CLI mode available (for now, just under Windows, very soon with other OS). Good, strong, stable support base. [hide][Hidden Content]]

Bluffy is a utility which was used in experiments to bypass Anti-Virus products (statically) by formatting shellcode into realistic-looking data formats. So far, we implemented: UUID CLSID SVG CSS CSV [hide][Hidden Content]]

What is phpMussel? An ideal solution for shared hosting environments, where it’s often not possible to utilize or install conventional anti-virus protection solutions, phpMussel is a PHP script designed to detect trojans, viruses, malware and other threats within files uploaded to your system wherever the script is hooked, based on the signatures of ClamAV and others. For information regarding HOW TO INSTALL {2A+2B} and HOW TO USE {3A+3B} phpMussel, please refer either to the Wiki or to the documentation included within the “_docs” directory of this repository. Features: Licensed as GNU General Public License version 2.0 (GPLv2). Easy to install, easy to customize, easy to use. Works for any system with PHP+PCRE installed, regardless of OS (PHP+PCRE required). Fully configurable based on your needs. Ideal solution for shared hosting services. Ideal solution for forum systems in need of file upload protection. Does NOT require shell access. Does NOT require administrative privileges. CLI mode available (for now, just under Windows, very soon with other OS). Good, strong, stable support base. [hide][Hidden Content]]

What is phpMussel? An ideal solution for shared hosting environments, where it’s often not possible to utilize or install conventional anti-virus protection solutions, phpMussel is a PHP script designed to detect trojans, viruses, malware and other threats within files uploaded to your system wherever the script is hooked, based on the signatures of ClamAV and others. For information regarding HOW TO INSTALL {2A+2B} and HOW TO USE {3A+3B} phpMussel, please refer either to the Wiki or to the documentation included within the “_docs” directory of this repository. Features: Licensed as GNU General Public License version 2.0 (GPLv2). Easy to install, easy to customize, easy to use. Works for any system with PHP+PCRE installed, regardless of OS (PHP+PCRE required). Fully configurable based on your needs. Ideal solution for shared hosting services. Ideal solution for forum systems in need of file upload protection. Does NOT require shell access. Does NOT require administrative privileges. CLI mode available (for now, just under Windows, very soon with other OS). Good, strong, stable support base. [hide][Hidden Content]]

RAT-el is an open-source penetration test tool that allows you to take control of a windows machine. It works on the client-server model, the server sends commands and the client executes the commands and sends the result back to the server. The client is completely undetectable by anti-virus software. Features RATelServer: Multiple Connections Broadcast commands to all clients Stores client information in the database Encryption of data on the network via XOR Token management system to identify clients Client: Encryption of data sent over the network Startup persistence Remote command execution via CMD Remote command execution via Powershell Encryption of data on the network via XOR Automatic persistence when running the client Automatic reconnection RATelGenerator: Automatic client compilation [hide][Hidden Content]]

What is phpMussel? An ideal solution for shared hosting environments, where it’s often not possible to utilize or install conventional anti-virus protection solutions, phpMussel is a PHP script designed to detect trojans, viruses, malware and other threats within files uploaded to your system wherever the script is hooked, based on the signatures of ClamAV and others. For information regarding HOW TO INSTALL {2A+2B} and HOW TO USE {3A+3B} phpMussel, please refer either to the Wiki or to the documentation included within the “_docs” directory of this repository. Features: Licensed as GNU General Public License version 2.0 (GPLv2). Easy to install, easy to customize, easy to use. Works for any system with PHP+PCRE installed, regardless of OS (PHP+PCRE required). Fully configurable based on your needs. Ideal solution for shared hosting services. Ideal solution for forum systems in need of file upload protection. Does NOT require shell access. Does NOT require administrative privileges. CLI mode available (for now, just under Windows, very soon with other OS). Good, strong, stable support base. [hide][Hidden Content]]

Bypass anti-virus software lateral movement command execution test tool（No need 445 Port） Introduction: The common WMIEXEC, PSEXEC tool execution command is to create a service or call Win32_Process.create, these methods have been intercepted by Anti-virus software 100%, so we created WMIHACKER (Bypass anti-virus software lateral movement command execution test tool（No need 445 Port）). Main functions: 1. Command execution 2. File upload 3. File download [hide][Hidden Content]]

What is phpMussel? An ideal solution for shared hosting environments, where it’s often not possible to utilize or install conventional anti-virus protection solutions, phpMussel is a PHP script designed to detect trojans, viruses, malware and other threats within files uploaded to your system wherever the script is hooked, based on the signatures of ClamAV and others. For information regarding HOW TO INSTALL {2A+2B} and HOW TO USE {3A+3B} phpMussel, please refer either to the Wiki or to the documentation included within the “_docs” directory of this repository. Features: Licensed as GNU General Public License version 2.0 (GPLv2). Easy to install, easy to customize, easy to use. Works for any system with PHP+PCRE installed, regardless of OS (PHP+PCRE required). Fully configurable based on your needs. Ideal solution for shared hosting services. Ideal solution for forum systems in need of file upload protection. Does NOT require shell access. Does NOT require administrative privileges. CLI mode available (for now, just under Windows, very soon with other OS). Good, strong, stable support base. [hide][Hidden Content]]

What is phpMussel? An ideal solution for shared hosting environments, where it’s often not possible to utilize or install conventional anti-virus protection solutions, phpMussel is a PHP script designed to detect trojans, viruses, malware and other threats within files uploaded to your system wherever the script is hooked, based on the signatures of ClamAV and others. For information regarding HOW TO INSTALL {2A+2B} and HOW TO USE {3A+3B} phpMussel, please refer either to the Wiki or to the documentation included within the “_docs” directory of this repository. Features: Licensed as GNU General Public License version 2.0 (GPLv2). Easy to install, easy to customize, easy to use. Works for any system with PHP+PCRE installed, regardless of OS (PHP+PCRE required). Fully configurable based on your needs. Ideal solution for shared hosting services. Ideal solution for forum systems in need of file upload protection. Does NOT require shell access. Does NOT require administrative privileges. CLI mode available (for now, just under Windows, very soon with other OS). Good, strong, stable support base. Changelog v2.1.4 [2020.06.17; Maikuolan]: Strengthened some guard code (the potential existed for some edge-case errors to occasionally slip through the existing code). [2020.06.19; Bug-fix; Maikuolan]: Logging broken due to missing parameter in the preg_split call in the recently introduced BuildPath closure; Fixed. [HIDE][Hidden Content]]

What is phpMussel? An ideal solution for shared hosting environments, where it’s often not possible to utilize or install conventional anti-virus protection solutions, phpMussel is a PHP script designed to detect trojans, viruses, malware and other threats within files uploaded to your system wherever the script is hooked, based on the signatures of ClamAV and others. For information regarding HOW TO INSTALL {2A+2B} and HOW TO USE {3A+3B} phpMussel, please refer either to the Wiki or to the documentation included within the “_docs” directory of this repository. Features: Licensed as GNU General Public License version 2.0 (GPLv2). Easy to install, easy to customize, easy to use. Works for any system with PHP+PCRE installed, regardless of OS (PHP+PCRE required). Fully configurable based on your needs. Ideal solution for shared hosting services. Ideal solution for forum systems in need of file upload protection. Does NOT require shell access. Does NOT require administrative privileges. CLI mode available (for now, just under Windows, very soon with other OS). Good, strong, stable support base. [HIDE][Hidden Content]]

Xencrypt - A PowerShell Script Anti-Virus Evasion Tool Tired of wasting lots of time obfuscating PowerShell scripts like invoke-mimikatz only to have them get detected anyway? Wouldn't it be awesome if you could take any script and automatically and with almost no effort generate a near-infinite amount of variants in order to defeat signature-based antivirus detection mechanisms? WELL, NOW YOU CAN! For the low low price of free! Xencrypt is a PowerShell crypter that uses AES encryption and Gzip/DEFLATE compression to with every invocation generate a completely unique yet functionally equivalent output script given any input script. It does this by compressing and encrypting the input script and storing this data as a payload in a new script which will unencrypt and decompress the payload before running it. In essence, it is to PowerShell what a PE crypter is. Features Xencrypt: Bypasses AMSI and all modern AVs in use on VirusTotal (as of writing) Compresses and encrypts powershell scripts Has a minimal and often even negative (thanks to the compression) overhead Randomizes variable names to further obfuscate the decrypter stub Randomizes encryption, compression and even the order that the statements appear in the code for maximum entropy! Super easy to modify to create your own crypter variant Supports recursive layering (crypter crypting the crypted output), tested up to 500 layers. Supports Import-Module as well as standard running as long as the input script also supported it GPLv3 -- Free and open-source! All features in a single file so you can take it with you anywhere! Is despite all of the above not a silver bullet for every configuration -- caveat emptor! [HIDE][Hidden Content]]

Avast Anti-Virus versions prior to 19.1.2360 suffer from a local credential disclosure vulnerability. View the full article

Demo: Demo [HIDE][Hidden Content]]