在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
开源软件名称(OpenSource Name):rek7/fireELF开源软件地址(OpenSource Url):https://github.com/rek7/fireELF开源编程语言(OpenSource Language):Python 100.0%开源软件介绍(OpenSource Introduction):fireELFfireELF is a opensource fileless linux malware framework thats crossplatform and allows users to easily create and manage payloads. By default is comes with 'memfd_create' which is a new way to run linux elf executables completely from memory, without having the binary touch the harddrive. ScreenshotsFeatures
Included payload memfd_createThe only included payload 'memfd_create' is based on the research of Stuart, this payload creates an anonymous file descriptor in memory it then uses fexecve to execute the binary directly from the file descriptor. This allows for the execution completely in memory which means that if the linux system gets restarted, the payload will be no where to be found. Creating a PayloadBy default fireELF comes with 'memfd_create' but users can develop their own payloads. By default the payloads are stored in payloads/ and in order to create a valid payload you simply need to include a dictonary named 'desc' with the parameters 'name', 'description', 'archs', and 'python_vers'. An example desc dictonary is below: desc = {"name" : "test payload", "description" : "new memory injection or fileless elf payload", "archs" : "all", "python_vers" : ">2.5"} In addition to the 'desc' dictonary the entry point the plugin engine i built uses requires a main function which will automatically get passed two parameters, one is a boolean that if its true it means its getting passed a url the second parameter it gets passed is the data. An example of a simple entry point is below: def main(is_url, url_or_payload):
return If you have a method feel free to commit a payload! InstallationDownload the dependencies by running:
fireELF is developed in Python 3.x.x Usage
|
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论